[OpenAFS] Tokens that do not expire
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Sat, 19 Oct 2002 11:29:49 +0200
On Sat, Oct 19, 2002 at 01:43:39AM -0500, Charles Clancy wrote:
> > >This of course *requires* either a hardcoded password in a
> > >reauthentication script or some other file-based method of obtaining
> > >the tokens (such as a kerberos srvtab/keytab).
> >
> > One additional thing to consider ... a ticket which never expires is
> > equivalant to a hardcoded password/Kerberos keytab, so it's not like a
> > never-expiring ticket gains you much in the way of security ...
>
> Or for that matter, why not just use an IP ACL. Similar level of security
> to a hardcoded password (assuming hacked machine == stolen IP), but no
> tokens to worry about.
A machine doesn't need to be hacked to steal it's IP. That is the main
problem of IP-based authentication.
Bye, Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/