[94] in Athena_Backup_System
use of kerberos
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue May 2 14:56:45 1995
From: Jonathon Weiss <jweiss@MIT.EDU>
To: athena-backup@MIT.EDU
Date: Tue, 02 May 1995 14:56:23 EDT
Here's a first draft of how I ecpect us to use kerberos in ABS.
Jonathon
This is a brief outline of the various kerberos principals that will
be used during the operation of ABS. It should be noted that I am
writing this based on my knowledge of Kerberos version 4. If we use
Kerbers version 5 some things may be different.
There are three types of machines that will be used when ABS is
operating. There will be client machines, tape slave machines and a
master machine. It should be noted that any particular machine could
be configured to serve any or all of these functions at any given
time, although we don't expect machines to perform more than one of
these functions at a time very often.
The client machines will generally be the workstations on poeples'
desks. These machines do not need to have a secret associated with
them. When the user wants to interact witht eh backup system they
will have kerberos tickets. There will be a list of kerberos
principals who are allowed to connect to the backup system. The list
will be stored on the master, either in the database or a seperate
file. Given the abilities of the backup system, we will probably want
to have only root instance principals on this list.
The master will have two srvtabs on it. One will be in
/etc/athena/srvtab and will contain a key for rcmd.host@REALM, where
host is tha name of the master and REALM is the name of the local
realm (ATHENA.MIT.EDU in our case). This will bner owned by root and
used for logging into the master, if you ever need to do that. This
srvtab will have nothing to do with the operation of ABS. The other
srvtab will contain a key for absmaster.host@REALM. This will be
owned by thew user that runs the ABS master software on the master.
This is the key that will be used by anything trying to talk to the
ABS master server.
The tape slaves will each have two srvtabs. These will be organized
in a parallel fashion to the organization on the master. The only
difference is that the key that ABS will use will be
absslave.host@REALM.
Whenever a user or a tape slave needs to talk to the master it will
get a TGT for user.root@REALM or absslave.host@REALM if it doesn't
have one, and use the service key for absmaster.host@REALM to
authenticate it's connection with the master.
I suspect we will need to supply authentication with each udp connection.
