[465] in SIPB-AFS-requests
Re: machines in pts database?
daemon@ATHENA.MIT.EDU (Jon Rochlis)
Tue May 21 22:41:51 1991
From: jon@ATHENA.MIT.EDU (Jon Rochlis)
To: qjb@ATHENA.MIT.EDU
Cc: sipb-afsreq@ATHENA.MIT.EDU
In-Reply-To: Your message of Tue, 21 May 91 11:52:27 -0400.
Date: Tue, 21 May 91 22:41:32 EDT
For AFS-related services (or things that use
afs) which server the service is on seems irrelevant, which is
why we have one afs key for each cell rather than for each
server.
This is very, very wrong. It means that the comprise of one AFS
server in a cell means that all servers in the cell have been
comprised. There is no reason that a comprise in b11 shound break the
security of machines in e40.
Zephyr also loses in this fashion (in my opinion).
-- Jon
