Introduction

QCMD is intended as an access control manager for the ABONE. At the current time access control through a list in a file that are mirrored over the network.

Architecture

QCMD uses a simple client-server architecture to mirror files located at the server site onto client sites. The mirroring is accomplished using one of two alternative protocols, push and pull.

The Pull Protocol

In this protocol, the client maintains a hash of the file being mirrored. Periodically, it sends requests to the server, asking if the file in question had changed (a change is established through a change in the hash). The server reponds with either the new version of the file, or a no change message. A nonce together with a timestamp are used to prevent replay of messages.

The Push Protocol

In this protocol, the client registers with the server to receive updates of the file being mirrored. The server then sends the latest version of the file as soon as change happens. Again, a nonce and timestamp are part of the message.

After a period of time (the default is a week) the server stops sending update messages to the client. The client must resend a RegisterMe message again.

Note: the push protocol is currently being revised to work with TCP connections.

The distribution

The distribution (consisting of binaries for each of the supported OS, installed at SRI's code server) includes three binaries. The way to start up the programs is to load the binaries onto an anetd through the aload command; refer to the anetd documentation for instructions on how to use the aload command.

qcmdServer

As the name implies, this binary implements the QCMD server. The following options are supported:

• -log [file] Write a log to [file].
• -logsize [s] The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
• -port [p] Specify local port number (default=3322).
• -config [file] Specify configuration file (default=qcmdserver.config).
• -window [seconds] acceptable message time window (default=600).
• -localaddr [IP addr] local IP address (usually this is found automatically). The server will try to find the local IP address automatically. This works in most cases. If it doesn't you will have to specify the IP address.
• -expirereg [n] push clients must re-register after n seconds (default=604800). The server ignores registered clients after a time period has passed. This ensures that a server doesn't keep sending to clients long after they have died. A client must re-register with a server once the old registration has expired.
• -version Prints the version and then exits.

The server program uses a 512 bit RSAREF keypair to communicate with the clients. This key can be generated with any standard RSAREF key generation program. The program expects to find the keypair in HOME/qcmd/public_key and HOME/qcmd/private_key.

The server gets it's configuration info from a config file. The config file that gets distributed (`qcmdserver.config') contains one line:

hosts = ACLfile "hosts.allow.txt"

The "hosts.allow.txt" is the name of the ACL file that the server distributes. This can be changed if you want the server to distribute some other file. For example:

hosts = ACLfile "my.allow.txt"

would make the server mirror a file called "my.allow.txt".

qcmdClient

This binary implements the pull client. The following options are supported:

• -log [file] Write a log to [file].
• -logsize [s] The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
• -notanetd Don't behave as a child of the Anetd process - the parent process won't be notified when the ACL changes. Usually the client sends a SIGHUP signal to the parent process when a new ACL is downloaded. This can be annoying if you are debugging and the parent process is a terminal instead of an ANETD process. This option turns off the signal.
• -server [hostname] Use [hostname] as the server (default=saul.cis.upenn.edu).
• -serverkey [key] Specify public key of server (default=0XWNcYd8zkcfbWER+nHteWMlCPU9NtMYR8Uw3SL7EQRwF3GAEx2KpZjP6ynGohyB+D/pQytou9S1ydwg2eXzvQEAAQ==).
• -serverport [p] Specify port of server (default=3322).
• -window [seconds] acceptable message time window (default=600).
• -refresh [n] - refresh ACL every [n] seconds (default=60).
• -localacl [filename] name of local copy of ACL (default=HOME/.anetd/hosts.allow)
• -version Prints the version and then exits.

pushClient

This binary implements the push client. The following options are supported:

• -log [file] Write a log to [file].
• -logsize [s] The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
• -anet Switch between independent(default) and anetd attached operation.
• -anetdport [p] Speicfy port number of attached anetd process (default=3322).
• -port [p] Specify local port number (default=3322).
• -server [hostname] Use [hostname] as the server (default=saul.cis.upenn.edu).
• -serverkey [key] Specify public key of server (default=0XWNcYd8zkcfbWER+nHteWMlCPU9NtMYR8Uw3SL7EQRwF3GAEx2KpZjP6ynGohyB+D/pQytou9S1ydwg2eXzvQEAAQ==).
• -serverport [p] Specify port of server (default=3322).
• -window [seconds] acceptable message time window (default=600).
• -expirereg [seconds] Sets the time in seconds between re-registering with the server (default=604800). The server deletes registrations periodically. The client must resend the RegisterMe message. This option lets you specify how often the client resends this message.
• -localacl [filename] name of local copy of ACL (default=HOME/.anetd/hosts.allow). The information sent by the server will be stored in this file.
• -version Prints the version and then exits.

Common commmand line options

This section explains some of the options which are common to all three qcmd executables.

• -logsize [bytes] The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)

  The QCMD logs can get large pretty quickly. This option lets you limit the size of the logfile. When the log gets larger than the maximum size it gets copied into a file logfile .old (deleting any previous logfile .old file) and a new log is started.

• -window [seconds] acceptable message time window (default=600).

  When qcmd processes communicate each message gets stamped with the current time. Qcmd processes refuse to respond to messages which are too old (this stops adversaries from corrupting the ACL by resending old messages). The window option specifies the maximum age (positive or negative) a message can be and still be accepted by the qcmd process.

About this document ...

This document was generated using the LaTeX2HTML translator Version 97.1 (release) (July 13th, 1997)

Copyright © 1993, 1994, 1995, 1996, 1997, Nikos Drakos, Computer Based Learning Unit, University of Leeds.

The command line arguments were:
latex2html -t QCMD manual -split +0 -no_navigation manual.

The translation was initiated by Michael McDougall on 5/8/2000