alfs authentication protocol: assumptions

Jeremy Huntwork jhuntwork at
Mon Nov 28 07:03:30 PST 2005

pak_lfs at wrote:
> My assumptions about the environment the alfs authentication protocol should 
> operate in. Please comment.
> 1. There is only one administrator for all the alfs server machines, you.
>         (Nobody but you has, or will gain, root access to these machines).


> 2. All administration is done from a *trusted* machine. Only one machine at a
>         time will run the client.


> 3. An alfs client will in general administer several server machines 
> simultaneously in each session.


> 4. Either the IP or the DNS name (or both, of course) must be static, or 
> change veeeeeery rarely.

Hmm. This one I'm not so sure about. I would want my alfsd servers to 
accept only connections from me, but I'd want to initiate that session 
from any client *I* happen to be using on the network, using dhcp or 
not, having a fqdn or not.

> 5. Replaying the commands aside, the data communicated over the alfs session 
> protocol is not that valuable. I.e., even if someone manages to record a
> whole session and eventually decrypt it, by this time you will have updated
> your LFS several times, so they won't even be able to infer your current
> system configuration by it.

Agreed. The data isn't valuable, the connection and ability to control 
the server is.


More information about the alfs-discuss mailing list