[OpenAFS-devel] openafs - proposed cache security improvement

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 27 Mar 2007 23:09:07 -0400


On Tuesday, March 27, 2007 10:59:34 PM -0400 Jeffrey Hutzelman 
<jhutz@cmu.edu> wrote:

>
>
> On Friday, March 23, 2007 10:21:48 AM -0400 Jeffrey Altman
> <jaltman@secure-endpoints.com> wrote:
>
>> Jim Rees wrote:
>>> Before looking at solutions I think it would be a good idea to look at
>>> the requirements.
>>
>> The group that developed the rxgk proposal spent a long time looking at
>> the security requirements for AFS.
>>
>>   http://www.afsig.se/afsig/space/rxgk-hackathon-2007/outline-rxgk.pdf
>>
>> I'm posting the document instead of transcribing the text because the
>> contents are color coded to indicate what can be fixed and what cannot
>> be.
>>
>> The rest of the rxgk content can be obtained from
>>
>>   http://www.afsig.se/afsig/space/rxgk-hackathon-2007
>
>
> Incidentally, the particular problem Marcus posits here is one we
> considered, and for which rxgk has an obvious solution in the form of its
> combine-tokens operation.  I do not think it would be appropriate at this
> point in time to attempt to add this functionality to rxkad.

Oh, BTW, this approach lends itself quite easily to situations in which the 
individual client hosts do not have keys, by giving the server a public key 
and authenticating rxgk token establishment with PKU2U instead of GSS-krb5.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA