Re: [9fans] auth protocol questions + proposed kfs improvement

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Mike Haertel <mike@ducky.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] auth protocol questions + proposed kfs improvement
Date: Fri,  2 Nov 2001 11:23:52 -0800	[thread overview]
Message-ID: <200111021923.fA2JNqV03620@ducky.net> (raw)
In-Reply-To: <20011102070925.DD951199B9@mail.cse.psu.edu>

>> 1.  Is there any security reason why /dev/authcheck
>> didn't already work with AuthTs flavored tickets and AuthAc
>> flavored authenticators?
>
>Yes, /dev/authcheck was only intended to be used
>for checking the credentials presented by servers.

You'd think it would say something about that in the manual page.
Any particular reason for this restriction?  The one reason I can
think of is that it might allow J. Random User on a cpu server to
pose as eve to a remote client, since authcheck also allows you
to sign authenticators with eve's secret key.

So how about allowing authcheck to check client credentials and
sign server authenticators, but only in the case that the user
is eve?

next prev parent reply	other threads:[~2001-11-02 19:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-11-02  7:09 Russ Cox
2001-11-02 19:23 ` Mike Haertel [this message]
  -- strict thread matches above, loose matches on Subject: below --
2001-11-02  7:16 Russ Cox
2001-11-02  5:43 Mike Haertel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200111021923.fA2JNqV03620@ducky.net \
    --to=mike@ducky.net \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).