Re: ITP: openafs-krb5, openafs-ptutil - packages needed for openafs to be useful
On Thu, Dec 07, 2000 at 04:32:48PM -0500, Sam Hartman wrote:
> >>>>> "Daniel" == Daniel Jacobowitz <dan@debian.org> writes:
>
>
> Daniel> Is this disableable in the openafs packages, or at least,
> Daniel> does it scream loudly?
>
> I'm not sure what you mean. The openafs packages as I ship them never
> use noauth mode; they use pt_util instead. An administrator can
> restart bosserver with the noauth flag. If they do so, their server
> will accept unauthenticated requests until it next restarts.
>
> What are you actually worried about? Someone breaking in and leaving
> bosserver set to noauth as a back door, or someone configuring a
> system incorrectly?
The latter. Thanks. I'm not familiar with setting up cells.
Would it be possible/reasonable to have a warning when noauth is used?
Is it sufficiently documented as a security problem of this degree?
That's all that I'm worried about.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
Reply to: