[OpenAFS-devel] openafs - proposed cache security improvement
Jim Rees
rees@umich.edu
Fri, 23 Mar 2007 08:36:03 -0500
Before looking at solutions I think it would be a good idea to look at the
requirements. Here are the ones I can think of:
1. Client must have a secure connection to the server even for what are now
unathenticated connections
2. Client must be able to authenticate the server
3. It would be nice if this could be done with Kerberos rather than making
afs depend on something else, like openssl and a public key infrastructure
4. No special configuration required on the client
I think we agree on 1, I'm not sure about 2 but I think it's obviously a
good idea, and we disagree on 3. We agree on 4 but you give it a higher
priority than I do. I'd like to hear other peoples' opinions.