[OpenAFS] Re: twiki vandalized

[Jeffrey Hutzelman]

On Monday, February 28, 2005 17:45:08 -0500 Derrick J Brashear 
<shadow@dementia.org> wrote:

> So not that I have time to work on it now, and really we should get a
> sysadmin for openafs to do this, but it would be nice to

> 1) require registration to edit the wiki

We did this a while ago for the AFSLore web, and sometime in the last 
couple of weeks for the other webs.  Unfortunately, the wiki spammers are 
smarter than that, and actually register themselves as bogus users.  I 
think any more of a solution will require either manual vetting of user 
registrations or a mechanism that deviates enough from normal practice that 
the automated spamming tools won't be able to figure it out.

> 2) have a kerberos realm or realms and use kerberized http to allow you
> to log in to the wiki, rt, and to accounts on the test host pool (which
> due to its diversity will be harder)

Actually, both RT and the Wiki are hosted by grand.central.org, which 
already has a Kerberos realm.  We haven't made it useful for those services 
because there's no point until we have a useful way to register users, and 
there are a variety of issues there that haven't been worked out yet.

> 3) then either through crossrealm
> key exchange or something like cacert allow people to create themselves
> in our realm

Yes, there are a number of possibilities in that space.  I'm not going to 
discuss them in this forum, but suffice it to say there are a number of 
design and policy issues to be worked out.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   GRAND.CENTRAL.ORG/OpenAFS.ORG postmaster, webmaster, etc
   Carnegie Mellon University - Pittsburgh, PA