alfs authentication protocol: requirements
bdubbs at swbell.net
Mon Nov 28 06:55:03 PST 2005
pak_lfs at freemail.gr wrote:
> 3. For this protocol to be convenient enough for its typical use case (one
> client multiple servers), there must be a *single* authentication token
> authenticating the client to all server. I.e., the admin should not be forced
> to supply a different password for each server. More generally, the amount of
> authentication resources (passwords, keys, certificates, whatever) per
> machine must be kept to a bare minimum.
I don't think this is a wise way to go. The client can hold multiple
tokens encrypted by a master token that never leaves the client.
Perhaps a ticket mechanism, like kerberos, would be the way to go.
More information about the alfs-discuss