> It is prudent practice to work from the presumption that your network
> can be (is being) sniffed, this is especially true for large networks
> in public installations (like a university campus). Limiting the types
> of data that are snoopable limits your risk of exposure to sniffers.
> Plaintext data is dangerous, but plaintext (or trivially decoded)
> passwords are worse, since it affords current and future access to all
> of the person's files and privileges (perhaps on multiple systems or
> cells).
it's easy enough to implement thirdparty authentication; an
authentication client running on the pc (locuskinit?) establishes a
session key with the protocol translator. the translator requests the
tgt as usual and sends it back to the client for decryption. the pc
client decrypts it and returns the result wrapped in the session key
established earlier between client and translator. the translator
uses the now decrypted tgt to acquire an afs service ticket.
no password goes out on the net and the translator never has your
password. credit goes to bill doster who first designed this at the
ifs project.
there's no justification anymore for designing and deploying
authentication mechanisms than assume no one is listening on the net.
do so these days is grossly irresponsible to ones users and will
eventually burn you and them.
bruce
