[OpenAFS] ACLs and open-afs
Derek Atkins
warlord@MIT.EDU
14 Oct 2002 16:04:34 -0400
Friedrich Delgado Friedrichs <6delgado@informatik.uni-hamburg.de> writes:
> Derrick J Brashear schrieb:
> > Of course the thing you're all neglecting is the bit where unless you have
> > your AFS traffic encrypted, you already screwed yourself by having
> > .Xauthority in AFS.
>
> Hm. What is harder, breaking AFS traffic encryption or guessing xauth
> cookies? Might be worth a research...
Who has to break encryption? If your homedir is "system:anyyser rl"
then I can just read the file.
The real answer is that SSH should be modified (or configured) to
create a random .Xauthority file in /tmp (or /tmp/$USER)
> Regards
> Friedel
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available