[OpenAFS] non-kerberos authentication mechanisms for afs?
Adam Megacz
megacz@cs.berkeley.edu
Sat, 19 Mar 2005 00:42:44 -0800
My only gripe with Kerberos is that two non-admin users can't set up a
trust/permissions relationship without involving their kerberos admins
(ie adding principals), or having a kerberos server in the first
place. Sometimes the former just isn't possible (paranoid sysadmins
won't create principals because they think it's a "security risk").
What I'd like to do is create some ugly hack that allows you to use an
OpenPGP key fingerprint in an ACL. For example:
$ fs sa somedir 5C9FF366C9CF2145E770B1B8EFB1462DA146C380 rlw
For brevity, you could create a group with a shorter name ("adam") and
then add the user "5C9FF366C9CF2145E770B1B8EFB1462DA146C380" to that
group. Then you could use "adam" in acls all over the place.
Integration with the PGP Web Of Trust opens up even more interesting
possibilities.
The goal here is to have a single, worldwide namespace (openpgp
fingerprints) for authentication the same way we have a single,
worldwide namespace for file paths (/afs).
Clearly this would require a lot of changes on both the client and
server side. I'm wondering if it's easier to set up a "kerberos to
pgp proxy" that will pretend to have an instance for any keyprint you
choose, and will issue you a tgt if you can prove that you hold the
private key. Then it would just be a matter of writing this "fake
kerberos server".
Am I completely crazy?
- a