[467] in SIPB-AFS-requests
Re: machines in pts database?
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Wed May 22 12:01:36 1991
From: jon@MIT.EDU (Jon A. Rochlis)
To: Marc Horowitz <marc@MIT.EDU>
Cc: qjb@ATHENA.MIT.EDU, sipb-afsreq@ATHENA.MIT.EDU
In-Reply-To: Your message of Wed, 22 May 91 02:04:51 -0400.
Date: Wed, 22 May 91 12:01:07 EDT
slave kerberos servers have the same master key as the kerberos
server, don't they?
This is bogus. All the kerberos servers by definition have all the
secrets in a realm. If you get one, you the whole realm. That is why
one cannot replicate kerberos servers willy-nilly. It is a major
advantange of public key systems. Besides the master key is of no use
if you haven't broken in and gotten a copy of the database. Getting
the master key on a slave does nothing to get you into the master.
The real problem is that you'd get rcmd.kerberos (or even
changepw.kerberos) as a side effect.
If you break into one AFS server (well, one prdb
server, anyway), you can steal the key for a bos superuser, and use
that to break into all the others.
That's my point. I userstand the importance of the protection
database. That has nothing to do with the goal that one filesever
should not be able to comprise other file servers. You can only
locate the protection/kerberos servers in secure areas and you only
need a couple for 10,000+ users, but you need many fileservers and you
cannot only locate them it secure areas.
-- Jon
