[OpenAFS] ACLs and open-afs

Derek Atkins warlord@MIT.EDU
14 Oct 2002 16:04:34 -0400


Friedrich Delgado Friedrichs <6delgado@informatik.uni-hamburg.de> writes:

> Derrick J Brashear schrieb:
> > Of course the thing you're all neglecting is the bit where unless you have
> > your AFS traffic encrypted, you already screwed yourself by having
> > .Xauthority in AFS.
> 
> Hm. What is harder, breaking AFS traffic encryption or guessing xauth
> cookies? Might be worth a research...

Who has to break encryption?  If your homedir is "system:anyyser rl"
then I can just read the file.

The real answer is that SSH should be modified (or configured) to
create a random .Xauthority file in /tmp (or /tmp/$USER)

> Regards
> 	Friedel

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available