alfs authentication protocol: requirements

Bruce Dubbs bdubbs at
Mon Nov 28 06:55:03 PST 2005

pak_lfs at wrote:

> 3. For this protocol to be convenient enough for its typical use case (one 
> client multiple servers), there must be a *single* authentication token 
> authenticating the client to all server. I.e., the admin should not be forced 
> to supply a different password for each server. More generally, the amount of 
> authentication resources (passwords, keys, certificates, whatever) per 
> machine must be kept to a bare minimum.

I don't think this is a wise way to go.  The client can hold multiple
tokens encrypted by a master token that never leaves the client.
Perhaps a ticket mechanism, like kerberos, would be the way to go.

  -- Bruce

More information about the alfs-discuss mailing list