AFS and tokenforwarding

Nicolas Williams Nicolas.Williams at
Fri Oct 5 05:53:49 EST 2001

On Thu, Oct 04, 2001 at 09:43:29PM +0200, Bjoern Groenvall wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
> Nicolas> I was thinking that AFS token passing would be mixed with
> Nicolas> Kerberos network authentication. If it's Kerberos V then I'd
> Nicolas> expect mutual auth to be used.
> Yes, kerberos mutual authentication is used, however it is used the
> wrong way. A masquerading server can use the real server as an
> oracle. Thus mutual authentication is used, but it does not really
> provide any mutual authentication.

??? How? In Kerberos V I don't see how.

> Nicolas> Then again, I've ever used SSHv1 with Kerberos -- only SSHv2
> Nicolas> with GSS/Kerberos (thanks to Simon Wilkinson's patches) and
> Nicolas> SSH w/ GSS *does* require mutual authentication.
> Hopefully this is done right in v2, I don't enough about v2 though.
> Nicolas> So how will you make AFS token passing in SSHv2?
> I don't really now enough about the details of v2 authentication and
> session key generation. In theory, it should be possible to pass the
> token (encrypted) along with the authentication information in such a
> format so that only a legitimate server can unpack the token. If this
> matches the v2 model, I simply don't know.

There's two competing SSH/GSS proposals. The better one (IMHO) is
implemented by patches posted here (*). GSS-API is used, which means,
for Kerberos, that the AP_REQ and KRB_CREDS are sent together on the
first token, but the KRB_CREDS are sent doubly encrypted in the
authenticator checksum field (a gross network optimization hack --
sigh). The patches I'm referring to require mutual authentication.
Session key generation can be done in either of two ways: GSS-protected
Diffie-Hellman exchange (which eschews the SSH host keys) or SSHv2 host
key based session key generation and SSH-protected GSS exchange.


> Cheers,
> Björn


-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the openssh-unix-dev mailing list