Excerpts from internet.info-afs: 19-Aug-92 Some basic questions from a..
Robert Moskowitz@mcimail (852)
> Each AFS server have to have its own KDC, or does it follow the
> "standard" Kerberos model of only a few KDCs in secure locations (it
> will be hard to locate all AFS servers in secure locations).
As delivered each cell has its own Kerberos like (AFS KA Server) server.
A cell is can be made up of multiple servers which AFS volumes can be
moved transparently among. MIT run's a slightly different model with one
kerberos server for multiple cells. There was, I believe, a major
design flaw early on because if any one server in a cell is compromised
all your servers are compromised because all machines in a given cell
are keyed exactly the same. Any administrator of any of the AFS
fileservers can effectively become an administrator of any of the
fileservers in the same cell.
So if you are going to have a machine in a less secure area it should be
a different cell. The only way to conveniently do authentication if it
is needed to that cell as well as others is via the MIT model or by
using the CMU CS department's cross realm authentication. Neither of
which are directly supported in the product release at the current time.
