[589] in Info-AFS_Redistribution
Re: Changing cell names
daemon@ATHENA.MIT.EDU (Lyle_Seaman@transarc.com)
Mon Feb 10 13:19:00 1992
Date: Mon, 10 Feb 1992 11:22:56 -0500 (EST)
From: Lyle_Seaman@transarc.com
To: Info-AFS@transarc.com
In-Reply-To: <9202101508.AA23947@egypt.eng.umd.edu>
rsw@eng.umd.edu (Randall Winchester) writes:
> John Meyers writes:
> > The utility is that someone with access to a user's key in one realm
> > (such as an administrator for that realm) may not then use that key to
> > break into the user's account in another realm, should the user be
> > using the same password in both realms.
> >
> Sorry, but I find this rational hard to believe. If I the administrator for
> a realm want to know a users passwd I can (kerberos or no kerberos). The
> user who wants to protect on realm from another (one admin from another...)
> needs to at least use a different passwd.
John only suggested the admin as a "for instance". It might be
possible that there is some way that someone who is not in
system:administrators could get someone else's key, and you wouldn't
want that to work in a different cell. (Yes, it's also conceivable
that such a person could steal an actual password, which might work in
another cell. There's no such thing as absolute security, you just
have to keep trying to make things tighter. And yes, "The user who
wants to protect one realm from another needs to at least use a
different password," but sometimes people don't.)
Lyle Transarc 707 Grant Street
412 338 4474 The Gulf Tower Pittsburgh 15219