[OpenAFS] Documentation Issue: Complex Mutual Authentication?

Friedrich Delgado Friedrichs 6delgado@informatik.uni-hamburg.de
Tue, 29 Oct 2002 14:12:07 +0100


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

I'm writing an introductory paper on OpenAFS (in german) in which i'd like =
to
say a few words about the concepts.

In http://www.openafs.org/pages/doc/AdminGuide/auagd007.htm#HDRWQ75 i
read about complex mutual authentication and simple mutual
authentication.

It says:

"AFS uses simple mutual authentication to verify user identities during
the first part of the login procedure. In that case, the key is based on
the user's password."

and

"Complex mutual authentication involves three encryption keys and three
parties. All secure AFS transactions (except the first part of the login
process) employ complex mutual authentication."

Inhowfar do these statements still apply to current versions of
(Open)AFS?

How is the authentication process modified if one uses
	- kaserver
	- the kerberos versions of kalog etc., supplied with afs
	- kerberos 5 with the the Kerberos Migration Kit
	- kaforwarder
	- (insert other means of authentication here, e.g.
	   the prospected "new" afs tokens with Kerberos 5 Tickets)

Kerberos 5 and the Kerberos Migration Kit is of special interest to my
paper.

As i understand it, the process of granting the initial Kerberos Ticket is
already a form of Complex Mutual Authentication, as defined in the AFS
System Administrators Manual. Is that assumption correct?

Is there some documentation that is a little more thorough, technical,
recent and specific to OpenAFS than the AFS documentation (which afaik
still is the unaltered AFS 3.6 documentation)?

Thanks and kind regards
	Friedel
--=20
	Friedrich Delgado Friedrichs <friedel@nomaden.org>
Laziness led to the invention of the most useful tools.

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iEYEARECAAYFAj2+iScACgkQCTmCEtF2zEA7DwCffqFnr9qcgFEtPpUVHg0FEVJb
h4YAoIHtdjA/Pi7PfobsY0wbsjOzq/c5
=NGVD
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--