Why does AFS use Kerberos authentication?
It improves security. Kerberos uses the idea of a trusted third party to prove identification. This is a bit like using a letter of introduction or quoting a referee who will vouch for you. When a user authenticates using the klog command (s)he is prompted for a password. If the password is accepted the Kerberos Authentication Server (KAS) provides the user with an encrypted token (containing a “ticket granting ticket”). From that point on, it is the encrypted token that is used to prove the user’s identity. These tokens have a limited lifetime (typically a day) and are useless when expired. In AFS, it is possible to authenticate into multiple AFS cells. A summary of the current set of tokens held can be displayed by using thetokenscommand. For example: elmer@toontown $ tokens Tokens held by the Cache Manager: User’s (AFS ID 9997) tokens for afs@ny.acme.com [Expires Sep 15 06:50] User’s (AFS ID 5391) tokens for afs@sf.acme.
It improves security. Kerberos uses the idea of a trusted third party to prove identification. This is a bit like using a letter of introduction or quoting a referee who will vouch for you. When a user authenticates using the klog command (s)he is prompted for a password. If the password is accepted the Kerberos Authentication Server (KAS) provides the user with an encrypted token (containing a “ticket granting ticket”). From that point on, it is the encrypted token that is used to prove the user’s identity. These tokens have a limited lifetime (typically a day) and are useless when expired. In AFS, it is possible to authenticate into multiple AFS cells. A summary of the current set of tokens held can be displayed by using the “tokens” command. For example: elmer@toontown $ tokens Tokens held by the Cache Manager: User’s (AFS ID 9997) tokens for afs@ny.acme.com [Expires Sep 15 06:50] User’s (AFS ID 5391) tokens for afs@sf.acme.com [Expires Sep 15 06:48] –End of list– Kerberos improve
