(Illustration by Gaich Muramatsu)
Hello! I am thinking about server spoofing (an issue becoming more visible with coming multi-realm architecture). With authenticated access it is possible (unsure how much of it is really done?) to check that the fileserver is who it pretends to be, as authserver could prove that it knows the user password. For anonymous access a client should know something about a server except its ip number. The DFS approach is to create a host account per client, thus always having some shared secret to be able to check against. Not a convenient solution (been there) as it implies administration per client host. What we want is administration per user, who then would be able to use any client, or setup and use a new client, without being a realm administrator. Otherwise it is rather insecure to put say software on Coda as clients using this software are subject to server ip spoofing. Well, it is not a big problem inside one realm with all of the computers centrally administered. The users become authenticated against it anyway at login time (and my client hosts *have* kerberos accounts so the authentication chain is present). It becomes hard while serving clients that I cannot maintain accounts/shared secrets for. Nevertheless they need to know that my server is not spoofed! One approach I would think about is usage of public keys, either in a per-client file with a list of known realms, or (probably hard to administer) a certificate tree... What plans or ideas exist to be able to solve this issue? Best regards and thanks, Coda is great! -- IvanReceived on 2002-08-03 06:40:25