[OpenAFS] Separating AFS tokens generation from Authenticatio n
Douglas E. Engert
deengert@anl.gov
Wed, 10 Oct 2001 13:46:14 -0500
Ken Hornstein wrote:
>
> >> Then again, I'd also like to see each AFS server have its own key
> >> instead of using a single shared key across all servers in a cell.
> >
> >Another nice idea, but then you get into what DFS had to do, in effect
> >getting a separate ticket for each server. This required a TGT.
> >
> >The beauty of AFS today, is its simplicity. A token per cell.
>
> But unfortunately, this is also one of AFS's biggest weakenesses in the
> security arena.
Well, maybe, maybe not. It depends what you want to do. If you want to
assign different servers to different sysadmins, and maybe assign
different volumes to these servers based on some security policy, then yes
you would need a key per server then in effect a token per server.
This is what DFS did.
But if you are willing to treat all the servers in the cell the same,
administered by the same admins, then you could use a single key for the cell.
If you had different security policies for different volumes. You could also
have separate cells too.
I am not saying seperate tokens for seperate servers is not a good thing,
but the complexity of the system goes up too.
We had DFS, and although the need for different tickets for different
servers was not a real problem, DFS was. Be careful of what you ask for.
>
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444