Akenti Client and Server Interface
Security Hompage
![]() ![]() ![]() ![]() ![]() |
The Akenti server is a standalone server that accepts requests to authorize actions on a resource or to remove cached certificates. The server currently communicates through a simple message protocol, SATP (Secure Akenti Transport Protocol), which either works on top of SSL or in an inscecure mode over TCP. The code is designed to to be able to support other protocols in future. When run in secure mode the server requires client side authentication provided by a valid client certificate that is signed by one of the Certificate Authorities trusted by the server.
Currently, Akenti Server accepts two kinds of requests.
Requests to flush certificates will only be honored if they come from the issuer of the certificate. Upon receiving requests, the server invokes the appropriate service and returns a response to the client. The response consists of the status of the request which is accompanied by a set of attribute,value pairs that answers the client's request.
Usage
All the arguments have default values which are indicated within the brackets.
akentiServer - conf <confFile> [-port <port>] [-secure -sport <port>] [-help]
confFile - Akenti server configuration file [./Akenti.conf]
port - Port at which the insecure server listens [8440]
secure - Start the secure server [default starts as insecure]
sport - Port at which the secure server listens [8443]
help - help message
Akenti Server Status codes
The Akenti client communicates with the Akenti standalone server through SATP (Secure Akenti Transport Protocol) that operates on top of SSL or TCP. If the client is talking to the secure sever, it is required to produce a valid identity certificate.
Currently, the Akenti Client supports two types of requests.
The request for access rights returns a status and a capability certificate if the client is authorized to access the resource.
Usage
akentiClient -secure -host <host> -port <port>
-cert <clientCert> -key <privKey>
-cafile <caCert> -capath <cadirs>
-action [CheckAccess | CacheFlush]
-resource <resourceName>
-akenticert <akentiCert> -help
(Some of the arguments have default values which are shown in brackets)
secure - access the secure server
host - Akenti Standalone Server to be contacted [localhost]
port - Port at which the Server listens [8443]
clientCert - Client's X509 Certificate [./client.cert]
privKey - Client's private Key [./client.key]
cafile - CA Certificate that client accepts [./ca.pem]
capath - directory of CA Certificates that client accepts [./]
action - CheckAccess | CacheFlush
resourceName - Resource to be accessed
akentiCert - Akenti certificate filename to be flushed
help - help message
Example:
Request Messages
In a request message the protocol is followed by
attribute value pairs separated by '@'. The character '^'
separates an attribute from its value. The spaces are replaced by
'\\' and the newlines are replaced by '!'.
The attribute values are:
Example: SATP/1.0<space> Command^CheckAccess@SubjectDN^/C=US/O=LBL/OU=Test\\Unit/CN=Tester@CaDN^ /C=US/O=LBL/OU=CAs/CN=Test\\CA@Resource^FOOBAR
Response Message
In a request message the protocol is followed by
attribute value pairs separated by '$'. The character '%'
separates an attribute from its value. The spaces are replaced by
'\\' and the newlines are replaced by '!'.
The attribute values are:
Example:
SATP/1.0<space>
Status%200\\OK$Access\\Rights%read,execute$Capability\\Certificate%-----BEGIN\\AKENTI\\CAPABILITY\\CERTIFICATE-----\MIIC1jCCAj+gA (...)DQTAeFw05OTA-----END\\AKENTI\\CAPABILITY\\CERTIFICATE.