[OpenAFS-devel] openafs - proposed cache security improvement
Jim Rees
rees@umich.edu
Fri, 23 Mar 2007 09:38:41 -0500
Robert Banz wrote:
So, you're going to issue client credentials to all of your AFS clients?
That's one way to do it. Many clients already have a host keytab, used by
ssh for gss ticket passing for example. Also used by nfs for exactly the
same purpose we are considering.
Another way to do it is to publish a server public key. I don't like this
much but it would work.
If you decide that authenticating the server is too hard, then you're back
to where we are today. I don't see any way around that.