[587] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: Changing cell names

daemon@ATHENA.MIT.EDU (Randall Winchester)
Mon Feb 10 11:55:00 1992

Date: Mon, 10 Feb 92 10:08:56 -0500
From: rsw@eng.umd.edu (Randall Winchester)
To: Info-AFS@transarc.com, jm36+@andrew.cmu.edu
Cc: d3f082@maddog.pnl.gov, ta_harper@pnlg.pnl.gov

> From bb+transarc.afs.psupport.info-afs-errors@transarc.com Fri Feb  7 14:24:33 1992
> To: Info-AFS@transarc.com
> Subject: Re: Changing cell names
> Cc: ta_harper@pnlg.pnl.gov, Info-AFS@transarc.com, d3f082@maddog.pnl.gov
> Beak: is Not
> 
> Marc Horowitz <marc@Athena.MIT.EDU> writes: 
> > [...] MIT never saw any utility in doing this, so you can rename a
> > realm fairly easily.
> 
> The utility is that someone with access to a user's key in one realm
> (such as an administrator for that realm) may not then use that key to
> break into the user's account in another realm, should the user be
> using the same password in both realms.
> 
> 				_.John
> 
Sorry, but I find this rational hard to believe. If I the administrator for
a realm want to know a users passwd I can (kerberos or no kerberos). The 
user who wants to protect on realm from another (one admin from another...)
needs to at least use a different passwd. 

Most security levels assume one trusts the admin, and so does Kerberos.
I am not convinced that using the realm as the salt gets you anyting
except harder to manage or merge multiple realms.

Randall

home help back first fref pref prev next nref lref last post