Port 370: CodaAuth2 — The Authentication Gateway for Disconnected Computing

Port 370 (both TCP and UDP) carries codaauth2, the authentication service for the Coda distributed file system. This port exists because researchers at Carnegie Mellon University asked a question in 1987 that changed how we think about distributed computing: what if your computer loses its network connection?

What Runs on Port 370

Port 370 is the authentication gateway for Coda, a distributed file system that descended from the Andrew File System (AFS). When a Coda client needs to access files on a Coda server, it first establishes trust through port 370.¹

The authentication protocol is a variant of the Needham-Schroeder protocol, generating a shared session key between client and server.² This handshake happens on port 370 before any file access begins.

The Problem It Solves

In 1987, Mahadev Satyanarayanan at Carnegie Mellon began work on Coda to address a fundamental limitation of AFS: what happens when the network connection fails?³

Traditional distributed file systems assumed the network would stay connected. Lose the connection, lose access to your files. Coda took a different approach: it keeps a local cache of your files and lets you keep working even when the network disappears.⁴

Port 370 is how that trust gets established. Before your laptop can cache files and work offline, the authentication server on port 370 needs to verify you're allowed to access those files.

How Coda Authentication Works

The codaauth2 service on port 370 uses secret-key cryptography to create a secure channel between client and server. The process:

1. Client contacts authentication server on port 370
2. Server verifies credentials (supports tokens, Kerberos 4/5, or username authentication)⁵
3. A shared session key is generated using the Needham-Schroeder protocol
4. This key allows secure communication with file servers on other ports

The authentication is based on principles described in Satyanarayanan's 1989 paper "Integrating Security in a Large Distributed System."⁶

The Coda Port Family

Port 370 is part of a constellation of ports allocated to Coda:⁷

• Port 369: RPC2 portmapper (Coda's RPC service registry)
• Port 370: codaauth2 (authentication server)
• Port 2430: Venus (client callback interface)
• Port 2431: Venus-SE (client TCP/UDP side effects)
• Port 2432: CodaSRV (file server)
• Port 2433: CodaSRV-SE (server TCP/UDP side effects)

Port 370 is the trust anchor. Without authentication here, the other services won't talk to you.

Why This Port Matters

Coda pioneered disconnected operation in distributed file systems. Your laptop caches files, the network drops, you keep working. When the connection returns, Coda synchronizes your changes. This pattern is everywhere now—cloud sync services, mobile apps, collaborative editing tools.

Port 370 received the ACM SIGOPS Hall of Fame Award in 2015 and the inaugural ACM SIGMOBILE Test-of-Time Award in 2016.⁸ The work that flows through this port fundamentally changed how we build distributed systems.

Coda was open-sourced in the mid-1990s and remains functional today, still using port 370 for authentication.⁸

Security Considerations

Port 370 carries authentication credentials, making it a sensitive service. The protocol uses encryption to protect the session key exchange, but like any authentication service, it should be protected:

• Don't expose port 370 to the public Internet unless necessary
• Use firewalls to restrict access to trusted networks
• Monitor authentication attempts for suspicious patterns
• Keep Coda authentication servers updated with security patches

Port 370 has been historically associated with trojan activity (BackWeb was mentioned in older databases), though this was malware misusing the port rather than a vulnerability in Coda itself.⁹

Checking What's Listening

To see if something is listening on port 370:

Linux/Mac:

sudo lsof -i :370
# or
sudo netstat -tulpn | grep :370

Windows:

netstat -ano | findstr :370

If you're running a Coda authentication server, you'll see the codaauth2 daemon. If you see something else, investigate.

The Well-Known Ports Range

Port 370 sits in the well-known ports range (0-1023), also called system ports. IANA assigns these ports to foundational services. On Unix-like systems, binding to these ports typically requires root privileges.

The well-known range represents the Internet's core services. Port 370's presence here reflects Coda's historical importance in distributed systems research.

Related Ports

• Port 369 (RPC2 Portmap): Coda's RPC service registry
• Port 2432 (CodaSRV): Coda file server
• Port 2049 (NFS): Another distributed file system protocol
• Port 445 (SMB): Windows file sharing protocol