[OpenAFS] OpenAFS Security Releases 1.8.2, 1.6.23 available --> butc & backup security update question

Mark Vitale mvitale@sinenomine.net
Thu, 13 Sep 2018 20:51:40 +0000


> On Sep 13, 2018, at 2:37 PM, Jeffrey Altman <jaltman@auristor.com> wrote:
> <snip>
> In the case of OPENAFS-SA-2018-001.txt, both 'butc' and 'backup' (or
> 'afsbackup' as it is installed on some systems) must be at least:
>=20
> * AuriStorFS v0.175
> * OpenAFS 1.8.2
> * OpenAFS 1.6.23
>=20
> <snip>
>=20
> As of the releases above, the 'butc' service (by default) will not only
> accept authenticated connections but will require that the authenticated
> identity be a super-user as reported by the butc host's "bos listusers"
> command.

A small correction: the OpenAFS 'butc' does not do this by default.
Instead, it forces the operator to specify one of the following options:

-localauth
All butc RPCs require superuser authentication.
This option must be run as root, and server key material must be present.

-allow_unauthenticated
All butc RPCs remain unauthenticated.


Regards,
--
Mark Vitale
mvitale@sinenomine.net