AFS and tokenforwarding
Serge Droz
serge.droz at psi.ch
Thu Oct 4 22:31:29 EST 2001
Markus Friedl wrote:
>
> On Thu, Oct 04, 2001 at 10:34:58AM +0200, Bjoern Groenvall wrote:
> > Don't think I ever said that. However, as I said in my letter one must
> > be a bit careful with ownership management of the forwarded
> > tickets. That should be simple to verify though.
>
> currently, i agree with Dug Song that the token should not be accpeted
> by the server before client and server have authenticated each other.
>
> this is why token handling was moved from auth1.c to session.c
> when Dug imported Kerb5 to OpenSSH.
>
> -m
This seems to be a matter of philosophy here.
For us it's important that people can use PKA in an AFS environment.
Why was this decission taken?
1) Maybe I missunderstand something here. What's the problem if a token
get's
forwarded before the user is authenticicated? At the time the tokens
gets passed the data stream is encrypted. So there is no danger of
leaking a token. And if a user can create fake tokens and manipiulate
the public keys on the rompte system he's probably god or somthing, i.e.
you have a much bigger problem anyway.
2) This changes an established bahvior which will confuse users.
So what will happen here? Could this maybe become an option in the
sshd_config?
As I mentiond, we need this feature here, and I'd hate to have to have
my own ssh version.
Serge
--
Serge Droz
Paul Scherrer Institut mailto:serge.droz at psi.ch
CH-5232 Villigen PSI Phone: ++41 56 310 3637
More information about the openssh-unix-dev
mailing list