"Matt W. Benjamin" <[email protected]> writes: > There is no special rxk5 callback problem, it's the same as with rxkad, > for traditional AFS-3. But with new RPCs as we did later with extended > callback information, the callback channel must be protected, to get an > equivalent level of security. We did some work towards adding an > anonymous, secure backchannel using the rxk5 framework, but there has > been no interest from the community in rxk5 essentially, and we stopped > work on it.
Right: to be very clear, this is not a problem that rxk5 *introduces*, but rather a problem that rxkad has and that rxk5 doesn't *fix*, but rxgk does. I don't think rxk5 does combined tokens either, which means another similar class of problem is the ability of a local user to poison the AFS cache, possible with rxkad but stopped in rxgk by using combined tokens and a keyed cache manager. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
