[OpenAFS] AFS Token / Kerberos v5 ticket

Xavier Canehan Xavier.Canehan@in2p3.fr
Tue, 20 Oct 2009 10:28:22 +0200


This is a cryptographically signed message in MIME format.

--------------ms080201000903010702080204
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Jeffrey Altman a =C3=A9crit :
> Can you please explain what it is that you are attempting
> to accomplish?

Our home made batch system used to save and forge kas tickets. No=20
Kerberos 5, not very secure, easiest. Moreover, it was just navigating=20
through bit fields to forge a ticket. No AFS primitive implied.

We are migrating: away from current batch system and to Kerberos 5.
During process, we have to modify our batch system, whilst main=20
developer retired.

As R=C3=A9mi worked on Kerberos 5 migration here, he has been volunteered=
 to=20
provided code to migrate our batch system. Thus, he is investigating=20
several options to cope either with kas, fakeka, K5.
He may have not been clear: we are not willing to put a keyfile in=20
unsecure places. We have to modify our batch master and prepare the=20
place for the next.

Thanks to every one who helped, either with directions or code.
R=C3=A9mi is adapting code from Rainer Toebbicke. If not successful, we w=
ill=20
certainly switch to Heimdal, as suggested by Derrick Brashear.


R=C3=A9mi is not trying to break AFS nor Kerberos.
He is not trying to hack our cell. I know where he lives. :o)


