[OpenAFS] AuthServer.Admin: What is the purpose of, and what
should the setting be?
Ted Anderson
TedAnderson@mindspring.com
Tue, 13 Jan 2004 07:34:18 -0500
On 12/23/2003 10:54, Dave Blakemore wrote:
> Could someone explain in general terms, what the purpose is for the
> AuthServer.Admin id, and what the setting should/need to be, as in what
> would: kas e AuthServer.Admin normally return?
The AuthServer.Admin identity has basically two roles: it is repository
of the kaservers master key and it is the service used for
administrative operations on the kaserver. The master key is really
just used to generate random numbers used by the server, e.g. for
generating session keys. An AuthServer.Admin service ticket is used by
the kas command when performing its operations. It is a bit of a
security flaw to be giving out samples of ciphertext (i.e. admim service
tickets) using the same key that is used to generate session keys.
However, the kaserver changes this key automatically using fairly good
sources of random numbers so the risk is very small.
The AuthServer.Admin settings are unlikely to need adjustment. The
usual settings affecting the role of any service principal apply as
normal, except its password cannot be changed.
Hope This Helps,
Ted Anderson