(Illustration by Gaich Muramatsu)
On Thu, Nov 04, 1999 at 01:11:56PM +0100, Major A wrote: > > Hello, > > just a quick question on the way of working of Coda. I understand that > there is a possibility to get tokens while disonnected. What does that > mean? How can a client tell whether or not I typed in the right password? > Does it transfer the authentication database from the server periodically > in order to be able to check? Or maybe the password is not checked for but > a pseudo-token generated and only checked on reconnection? > > Thanks, > > Andras The coda client doesn't expire tokens while disconnected. It is not possible to interactively get tokens during a disconnection, but there is one alternative. A Coda authentication token can be stored in a file. While connected (or on a connected machine), do clog -tofile xxx. Then somehow move the file xxx over to the disconnected machine (email/pager:) And use clog -fromfile xxx, to pass the token off to venus. There is also the 'tokentool' program in the source tree, which an administrator can use to make (insecure) long-term tokens. These can be given to a user who goes away for week, or ahum `safely' stored on a machine so that the passwords don't have to be put in the cronjobs. Ofcourse all communication based on such a long-term token uses the same session key. If it weren't for the use of XOR encoding, this would weaken security considerably ;) Actually those token-files should be encrypted and password protected. If someone gets his hands on this file, he gets full access until the token expires. JanReceived on 1999-11-04 17:42:01