[OpenAFS-devel] How can this happen, and how can I fix it...
Robertson, Jason V
jason.v.robertson@intel.com
Thu, 28 Jun 2001 09:09:40 -0700
Nathan - the server sends the client an RSA public key - the client encrypts
the password with the public key and sends it to the server, which then
decrypts it. There is a trust issue, but in this environment that's not a
problem. So we just have the server generate the RSA keypair at startup. I
used the OpenSSL library for this.
Jason
-----Original Message-----
From: Nathan Neulinger [mailto:nneul@umr.edu]
Sent: Wednesday, June 27, 2001 5:39 PM
To: Robertson, Jason V
Cc: 'openafs-devel@openafs.org'
Subject: Re: [OpenAFS-devel] How can this happen, and how can I fix
it...
"Robertson, Jason V" wrote:
> I've written an RPC service extension to Samba that allows you to klog
> through a GUI interface from Windows. It works fine, but for one odd
quirk
> - WTS
> machines use one process, so user's seem to be able to "see" (_but_!! not
> use !!) other users' tokens.
I assume you are doing klog/krb stuff alongside the samba connection so
that the plaintext password or token is not passed cleartext over the
samba connection? If so, how are you authenticating the initial samba
connection, and what mechanism are you using to transmit the
token/ticket? If you're just sending the ticket directly over RPC that
really isn't gaining you much over sending the password clear.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216