[589] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: Changing cell names

daemon@ATHENA.MIT.EDU (Lyle_Seaman@transarc.com)
Mon Feb 10 13:19:00 1992

Date: Mon, 10 Feb 1992 11:22:56 -0500 (EST)
From: Lyle_Seaman@transarc.com
To: Info-AFS@transarc.com
In-Reply-To: <9202101508.AA23947@egypt.eng.umd.edu>

rsw@eng.umd.edu (Randall Winchester) writes:
> John Meyers writes:
> > The utility is that someone with access to a user's key in one realm
> > (such as an administrator for that realm) may not then use that key to
> > break into the user's account in another realm, should the user be
> > using the same password in both realms.
> > 
> Sorry, but I find this rational hard to believe. If I the administrator for
> a realm want to know a users passwd I can (kerberos or no kerberos). The 
> user who wants to protect on realm from another (one admin from another...)
> needs to at least use a different passwd. 

John only suggested the admin as a "for instance".  It might be
possible that there is some way that someone who is not in
system:administrators could get someone else's key, and you wouldn't
want that to work in a different cell.  (Yes, it's also conceivable
that such a person could steal an actual password, which might work in
another cell.  There's no such thing as absolute security, you just
have to keep trying to make things tighter. And yes, "The user who
wants to protect one realm from another needs to at least use a
different  password," but sometimes people don't.)


Lyle		Transarc		707 Grant Street
412 338 4474	The Gulf Tower		Pittsburgh 15219


home help back first fref pref prev next nref lref last post