[OpenAFS] some basic infos about security

Lo'oRiS il Kabukimono lo_oris@libero.it
Thu, 10 Apr 2003 00:10:24 +0200


Matt Elliott <melliott@ncsa.uiuc.edu> :

> I thought you wanted to not trust the client system.  AFS does that by
> requiring user authentication that only requires trusting your server.

For this i like the sshfs approach: you can either require authentication,
or have an ssh key exchange (like normal ssh).

What i want is not trusting *any* client, i.e. if somebody attaches a new
pc in the net i do not trust it (and obviously IP is not a clever way of
doing that ;)

Oh, i'd like an stronger authentication method like the AFS one, but since
i need it to mount /home, i do not see how i could do that.

If i could share the user database (and passwords) between Linux and AFS
itself... and have a login program that asks a single login and logs it in
the system and also in AFS...

Am i the only one to need such a thing? Weird.

-- 
"Never give up  Never give in  Be on our side  So we can win
 Never give up  Never give in  Be on our side
 Old moon's time is soon to come"
  - Blind Guardian, "And then there was silence"

http://lano.webhop.net ·-:=[asd]=:-· http://lano-forum.webhop.net