[AFS3-std] file servers, uuids, and GSS identities
Simon Wilkinson
simon@sxw.org.uk
Thu, 14 Feb 2013 22:30:40 +0000
On 14 Feb 2013, at 22:15, Benjamin Kaduk wrote:
> jhutz notes that in order to go from the nonce returned by =
VL_RegisterAddrsAndKey to an actual key, the caller of the RPC needs to =
perform PRF+ with the master key (K0) of the token of the connection and =
the two nonces. The other uses of PRF+ are in key derivation for packet =
processing and for token combination; the key itself need not be exposed =
to security object consumers otherwise. Using a separate utility to =
register a new fileserver and key would preserver this property, which =
is probably useful.
I'm not sure how it being a separate utility, versus the fileserver, =
helps you here. Whatever happens, the rxgk library needs to provide =
either a means of getting K0 for a particular connection, or of =
performing the a PRF+ operation using a particular set of inputs against =
a connection's key. Changing the caller from a bit of the fileserver, to =
a standalone utility doesn't change the need to export that information.
Cheers,
Simon