[OpenAFS-devel] openafs - proposed cache security improvement
Sean O'Malley
omalleys@msu.edu
Wed, 28 Mar 2007 23:39:02 -0400 (EDT)
On Tue, 27 Mar 2007, Jeffrey Hutzelman wrote:
> >>> the requirements.
> >>
> >> The group that developed the rxgk proposal spent a long time looking at
> >> the security requirements for AFS.
> >>
> >> http://www.afsig.se/afsig/space/rxgk-hackathon-2007/outline-rxgk.pdf
> >>
> >> I'm posting the document instead of transcribing the text because the
> >> contents are color coded to indicate what can be fixed and what cannot
> >> be.
> >>
> >> The rest of the rxgk content can be obtained from
> >>
> >> http://www.afsig.se/afsig/space/rxgk-hackathon-2007
> >
> >
> > Incidentally, the particular problem Marcus posits here is one we
> > considered, and for which rxgk has an obvious solution in the form of its
> > combine-tokens operation. I do not think it would be appropriate at this
> > point in time to attempt to add this functionality to rxkad.
>
> Oh, BTW, this approach lends itself quite easily to situations in which the
> individual client hosts do not have keys, by giving the server a public key
> and authenticating rxgk token establishment with PKU2U instead of GSS-krb5.
Not to be an ass, but can we post this to our wiki? (i didnt see it.)
Our project LOOKS dead. New info is needed and this could generate a
little bit of interest if just for the sake of keeping appearances.
*shrugs*
--------------------------------------
Sean O'Malley, Information Technologist
Michigan State University
-------------------------------------