I do not see it as a problem for authentication. The only thing that
will happen if you are given bad information is a denial of service.
One will not be able to authenticate if they are given bad information
as they will not be talking to the true db servers.
At the same time, one might envision spoofing name service so that
unauthenticated accesses go to yet another site and incorrect binaries
are retrieved. In the unauthenticated mode, there is no data validation
anyway, and connections can be sabotaged, whether it is at the local
site, or across the country. Spoofing name service makes this type of
sabotage a little easier, but that's about it.
Now for the flip side... I can spoof name service so that I can make you
look at my servers anyway. The hostnames in CellServDB are resolved and
used before falling back to the IP addresses listed, so this problem is
already a reality.
-Richard
------- Forwarded transaction
[1704] [EMAIL PROTECTED] (Peter Lister, Cranfield Computer C)
Info-AFS_Redistribution 06/03/93 15:03 (34 lines)
Subject: Re: it would be nice if ... CellServDB were a distributed database
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
In-Reply-To: Your message of "Thu, 03 Jun 93 01:52:36 BST."
Date: Thu, 03 Jun 93 10:47:10 BST
From: "Peter Lister, Cranfield Computer Centre" <[EMAIL PROTECTED]>
There's an easier solution, which works well here, but has drawbacks.
Maintain a MINIMAL local VLDB containing only your local site's
servers, so that each client can boot and see its local cell. When AFS
has started, run a script which uses a single
/afs/<site>/common/etc/CellServDB to fs newcell the rest of the world.
Only one file needs updating.
Drawback; despite what AFS manuals claim, various things still insist
on looking at the local /usr/vice/etc/CellServDB. klog is one, which is
irritating when one wants a tokens for a foreign cell.
Please Transarc, once all the cells are configured in afsd, update
binaries so that they DON'T look at the file any more. And, while
you're about it, an fs command which can bulk update the configuration
>From a new/updated CellServDB instead of forcing me to write a script
like /afs/pegasus.cranfield.ac.uk/common/etc/CSDB_newcell.nawk.
There is a caveat with using BIND for cell server info. The database
servers serve Kerberos tickets. The client have to trust the database
servers, hence have to trust the nameserver which tells it where the
database servers. There are Kerberos authenticated name servers in
existence, but this does complicate matters.
Peter Lister [EMAIL PROTECTED]
Computer Centre,
Cranfield Institute of Technology, Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK Fax: +44 234 750875
--[1704]--
------- End forwarded transaction
------- End Forwarded Message
