[OpenAFS] Questions about AFS security

[Patrick J. LoPresti]

I have been reading the AFS documentation and I have a couple of
questions.

Question 1: AFS and Kerberos 5

I know AFS can work within a Kerberos 5 infrastructure, but you have
to run krb524d (right?).  My biggest problem with Kerberos is its
vulnerability to password guessing attacks.  With krb5, I can enable
preauthentication (right?), which means that a dictionary attack would
at least leave tracks in the log on the Kerberos server.

By running krb524d, do I give up this nice property?  In other words,
will I once again be vulnerable to off-line password guessing?


Question 2: AFS admin privs without AFS server privs

Since all AFS administration can be performed remotely, there is no
reason for an AFS administrator to have root access to the AFS
servers.  This is useful because it allows the logs on the servers to
be resistant to tampering even by the AFS administrators.

My question is, does being an AFS administrator automatically allow
you to run things as root on the AFS server?  (I thought I read about
a "bos exec" command or something.)  If so, is there any way I can
disable this?  If not, does anyone have ideas for how I can get a
tamper-proof log of the actions of our AFS admins?

Thanks!

 - Pat