Ken Raeburn via RT wrote: > On Oct 18, 2007, at 17:16, Christopher D. Clausen via RT wrote: >> Sam Hartman via RT wrote: > So now your anonymous user would be talking to the attacker's version > of the AFS cell, with encryption. Understood. No less secure than anonymous AFS access right now though, except for maybe the user thinking they are secure. > It may be safer from passive eavesdroppers who don't have the shared > key, but conservatively, it shouldn't be considered any more secure > than non-encrypted exchanges, unless you have good reason to believe > the key can never be compromised. Basically, one would use it purely for over the wire encryption. >> (Say non-AD joined machines. Copying a registry file and >> importing it may be simpler than setting up a file path, etc. A >> single >> registry key can contain all the needed configuration info.) The >> fact that you are actually authenicating but still an anonymous user >> allows for OpenAFS to enable encryption to the cell. The is a >> FEATURE in this >> case. (Well, it will hopefully soon be an OpenAFS feature.) > > A better solution, which unfortunately is still in design, might be > the anonymous-ticket facility for Kerberos, http://www.ietf.org/ > internet-drafts/draft-ietf-krb-wg-anon-04.txt . Yeah, well, sometimes one needs a solution that works now and not at some undetermined point in the future. ----- Regardless, even only using the single instance of a cluster of machines serving HTTP the keytab in the registry is still a useful feature. And allowing the service keytab to be in a registry key doesn't make it any less secure than a file. <