[OpenAFS] OpenSSH 3.5p1 + ~/.shosts + token passing?

Hans Ranke Hans.Ranke@ei.tum.de
Mon, 11 Nov 2002 16:17:40 +0100


Derek Atkins <derek@ihtfp.com> wrote:
> 
> Tokens are usable by whomever has them.  If you pass your token before
> you authenticate the server, then you could be passing your token to a
> man-in-the-middle or any other third party.  Once you do that, they
> are effectively YOU until your tokens expire.
> 
> This is why the "OLD" protocol was considered insecure.  You want to
> remove security for convenience??
> 
If I am not mistaken, the "old" protocol passed the AFS token after
the server was authenticated (but before the client was authenticated
to the server).
I do not see the security problem with this approach.

Hans


-- 
Hans Ranke                                          Hans.Ranke@ei.tum.de
Lehrstuhl fuer                                             Institute for
Entwurfsautomatisierung                     Electronic Design Automation
              Technische Universitaet Muenchen, Germany                
Phone +49 89 289 23660                              Fax +49 89 289 63666