[587] in Info-AFS_Redistribution
Re: Changing cell names
daemon@ATHENA.MIT.EDU (Randall Winchester)
Mon Feb 10 11:55:00 1992
Date: Mon, 10 Feb 92 10:08:56 -0500
From: rsw@eng.umd.edu (Randall Winchester)
To: Info-AFS@transarc.com, jm36+@andrew.cmu.edu
Cc: d3f082@maddog.pnl.gov, ta_harper@pnlg.pnl.gov
> From bb+transarc.afs.psupport.info-afs-errors@transarc.com Fri Feb 7 14:24:33 1992
> To: Info-AFS@transarc.com
> Subject: Re: Changing cell names
> Cc: ta_harper@pnlg.pnl.gov, Info-AFS@transarc.com, d3f082@maddog.pnl.gov
> Beak: is Not
>
> Marc Horowitz <marc@Athena.MIT.EDU> writes:
> > [...] MIT never saw any utility in doing this, so you can rename a
> > realm fairly easily.
>
> The utility is that someone with access to a user's key in one realm
> (such as an administrator for that realm) may not then use that key to
> break into the user's account in another realm, should the user be
> using the same password in both realms.
>
> _.John
>
Sorry, but I find this rational hard to believe. If I the administrator for
a realm want to know a users passwd I can (kerberos or no kerberos). The
user who wants to protect on realm from another (one admin from another...)
needs to at least use a different passwd.
Most security levels assume one trusts the admin, and so does Kerberos.
I am not convinced that using the realm as the salt gets you anyting
except harder to manage or merge multiple realms.
Randall