Best regards,

X. Canehan


--------------ms080201000903010702080204
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIM2TCC
A20wggJVoAMCAQICAQIwDQYJKoZIhvcNAQEEBQAwKzELMAkGA1UEBhMCRlIxDTALBgNVBAoT
BENOUlMxDTALBgNVBAMTBENOUlMwHhcNMDEwNDI3MDU0NjQ5WhcNMTEwNDI1MDU0NjQ5WjA0
MQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05SUzEWMBQGA1UEAxMNQ05SUy1TdGFuZGFyZDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANzhHiE9BovqvV60iNsPk5e0bQc9hmIA
Lcr/tUqO51akj2Es8aAqq/Yq3Xwsv+91VQusCU7nTmHA5wzwkBVFEgLCjOvDEmTiYxAYLssH
MdmB5dwpgpsxVuKBHopvp+ipWBFEVoNds054cC3ftv1ygUXV8e5Nzu++1T0MkCBFmgmArw9M
2iAOgL86s+sngMC5D8ChTkDcOv1qKr9A1SxxgPn4umvk6ioAqy++mvCndm2YKZwPL/BC8hiX
W8n2zBlfusK+EtJcsJCUwLfLBgTvjzDtMi16SveTu6AJpLTuM8vQg5u1tbOQ3o6QHlmcINVL
Hu3XTE+G+hw6KqHprAWgnb8CAwEAAaOBkjCBjzAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRn
WaXlB3RJA+8Fz8wupBjVEMiePDBTBgNVHSMETDBKgBRW62i50lx+mLWlU8ORb2NYxPlrt6Ev
pC0wKzELMAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxDTALBgNVBAMTBENOUlOCAQAwCwYD
VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4IBAQAGA0eDckWQwk7hIderF6kBVQbKQG1Voh1e
6+IUI1nkCeKQ9jyNNgYPS6cmI2XC6gaacru4jMuKX+95NiV+ANfzBpT7g0QpJjfH7umHzmyG
gBtxPdJir/bNYmxTD+Z6kwCMey4z4EEdqr5lmHbxlQd0s+Y/U3XVSwY2SynE9tyOE4BAEHOC
rRV7BHFQtTcz8shku6EQfjbGra9vcFKm0a7MzLqw6FkSj2INrQPdSyroiTmIUS/tYei3MIfb
J1VtZoejUQmAYXFRBb4THdlBMPx1XwqWmxj/vpCBtBPAchEI/Wqaage99IMstGA2ZAf6PWqn
sJAEdoPdM8s04heYBAuhMIIEsDCCA5igAwIBAgICb+YwDQYJKoZIhvcNAQEFBQAwNDELMAkG
A1UEBhMCRlIxDTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQwHhcNMDgw
MTA3MTI1OTQwWhcNMTAwMTA2MTI1OTQwWjBvMQswCQYDVQQGEwJGUjENMAsGA1UEChMEQ05S
UzEQMA4GA1UECxMHVVNSNjQwMjEXMBUGA1UEAxMOWGF2aWVyIENhbmVoYW4xJjAkBgkqhkiG
9w0BCQEWF1hhdmllci5DYW5laGFuQGluMnAzLmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA1yJ9GWxP+bZfuIVpYn6X3lB6oj9SYGu9v7vclSBgWsK7Vc/FZXsrVMNJq+19
6EfiGOk+zzhKnm66AhUzBqk029OlaeLwvGPBM9SDzmeOyGv2PHo+OagPO8TGuFT4ufXGggNW
oTqS1RuUyoWPk4y2nN0EV2fM8N+4RmdEiZyYCGbQOHYYH4q09yfncmAUfDE3xRif3/3rFzqv
vhnY47OWUPpXBcLyutCUmfcPu+yvC6rytAxy3fEl7Ck3HDuikxLtUWXRczqaTK02k1ieMr0r
hZeoky6yfTjsv7Ljgp+Dy4PhnHTcmA7zwKyodEvST+48w8gcM0XbvMI2d4dYqY+huwIDAQAB
o4IBjzCCAYswDAYDVR0TAQH/BAIwADARBglghkgBhvhCAQEEBAMCBLAwDgYDVR0PAQH/BAQD
AgXgMHgGCWCGSAGG+EIBDQRrFmlDZXJ0aWZpY2F0IENOUlMtU3RhbmRhcmQuIFBvdXIgdG91
dGUgaW5mb3JtYXRpb24gc2UgcmVwb3J0ZXIg4CBodHRwOi8vaWdjLnNlcnZpY2VzLmNucnMu
ZnIvQ05SUy1TdGFuZGFyZC8wHQYDVR0OBBYEFAEzHIJDeuTfJxEwLvA7Qdel57y9MFMGA1Ud
IwRMMEqAFGdZpeUHdEkD7wXPzC6kGNUQyJ48oS+kLTArMQswCQYDVQQGEwJGUjENMAsGA1UE
ChMEQ05SUzENMAsGA1UEAxMEQ05SU4IBAjAiBgNVHREEGzAZgRdYYXZpZXIuQ2FuZWhhbkBp
bjJwMy5mcjBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3Jscy5zZXJ2aWNlcy5jbnJzLmZy
L0NOUlMtU3RhbmRhcmQvZ2V0ZGVyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAcYmH/ALzDrSF
NRZY6iFuC4+F3fauUSkU4WqBLLWAvLXPhS2B+fF+iwe0ObhxsfLiUx8Qv3+QZxCAJ1KNL+qr
m//RwXwiVu2zPrdzmK9EDJh2vRCzw73S5ke7BF5bXAzHHDgUJpC5aiGkpYuBK8gE9XR6xr2b
