Hi! I'm writing an introductory paper on OpenAFS (in german) in which i'd like to say a few words about the concepts.
In http://www.openafs.org/pages/doc/AdminGuide/auagd007.htm#HDRWQ75 i read about complex mutual authentication and simple mutual authentication. It says: "AFS uses simple mutual authentication to verify user identities during the first part of the login procedure. In that case, the key is based on the user's password." and "Complex mutual authentication involves three encryption keys and three parties. All secure AFS transactions (except the first part of the login process) employ complex mutual authentication." Inhowfar do these statements still apply to current versions of (Open)AFS? How is the authentication process modified if one uses - kaserver - the kerberos versions of kalog etc., supplied with afs - kerberos 5 with the the Kerberos Migration Kit - kaforwarder - (insert other means of authentication here, e.g. the prospected "new" afs tokens with Kerberos 5 Tickets) Kerberos 5 and the Kerberos Migration Kit is of special interest to my paper. As i understand it, the process of granting the initial Kerberos Ticket is already a form of Complex Mutual Authentication, as defined in the AFS System Administrators Manual. Is that assumption correct? Is there some documentation that is a little more thorough, technical, recent and specific to OpenAFS than the AFS documentation (which afaik still is the unaltered AFS 3.6 documentation)? Thanks and kind regards Friedel -- Friedrich Delgado Friedrichs <[EMAIL PROTECTED]> Laziness led to the invention of the most useful tools.
msg05628/pgp00000.pgp
Description: PGP signature
