Greetings...
 [EMAIL PROTECTED] writes: 
  > >   Date: Tue, 15 Jun 1993 09:36:08 -0400 (EDT)
  > >   From: [EMAIL PROTECTED]
  > >   X-Envelope-To: [EMAIL PROTECTED]
  > >   References: <[EMAIL PROTECTED]>
  > >
  > >   [EMAIL PROTECTED] (Roch Leduc) writes:
  > >   > All right folks, the million dolar question: 
  > >   > what do I do with daemons under AFS?
  > >   > 
  > >   > They cannot be authenticated for more than 25 hours; they must authen
  \ ticate
  > >   > somehow or all their work is system:anyuser (not very secure for mail
  \ )
  > >   > Am I missing something provided in the AFS package?
  > >
  > >   We have a set of contributed scripts that solves just this problem.
  > >   Check out these two directories:
  > >      /afs/grand.central.org/pub/afs-contrib/tools/reauth/ 
  > >      /afs/grand.central.org/pub/afs-contrib/tools/reauth-example/
  > >   If you don't have an AFS client, you can FTP the files from
  > >   grand.central.org (192.54.226.100) from the /pub/afs-contrib/tools
  > >   area. 
  > >
  > >   Joe Jackson,
  > >   AFS Product Support,
  > >   Transarc Corp.
  > The example given in the reauth-example is for a computer
  > environment where password security is not a concern. Our
  > environment IS concerned with security.  We would like to
  > submit jobs using "cron" or "at" and not have to leave
  > passwords in files. Is "cron" and "at" left out of the AFS
  > picture?
  > 
  > Bill Pitre
  > Battelle PNL, PO BOX 999, Richland WA 99352
  > [EMAIL PROTECTED]            (509) 375-2091
But with shared secret technology you need to have a password in a
file in your system somewhere or at least in memory.  <afs-util>
-localauth works because of this. So having the password in a file for
the reauth daemon to use does not seem to be a big deal except it is
an additional place where security can be breached.
Or am I off the mark?

                                                        Mike

          Mike Marques               )(  Usenet: [EMAIL PROTECTED]
 Computing & Communications Services )(  Bitnet: mike@yulibra        
   (IT division),  York University.  )(  Voice: (416) 736-5257
                     Only visiting this planet...

Reply via email to