Bob Dew says:
> Excerpts from Firewalls: 26-Oct-93 Re: System Security Richard
> Chycoski @
> > If you think that Kerberos is secure on a multiuser machine, even without
> > root tampering, you're misinformed.
> As I mentioned, the authenticating host can be remote. We call this
> host the "cache manager". The cache manager can be locked in vault and
> stripped of user accounts and of all non-rpc network access, if you want.
What are you talking about? You have to get kerberos tickets on the
host that is accessing AFS if you are going to get files. If you
didn't need to do this the system would not be secure, since anyone
can forge IP packets.