Firewalls: Re: System Security

Firewalls
(October 1993)

Indexed By Thread: [Previous] [Next]

Subject:	Re: System Security
From:	Bob Dew <rdew @ alw . nih . gov>
Date:	Wed, 27 Oct 1993 11:49:59 -0400 (EDT)
To:	pmetzger @ lehman . com
Cc:	Firewalls @ greatcircle . com
In-reply-to:	<9310271540 . AA26505 @ snark . lehman . com>
References:	<9310271540 . AA26505 @ snark . lehman . com>

Excerpts from Firewalls: 27-Oct-93 Re: System Security "Perry E.
Metzger"@lehma (682)


> What are you talking about? You have to get kerberos tickets on the
> host that is accessing AFS if you are going to get files. If you
> didn't need to do this the system would not be secure, since anyone
> can forge IP packets.

> Perry



(a copy of my last posting was sent twice, by mistake).


You can run a cache manager remotely, using the rx protocol.  The remote
machine talks to the AFS servers with authentication tokens stored in
*its* kernel.  This is all transparent to you, the client.  Your machine
sees and accesses the AFS filespace, as if you were running the cache
manager locally. But your tokens and cache information are actually
controlled by a remote machine.

-Bob

Follow-Ups:

Re: System Security
From: "Perry E. Metzger" <pmetzger @ lehman . com>
Re: System Security
From: "Perry E. Metzger" <pmetzger @ lehman . com>

References:

Re: System Security
From: "Perry E. Metzger" <pmetzger @ lehman . com>

Indexed By Date	Previous:	Re: System Security From: Bob Dew <rdew @ alw . nih . gov>
Indexed By Date	Next:	Re: System Security From: "Perry E. Metzger" <pmetzger @ lehman . com>
Indexed By Thread	Previous:	Re: System Security From: "Perry E. Metzger" <pmetzger @ lehman . com>
Indexed By Thread	Next:	Re: System Security From: "Perry E. Metzger" <pmetzger @ lehman . com>