AFS and tokenforwarding

Nicolas Williams Nicolas.Williams at
Thu Oct 4 23:22:23 EST 2001

On Thu, Oct 04, 2001 at 02:31:29PM +0200, Serge Droz wrote:
> Markus Friedl wrote:


> > currently, i agree with Dug Song that the token should not be accpeted
> > by the server before client and server have authenticated each other.


> > -m
> This seems to be a matter of philosophy here. 
> For us it's important that people can use PKA in an AFS environment. 
> Why was this decission taken?
> 1) Maybe I missunderstand something here. What's the problem if a token
> get's 
> forwarded before the user is authenticicated? At the time the tokens
> gets passed the data stream is encrypted. So there is no danger of
> leaking a token. And if a user can create fake tokens and manipiulate
> the public keys on the rompte system he's probably god or somthing, i.e.
> you have a much bigger problem anyway.

If the token is forwarded before authentication then you don't know if
the server is really who you think it is, so you might be forwarding
your token to an impostor. Ooops.

> 2) This changes an established bahvior which will confuse users.
> So what will happen here? Could this maybe become an option in the
> sshd_config?
> As I mentiond, we need this feature here, and I'd hate to have to have
> my own ssh version.

Perhaps there should be an option to specify a location for users' .ssh
dirs. Kinda like sendmail has an option to specify where .forward files
live, and for much the same reasons.

> Serge
> -- 
> Serge Droz
> Paul Scherrer Institut                mailto:serge.droz at
> CH-5232 Villigen PSI                   Phone: ++41 56 310 3637

-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the openssh-unix-dev mailing list