Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful

To: Sam Hartman <hartmans@mit.edu>
Cc: debian-devel@lists.debian.org
Subject: Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
From: Daniel Jacobowitz <dan@debian.org>
Date: Thu, 7 Dec 2000 16:37:59 -0500
Message-id: <[🔎] 20001207163759.A31672@drow.them.org>
Mail-followup-to: Sam Hartman <hartmans@mit.edu>, debian-devel@lists.debian.org
In-reply-to: <[🔎] tslbsunlxxb.fsf@sweet-transvestite.mit.edu>; from hartmans@mit.edu on Thu, Dec 07, 2000 at 04:32:48PM -0500
References: <[🔎] 200012071531.KAA15129@sweet-transvestite.mit.edu> <[🔎] 20001207152738.A30183@drow.them.org> <[🔎] tslbsunlxxb.fsf@sweet-transvestite.mit.edu>

On Thu, Dec 07, 2000 at 04:32:48PM -0500, Sam Hartman wrote:
> >>>>> "Daniel" == Daniel Jacobowitz <dan@debian.org> writes:
> 
> 
>     Daniel> Is this disableable in the openafs packages, or at least,
>     Daniel> does it scream loudly?
> 
> I'm not sure what you mean.  The openafs packages as I ship them never
> use noauth mode; they use pt_util instead.  An administrator can
> restart bosserver with the noauth flag.  If they do so, their server
> will accept unauthenticated requests until it next restarts.
> 
> What are you actually worried about?  Someone breaking in and leaving
> bosserver set to noauth as a back door, or someone configuring a
> system incorrectly?

The latter.  Thanks.  I'm not familiar with setting up cells.

Would it be possible/reasonable to have a warning when noauth is used? 
Is it sufficiently documented as a security problem of this degree? 
That's all that I'm worried about.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan@debian.org         |  |       dmj+@andrew.cmu.edu      |
\--------------------------------/  \--------------------------------/

Reply to:

References:
- ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
  - From: Sam Hartman <hartmans@mit.edu>
- Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
  - From: Sam Hartman <hartmans@mit.edu>

Prev by Date: Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
Next by Date: Re: long term goals of debian membership
Previous by thread: Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
Next by thread: ITP: libnews-scan-perl
Index(es):
- Date
- Thread