[OpenAFS] standard question

Derek Atkins warlord@MIT.EDU
05 Feb 2001 11:38:56 -0500

Benjamin Gutierrez <benjamin@cypher.matem.unam.mx> writes:

> Hello..
> i would like to ask you the following: (under linux rh 6.2 and 7.0)
> 1. i asumme openafs uses kerberos authentification, as usual. Does
> kerberos support openssh?

Yes, AFS uses Kerberos (v4) authentication.  Kerberos knows nothing
about SSH.

> 2. is it possible to use kerberos and nfs and openssh?

Sure, except there really isn't a kerberized NFS.  NFS will still be

> 3. Using kerberos from the openafs implies that the info between the
> server and client is encrypted or just the authentication is strong?

By default AFS provides strong authentication.  As of OpenAFS 1.0.2
you can set a flag in the client to encrypt the filesystem data,
although the encryption is still relatively weak (it uses fcrypt).
Mostly this option will protect you from casual eavesdropping.  It
will not protect you against someone who wants to read your data, as
fcrypt isn't very strong.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available