> You need the keyfile on all fileservers. On any other machine, a
> canny hacker can run upclient, and get the KeyFile.
I am not sure about upclient authentication, but upserver should serve
/usr/afs/etc either encrypted or not at all. For encryption it is
probably using one of the keys in the current KeyFile, so if a client
doesn't have a valid KeyFile, it shouldn't get a new one. As you are
apparently a non-US site (like us), you shouldn't be getting the
encryption ability of upserver/upclient. In this case, you simply
cannot rely on upserver/upclient to distribute your KeyFile.
> physical access to machines does not allow you to become root, to
> boot in single user mode, or to have any other advantage that I know
> of.
You mean: not take out a disk an read or write it somewhere else, boot
from a tape or CD, remove the battery from an NVRAM ... ? What would an
administrator do if he forgot the password, or if the machine were
broken in a way that it wouldn't accept it anymore?
--
Michael Niksch TEL: +41-1-7248-913
IBM Zurich Research Laboratory FAX: +41-1-7103608
Saeumerstrasse 4 SMTP: [EMAIL PROTECTED]
CH-8803 Rueschlikon / Switzerland RSCS: NIK at ZURICH
