(Illustration by Gaich Muramatsu)
On Sat, 24 Jul 1999, Pete Gonzalez wrote: > >For AFS/NFS there is a kerberized NFS server which does token forwarding to > >the AFS client on the same system, but I think one still has to log in to > >the NFS server to get such tokens (perhaps with the kerberized NFS client, > >this would go away; it's dead slow though). > > Hrm... Well what about approaching it from the other direction; could the > CODA security model replace the Unix/Linux /etc/passwd authentication, > i.e. so a valid CODA login counts as valid authentication on the local > system? Could this be done using PAM? (This would require a notion of > multiple CODA sessions from the same user on the same host, but that > shouldn't be too difficult.) That, combined with the elimination of > this strange 25 hour expiration rule, would be quite a workable system. I would suggest that one dump the Unix/Linux /etc/passwd authentication completely (except for the root password) and use kerberos exclusively. Kerberos has a well thought out and robust security mechanism. I won't go into detail on all of the design decisions that went into it (those are covered on the MIT kerberos web site and documentation), but it is my opinion that it is the most secure authentication system for Unix like systems that exists in the Open Source world, and also quite possibly in the closed source world too. > BTW what exactly is the justification for the expirations? It seems to > decrease security (by requiring daemons which store the passwords in > cleartext) rather than increase it. One reason I can come up with is that expiration is needed in case a user logs out, and there isn't a mechanism by which venus can tell the user is no longer logged in, and that tokens should be destroyed. If this were not the case, a machine which has been compromised could allow an attacker filesystem access to any accounts which have logged into the machine since it was last rebooted. (Granted, haveing the passwords in cleartext allows the same thing, but not *every* client will have cleartext passwords on it) Kerberos expires tickets for the above reasons, and *also* so that an attacker with a packet sniffer only has a limited amount of time to play use the sniffed information. (Kerberos 5 has mechanisms to keep even this from happening) > Pete Gonzalez > > -------------------------------------------------------------------------- | Troy Benjegerdes | troy_at_microux.com | hozer_at_drgw.net | | Unix is user friendly... You just have to be friendly to it first. | | This message composed with 100% free software. http://www.gnu.org | --------------------------------------------------------------------------Received on 1999-07-26 16:02:58