[425] in Kerberos
Re: file server mappings
daemon@TELECOM.MIT.EDU (Mike Kazar)
Tue Jul 5 21:26:48 1988
From: Mike Kazar <kazar+@ANDREW.CMU.EDU>
To: kerberos@ATHENA.MIT.EDU
In-Reply-To: <8807052008.AA11009@VULCAN.MIT.EDU>
The current authentication system at use at CMU cuts off authenticated access
to AFS (aka Vice) on ticket expiration as soon as it discovers the ticket has
expired, i.e. when the cache manager next tries an RPC to the file server.
The file server checks the ticket status cached in its client status entry, on
every RPC, and returns a distinctive error code when the ticket expires. The
cache manager detects this, and switches to an unauthenticated RPC connection
for the remaining operations.
The other possibility would be to only check the expiration time when a ticket
has to be decoded. In general, our user's didn't like that system as much
because it was less predictable: they generally assumed the tickets never
expired, and were surprised when occasionally they did. And, of course, it
leaves you more vulnerable to security problems.
I'd vote for matching the current Vice semantics: stop the accesses as soon as
the tickets expire.
