Yes, rxgk is strictly more powerful. Matt
----- "Russ Allbery" <[email protected]> wrote: > "Matt W. Benjamin" <[email protected]> writes: > > > There is no special rxk5 callback problem, it's the same as with > rxkad, > > for traditional AFS-3. But with new RPCs as we did later with > extended > > callback information, the callback channel must be protected, to get > an > > equivalent level of security. We did some work towards adding an > > anonymous, secure backchannel using the rxk5 framework, but there > has > > been no interest from the community in rxk5 essentially, and we > stopped > > work on it. > > Right: to be very clear, this is not a problem that rxk5 *introduces*, > but > rather a problem that rxkad has and that rxk5 doesn't *fix*, but rxgk > does. > > I don't think rxk5 does combined tokens either, which means another > similar class of problem is the ability of a local user to poison the > AFS > cache, possible with rxkad but stopped in rxgk by using combined > tokens > and a keyed cache manager. > > -- > Russ Allbery ([email protected]) > <http://www.eyrie.org/~eagle/> > _______________________________________________ > AFS3-standardization mailing list > [email protected] > http://lists.openafs.org/mailman/listinfo/afs3-standardization -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
