Excerpts from internet.info-afs: 21-Apr-95 Re: Security by Chris
[EMAIL PROTECTED]
> There are several tools, CMU's adm or IBM Research's Sysctl which can
delegate
>
> authorities with more granularity, than stock AFS.
sysctl would of course be much more useful if a copy existed that one
outside IBM could get one's hands on!
That said...
Excerpts from internet.info-afs: 21-Apr-95 Re: Security by Chris
[EMAIL PROTECTED]
>What would have been nice is that each server had a unique Kerberos 4
>principal. (Like most normal Kerberos setups). This way only one machine
>would be compromised. Things seem to be getting better with DFS, BTW.
This would require considerable hacking. One way would be for "afs@cell"
to because essentially a ticket granting ticket for
afs.server-machine-name@cell , but this would require hacking on the
Kerberos server, and on AFS... There is no simple *and* reasonable way
to separate out keys...
Oh well.
-D
