[OpenAFS] Re: Storing system binaries in the /afs tree

Mike Polek mike@pictage.com
Fri, 20 May 2005 10:12:51 -0700

"ted creedon" <tcreedon@easystreet.com> wrote:

 > How do you handle kerberos keying on boot? Seems like you need a password
 > stored somewhere.
 > tedc

Well, for most of the O/S, I just use system:anyuser rl,
since everything is diskless, and readonly, it's pretty
immune to tampering. There is almost nothing that isn't
what you'd get if you installed FC3 yourself, so it's not
like there is anything much to hide. For the few things that
do need a little extra protection, I symlink to
/local/etc/...., like shadow, ssh/, etc. So they have
standard unix permissions when it's all said and done.

Having said that, in order to keep the ssh_host_* files
consistent, there is an area of host specific files that
I do keep protected that is not just available to anyone.
So, I wrote a little auto_klog program that does some
security checking and then calls klog to get a "boot" token.
The password is mildly encrypted in my auto_klog program,
and it's set up as exec only, stripped, etc. It's not
the most secure method, but it's tight enough for my
purposes. As soon as the host specific files are layered
into the build, I drop the token. That's the only time
it's needed.

Other people at the conference last year offered really
good suggestions, if security is an issue... like having
a piece of hardware on the USB port for verification.

Keep in mind that you can get the system up and running
without a token. The stuff that I need the token for is
layered on afterward. Once I mount everything, I have
all the programs I need available to me via
/sysroot/bin/.... etc. So it's pretty easy to handle all
of that if you need it. I'm sure there are many ways
to handle that part.

Mike Polek
Pictage, Inc.