At 10:16 AM 2/10/94 -0500, [EMAIL PROTECTED] wrote:
>Bob,
> We are in basic agreement here. And that's is one of
>the reasons why I want a hook in the PCI client side (login) and
>a hook in the PCI-server to destroy the token if need be.
>
>What I'ld like is for the PCI's client to ask the PC-I server get the
>AFS token and have the PCI server to destroy it when the PCI client
Er... Actually, we intend that the server process be the sole guardian of
the token. To be precise, the PCI server will call an external program of
arbitrary function (binary or shell script, posessing correct ownership and
privs) and pass it the user's uid and passwd via stdin. That program can
then do something with the user info and if that something happens to be
AFS authentication, then voila! PCI will work with AFS. The client will
have no idea that there is such a thing as a token. When the server
notices that the client has gone away, it calls another external program
which, like the first, is of purely arbitrary function, but can be used to
destroy the AFS token.
[excellent description of how PCI works deleted]
>Thus, in order the use the AFS token [which is shared in the AFS client
>cache], a random PC must still reconnect the the PC-I server.
>Since the PC-I ``sessions'' are not shared, you get protection.
This is correct.
>NFS uses a common set of remote processes for everyone, hense once the
>AFS authenication is done, an other system that can forge a UID
>has access. Hense you have a hole.
I was unaware of this hole. We should capitalize on this as much as we can!
-Matt
