On Mon, 3 Feb 2014, Simon Wilkinson wrote:
On 3 Feb 2014, at 22:24, Benjamin Kaduk <[email protected]> wrote:
* In order to have secure callbacks work properly, we need to know which
identity (if any!) from the user's token was the cache manager token.
You also want to be able to handle single identity tokens - such as
those from single user machines, or from single user tools such as
libafscp. You can do this by just using the user's identity as the cache
manager identity in these situations. It is up to the cache manager to
then deal with any poisoning attacks that this might open up.
There's nothing stopping an application from passing the same token as
both arguments to AFSCombineTokens, yes.
We've had text in this document noting that "the cache manager token
discussed earlier [is] required in order for a client to accept
secure callbacks" since the -00, and I haven't convinced myself that that
constraint can be relaxed.
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
