Greetings...
[EMAIL PROTECTED] writes:
> > Date: Tue, 15 Jun 1993 09:36:08 -0400 (EDT)
> > From: [EMAIL PROTECTED]
> > X-Envelope-To: [EMAIL PROTECTED]
> > References: <[EMAIL PROTECTED]>
> >
> > [EMAIL PROTECTED] (Roch Leduc) writes:
> > > All right folks, the million dolar question:
> > > what do I do with daemons under AFS?
> > >
> > > They cannot be authenticated for more than 25 hours; they must authen
\ ticate
> > > somehow or all their work is system:anyuser (not very secure for mail
\ )
> > > Am I missing something provided in the AFS package?
> >
> > We have a set of contributed scripts that solves just this problem.
> > Check out these two directories:
> > /afs/grand.central.org/pub/afs-contrib/tools/reauth/
> > /afs/grand.central.org/pub/afs-contrib/tools/reauth-example/
> > If you don't have an AFS client, you can FTP the files from
> > grand.central.org (192.54.226.100) from the /pub/afs-contrib/tools
> > area.
> >
> > Joe Jackson,
> > AFS Product Support,
> > Transarc Corp.
> The example given in the reauth-example is for a computer
> environment where password security is not a concern. Our
> environment IS concerned with security. We would like to
> submit jobs using "cron" or "at" and not have to leave
> passwords in files. Is "cron" and "at" left out of the AFS
> picture?
>
> Bill Pitre
> Battelle PNL, PO BOX 999, Richland WA 99352
> [EMAIL PROTECTED] (509) 375-2091
But with shared secret technology you need to have a password in a
file in your system somewhere or at least in memory. <afs-util>
-localauth works because of this. So having the password in a file for
the reauth daemon to use does not seem to be a big deal except it is
an additional place where security can be breached.
Or am I off the mark?
Mike
Mike Marques )( Usenet: [EMAIL PROTECTED]
Computing & Communications Services )( Bitnet: mike@yulibra
(IT division), York University. )( Voice: (416) 736-5257
Only visiting this planet...
