[OpenAFS] Re: final prerequesite for world domination

Adam Megacz megacz@cs.berkeley.edu
Wed, 28 Dec 2005 20:50:19 -0800

> You just accept any username, create a KDC entry for them, and give
> them an empty password.  Tada, authenticated.

Only the KDC admin can do this.  Furthermore, users would need to
remember a different username (and password, if they have any sense)
for every cell.

> the user now has this piece of magic data that they have to keep track of

SSH users seem to be able to manage this quite easily.  PGP as well.

I also mentioned kx509 as an example of a partial solution: perhaps
authentication is moving from kdc-as-trusted-omnipotent-diety to
kdc-as-key-storage-facility.  Specifically, kx509 changes the role of
the KDC from issuing tickets to issuing "junk certificates".  It's a
way for organizations that have made major investments in Kerberos to
escape the fundamental limitations of symmetric-only cryptosystems.
This way users don't have to carry around their keys.

Perhaps identity management can't be done perfectly, but it is already
being done well enough to make the rest of this possible.  The trick
to avoid committing to a single approach (as with afs+krb4), but
instead to provide the minimum interface that would allow them all.

  - a