[OpenAFS-devel] Re: openafs - proposed cache security improvement

Sean O'Malley omalleys@msu.edu
Tue, 27 Mar 2007 08:27:57 -0400 (EDT) 

On Mon, 26 Mar 2007, Marcus Watts wrote:

> In this case, spoofed servers.  Regular kerberos works because
> it's not protecting a shared resource.  In this case, there's
> a shared resource involved, so there needs to be something extra.
> I hope you have your kerberos servers & file servers straight
> in your head.

I have that straight I didnt have your proposal straight, because I
was trying to twist it so it could with clients detached from the network
at midnight which is always a fuzzy time. :) I am also very loosely using
terminology which is confusing especially to programmers. =)

I was just kind of wondering is if you could use the shared key, to
encrypt a file which stores a "master key", that could be used to "verify"
credentials locally for the local user, which would probably be encrypted
with a combination of the master key and the shared key. IF they have been
previously authenicated which they have to do in order to create a "cache"
of their actual files they wish to take with them. Their "cache"  could be
accessed using a combination of the host shared key, and their password
which would decrypt their "filesystem" (more like a loopback mounted
filesystem.). Upon reconnection to the network they would have to
authenicate once using the fake stored creds to verify their
creds were actually legit, and once using their real creds to the actual
server to get a regular connection, and to sync their "cache" with the
fileservers.

I was also thinking that you could hack kaserver to store client keys,
and transport encryption keys. It could store the client public user key
to match it with the host key and an encryption key. (and of course put a
TTL on those keys so they can be cleaned up periodically, and for
security.) Which does require another server, but kaserver would
just need to be modified. (well okay, it probably needs to be completely
overhauled, but not for a prototype.)

Thus I have offered more confusion. :)


--------------------------------------
  Sean O'Malley, Information Technologist
  Michigan State University
-------------------------------------