[OpenAFS] AuthServer.Admin: What is the purpose of, and what should the setting be?
Tue, 13 Jan 2004 09:18:38 -0800
Is AuthServer.Admin the same user.role as admin in the IBM Quick Start
From: firstname.lastname@example.org =
On Behalf Of Ted Anderson
Sent: Tuesday, January 13, 2004 4:34 AM
To: Dave Blakemore
Subject: Re: [OpenAFS] AuthServer.Admin: What is the purpose of, and =
should the setting be?
On 12/23/2003 10:54, Dave Blakemore wrote:
> Could someone explain in general terms, what the purpose is for the
> AuthServer.Admin id, and what the setting should/need to be, as in =
> would: kas e AuthServer.Admin normally return?
The AuthServer.Admin identity has basically two roles: it is repository=20
of the kaservers master key and it is the service used for=20
administrative operations on the kaserver. The master key is really=20
just used to generate random numbers used by the server, e.g. for=20
generating session keys. An AuthServer.Admin service ticket is used by=20
the kas command when performing its operations. It is a bit of a=20
security flaw to be giving out samples of ciphertext (i.e. admim service =
tickets) using the same key that is used to generate session keys.=20
However, the kaserver changes this key automatically using fairly good=20
sources of random numbers so the risk is very small.
The AuthServer.Admin settings are unlikely to need adjustment. The=20
usual settings affecting the role of any service principal apply as=20
normal, except its password cannot be changed.
Hope This Helps,
OpenAFS-info mailing list