------- Forwarded Message If you send mail to the sysctl mailing list ([EMAIL PROTECTED]), or to me, we will mail you Sysctl V1.0. We are making Sysctl V1.0 freely available, however it is provided on an as is basis and is unsupported. Christine [EMAIL PROTECTED] - ------- Forwarded Message Message-Id: <[EMAIL PROTECTED]> Date: Sat, 22 Apr 1995 18:57:29 -0400 (EDT) From: "Derrick J. Brashear" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Security In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Excerpts from internet.info-afs: 21-Apr-95 Re: Security by Chris [EMAIL PROTECTED] > There are several tools, CMU's adm or IBM Research's Sysctl which can delegate > > authorities with more granularity, than stock AFS. sysctl would of course be much more useful if a copy existed that one outside IBM could get one's hands on! That said... Excerpts from internet.info-afs: 21-Apr-95 Re: Security by Chris [EMAIL PROTECTED] >What would have been nice is that each server had a unique Kerberos 4 >principal. (Like most normal Kerberos setups). This way only one machine >would be compromised. Things seem to be getting better with DFS, BTW. This would require considerable hacking. One way would be for "afs@cell" to because essentially a ticket granting ticket for afs.server-machine-name@cell , but this would require hacking on the Kerberos server, and on AFS... There is no simple *and* reasonable way to separate out keys... Oh well. - - -D - ------- End of Forwarded Message ------- End of Forwarded Message
