Adam Megacz wrote: > Derrick J Brashear <[EMAIL PROTECTED]> writes: >> How does the bosserver decide you're eligible if there's no ptserver? > > Okay, take 2: first, bosserver checks the request to see if it was > directly signed with the KeyFile (ie you invoked bos with -localauth). > Since it has the KeyFile, it should be able to do this without the > help of ptserver. If this is the case, it permits your request. If > not, it tries to contact ptserver. If it is unable to contact the > ptserver, it rejects your request.
All authenticated requests are encrypted using the key in the KeyFile. The KeyFile is the file that stores the keys used to encrypt the authenticator. This has nothing at all to do with ptserver. The ptserver maintains the authorization database. In the AFS server model, a client authenticates to the server and then the server queries the ptserver for the authorization data for that user. Based upon the contents of the authorization data, the server permits or denies the user's request. bosserver cannot depend on ptserver because bosserver is the tool that is used to start / stop ptserver. Therefore, bosserver has its own authorization data that is stored in a file. Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
