AFS and tokenforwarding

Serge Droz serge.droz at
Fri Oct 5 06:59:38 EST 2001

> If the token is forwarded before authentication then you don't know if
> the server is really who you think it is, so you might be forwarding
> your token to an impostor. Ooops.
Now what do you mean by that?
The server is authenticated (vi the server key) before the token is
You can't do any better (at least in ssh1). 
If I can fake that, then I can always authenticate a user by his
(Just accept anything). 
And now I just accept the token. 
What is teh point of tokenpassing under AFS? If I have to use my afs
password, I'll get a tokem anyway, so I won't need to pass one. 
So what is it I don't see?
> > 2) This changes an established bahvior which will confuse users.
> >
> > So what will happen here? Could this maybe become an option in the
> > sshd_config?
> > As I mentiond, we need this feature here, and I'd hate to have to have
> > my own ssh version.
> Perhaps there should be an option to specify a location for users' .ssh
> dirs. Kinda like sendmail has an option to specify where .forward files
> live, and for much the same reasons.
You can set the acl's under afs to world readable, so sshd can read the
authorized hosts file. This is not really recomended practice though. 
The point is, that under afs not even root can read your files (in fact
root is treated just like any other user). 


Serge Droz
Paul Scherrer Institut                mailto:serge.droz at
CH-5232 Villigen PSI                   Phone: ++41 56 310 3637

More information about the openssh-unix-dev mailing list