AFS and tokenforwarding

Serge Droz serge.droz at
Thu Oct 4 22:31:29 EST 2001

Markus Friedl wrote:
> On Thu, Oct 04, 2001 at 10:34:58AM +0200, Bjoern Groenvall wrote:
> > Don't think I ever said that. However, as I said in my letter one must
> > be a bit careful with ownership management of the forwarded
> > tickets. That should be simple to verify though.
> currently, i agree with Dug Song that the token should not be accpeted
> by the server before client and server have authenticated each other.
> this is why token handling was moved from auth1.c to session.c
> when Dug imported Kerb5 to OpenSSH.
> -m

This seems to be a matter of philosophy here. 
For us it's important that people can use PKA in an AFS environment. 
Why was this decission taken?
1) Maybe I missunderstand something here. What's the problem if a token
forwarded before the user is authenticicated? At the time the tokens
gets passed the data stream is encrypted. So there is no danger of
leaking a token. And if a user can create fake tokens and manipiulate
the public keys on the rompte system he's probably god or somthing, i.e.
you have a much bigger problem anyway.

2) This changes an established bahvior which will confuse users.

So what will happen here? Could this maybe become an option in the
As I mentiond, we need this feature here, and I'd hate to have to have
my own ssh version.


Serge Droz
Paul Scherrer Institut                mailto:serge.droz at
CH-5232 Villigen PSI                   Phone: ++41 56 310 3637

More information about the openssh-unix-dev mailing list