[OpenAFS] afs authentication

[Derrick J Brashear]

On Mon, 19 Aug 2002, Christopher A. Petro wrote:

> I recall being pretty impressed with AFS authentication back in 1993.  It
> doesn't seem quite as spiffy anymore, though.  The last few messages about
> a 3DES key breaking it 

Breaking the Heimdal tools for working with it. Not the same.

>  * It's DES.  I can capture any two packets in a row from the client/AS
>    handshake and brute-force the password hash in no time.  That's all
>    I would need to get in using a modified klog, and getting the actual
>    password from it wouldn't be difficult either.  I love the following
>    bit from the Authentication Server Spec: "It is implicitly assumed
>    that anyone prepared to do a serious cryptographic attack on DES
>    encrypted data in this system can have whatever he or she can get.
>    Any data so sensitive that this might be a problem should be subject
>    to additonal safety measures.  No such data should be stored in the
>    Andrew File System."  I don't know about you, but I think my _spam_
>    deserves more protection than DES. :)

Yup. (Sort of. The rpc encryption uses fcrypt and not DES. Not any
better.)

>  * It's password-based.  A lot boredom.org users log on from untrusted
>    machines such as .edu lab machines, public clusters, etc. where they
>    have to assume that there's a keysniffer running.  In the past we have
>    always solved this using S/KEY.  For now some of these people are using
>    S/KEY to auth to one of the client machines and then having their
>    login script klog them into AFS using a plaintext password stored
>    on the local file system.  Clearly suboptimal.

Yup.

> Obviously I'm making a lot of assumptions about the code without having
> really read it.  Before I start a project like this, is anyone else working

It's Kerberos. People are already working on making it use krb5. Spend
your efforts on either helping them with that work or on whatever
improvements you'd want in krb5.