>> The irony of this is that the MIT protocol for obtaining initial
>> tickets has weaker security than the Transarc one.
Could you explain just what this weakness is? I'm not familiar with
it.
The irony of this is that the security in AFS (at the key
distribution, authorization, and file system layers) has been broken
several times in independent ways by independent people. The design
of AFS is far too complex to safely protect the authentication
services. Putting better locks on the front door and leaving the
windows unlocked is not the way to increase security.
MIT's kerberos servers are very simply configured, so it is easy to
keep them secure. Access is limited to a small list of privileged
principals, which are used *only* for kerberos server access. About
the only services which are run besides kerberos itself are encrypted
kerberized rlogin and time services. This makes keeping the machine
secure very easy; they have *never* been broken into.
Marc
