(Illustration by Gaich Muramatsu)
At 11:46 AM 7/18/99, Jan Harkes wrote: >> CODA security tokens expire after a day -- how does one keep >> tokens held by daemons from expiring? > >You don't really. On our webserver there is a cronjob that obtains a new >token every day. > >Another solution might be the `tokentool' that got included into the >5.2.7 (source) release, which allows an administrator who knows the >auth2 key to generate a user token with a longer validity. I used it >when I went on vacation for 2 weeks to make sure my email wouldn't start >bouncing all over the place. It can be found it in the coda-src/auth2 >directory. Thanks for the quick reply. BTW, is this a "bug" or a "feature"? It seems kind of unusal to have a daily cronjob that uses the cleartext administrator's password. For example, the server could instead validate the client with a simple zero-knowledge authentication scheme such as the one described here: http://srp.stanford.edu/srp/doc.html Is the 25-hour rule inherited from AFS? Pete GonzalezReceived on 1999-07-18 17:36:06