ZPAch5ScEZ0CF7pg4CCqP3HOXTTa2M9xreFW/nO+3bwvx+15IcM0ZLQWuWeFStD07EluQcL/
+H4SluIcVIA8pkfyDAbVmxLLRmLHwfjBwL35YQBS7Mks7HE+LzL1yX+PX5ykoV0/g5pxe/t3
3KG2911I2ChjCxwpHSeTWATGKX2cP8r+RCe5RejRMDCCBLAwggOYoAMCAQICAm/mMA0GCSqG
SIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRYwFAYDVQQDEw1DTlJT
LVN0YW5kYXJkMB4XDTA4MDEwNzEyNTk0MFoXDTEwMDEwNjEyNTk0MFowbzELMAkGA1UEBhMC
RlIxDTALBgNVBAoTBENOUlMxEDAOBgNVBAsTB1VTUjY0MDIxFzAVBgNVBAMTDlhhdmllciBD
YW5laGFuMSYwJAYJKoZIhvcNAQkBFhdYYXZpZXIuQ2FuZWhhbkBpbjJwMy5mcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANcifRlsT/m2X7iFaWJ+l95QeqI/UmBrvb+73JUg
YFrCu1XPxWV7K1TDSavtfehH4hjpPs84Sp5uugIVMwapNNvTpWni8LxjwTPUg85njshr9jx6
PjmoDzvExrhU+Ln1xoIDVqE6ktUblMqFj5OMtpzdBFdnzPDfuEZnRImcmAhm0Dh2GB+KtPcn
53JgFHwxN8UYn9/96xc6r74Z2OOzllD6VwXC8rrQlJn3D7vsrwuq8rQMct3xJewpNxw7opMS
7VFl0XM6mkytNpNYnjK9K4WXqJMusn047L+y44Kfg8uD4Zx03JgO88CsqHRL0k/uPMPIHDNF
27zCNneHWKmPobsCAwEAAaOCAY8wggGLMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQD
AgSwMA4GA1UdDwEB/wQEAwIF4DB4BglghkgBhvhCAQ0EaxZpQ2VydGlmaWNhdCBDTlJTLVN0
YW5kYXJkLiBQb3VyIHRvdXRlIGluZm9ybWF0aW9uIHNlIHJlcG9ydGVyIOAgaHR0cDovL2ln
Yy5zZXJ2aWNlcy5jbnJzLmZyL0NOUlMtU3RhbmRhcmQvMB0GA1UdDgQWBBQBMxyCQ3rk3ycR
MC7wO0HXpee8vTBTBgNVHSMETDBKgBRnWaXlB3RJA+8Fz8wupBjVEMiePKEvpC0wKzELMAkG
A1UEBhMCRlIxDTALBgNVBAoTBENOUlMxDTALBgNVBAMTBENOUlOCAQIwIgYDVR0RBBswGYEX
WGF2aWVyLkNhbmVoYW5AaW4ycDMuZnIwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybHMu
c2VydmljZXMuY25ycy5mci9DTlJTLVN0YW5kYXJkL2dldGRlci5jcmwwDQYJKoZIhvcNAQEF
BQADggEBAHGJh/wC8w60hTUWWOohbguPhd32rlEpFOFqgSy1gLy1z4UtgfnxfosHtDm4cbHy
4lMfEL9/kGcQgCdSjS/qq5v/0cF8Ilbtsz63c5ivRAyYdr0Qs8O90uZHuwReW1wMxxw4FCaQ
uWohpKWLgSvIBPV0esa9m2TwHIeUnBGdAhe6YOAgqj9xzl002tjPca3hVv5zvt28L8fteSHD
NGS0FrlnhUrQ9OxJbkHC//h+EpbiHFSAPKZH8gwG1ZsSy0Zix8H4wcC9+WEAUuzJLOxxPi8y
9cl/j1+cpKFdP4OacXv7d9yhtvddSNgoYwscKR0nk1gExil9nD/K/kQnuUXo0TAxggK7MIIC
twIBATA6MDQxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRYwFAYDVQQDEw1DTlJTLVN0
YW5kYXJkAgJv5jAJBgUrDgMCGgUAoIIBVjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
CSqGSIb3DQEJBTEPFw0wOTEwMjAwODI4MjJaMCMGCSqGSIb3DQEJBDEWBBQ9X7p6dzm0g3Bb
1yjhkHFFFBH+aDBJBgkrBgEEAYI3EAQxPDA6MDQxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRD
TlJTMRYwFAYDVQQDEw1DTlJTLVN0YW5kYXJkAgJv5jBLBgsqhkiG9w0BCRACCzE8oDowNDEL
MAkGA1UEBhMCRlIxDTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQCAm/m
MF8GCSqGSIb3DQEJDzFSMFAwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQA0wwcd5f3h67rhW0YrzL32nOwaSNhcEB467s9BZxv40ePFH7mM0qgiYhPzaNiK
Lky1leAfo3mKEfeuB1DEX8ryAZoT8VDl+WESSBHVB+bwECDMxs739WtEycpkSt9oSJSdO0Rf
pZP2TjrAkG+PXLAWCYEXvP6AGKFVj7keh+JVTS6xPri5BGao+7O0LcO2xoRQL5BGjQcC/F1a
6inCd5n1YdSBiDNOW8OZorGi89vcEgvjyyKLIOckwFgV/bapma0Iw6HeXfYfjaiLKMYxtBl7
qTjk+mSX3x+y3wfgda2bla7Bupy6IwqBCbeYg0i4dYY6nCFBWiCGC6hqSL5zySIEAAAAAAAA

--------------ms080201000903010702080204--