Re: [nfsv4] AUTH_GSS for Callbacks

From: Mike Eisler (mike@eisler.com)
Date: 10/29/03-06:47:51 PM Z

• Next message: Kevin Coffman: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Previous message: J. Bruce Fields: "Re: [nfsv4] AUTH_GSS for Callbacks"
• In reply to: wurzl, mario: "RE: [nfsv4] AUTH_GSS for Callbacks"
• Next in thread: Kevin Coffman: "Re: [nfsv4] AUTH_GSS for Callbacks"

Message-ID: <3FA05FB7.2070702@eisler.com>
From: Mike Eisler <mike@eisler.com>
Subject: Re: [nfsv4] AUTH_GSS for Callbacks
Date: Wed, 29 Oct 2003 16:47:51 -0800



wurzl, mario wrote:


> This implies that a system administrator will have to generate keys for a
> service 'root@client' and store it in the Kerberos keytab of all client
> systems. I have a hard time imagining a system administrator doing this
> process for a network with several thousand clients.
> It may become even worse if the principal for SETCLIENTID could be any user.

What's the alternative?

I'm having some trouble understanding this oft repeated
system administrator's environment, since he seems to be interested
in security. How does each client get an IP address assigned to it?
Since we reject a manual process for several thousand clients,
we are left with DHCP or something like it. How does the client then get
its OS installed for first time? Some kind of automatic network installation/boot,
such as JumpStart.

But how does the client authenticate the DHCP server, the install server, and
the boot server?  And how is this authentication made mutual ... after
all, you don't want attackers inject trojan horses into the
physical network that capture user passwords.

There's a fundamental boot stapping problem. Which is
not my problem to solve, but if it is solved, securely, then
if there can be a service that securely and automatically
hands out IP addresses and OS images (including configuration files, possibly customized ...
JumpStart can do it) to clients, then it follows that there can be a service
that securely and automatically hands out customized krb5.keytab files to clients.

If the sys admin isn't concerned about the bootstrap problem, then why would
he be worried about the machine cred problem? Thus he might as well
configure his client (when it netinstalled) to use AUTH_NONE for SECINFO.



	-mre





_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

• Next message: Kevin Coffman: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Previous message: J. Bruce Fields: "Re: [nfsv4] AUTH_GSS for Callbacks"
• In reply to: wurzl, mario: "RE: [nfsv4] AUTH_GSS for Callbacks"
• Next in thread: Kevin Coffman: "Re: [nfsv4] AUTH_GSS for Callbacks"

This archive was generated by hypermail 2.1.2 : 03/04/05-02:12:51 AM Z CST