headers for your configured kernel can be found. See the
system-specific Notes sections below for details.
- Be prepared to provide the switches --enable-obsolete and
- --enable-insecure if you require the use of any bundled but obsolete
- or insecure software included with OpenAFS. See README.OBSOLETE and
- README.SECURITY for more details.
-
There are two modes for directory path handling: "Transarc mode" and "default mode":
- In Transarc mode, we retain compatibility with Transarc/IBM AFS tools
by putting client configuaration files in /usr/vice/etc, and server
+++ /dev/null
-The inetd, rcp, rlogind and rsh directories contain AFS authentication (token)
-passing support for their respective utilities. We are not removing these
-utilities as some sites may still be using them, but we *strongly discourage*
-their use. These utilities don't encrypt user traffic, and they also don't
-encrypt the AFS tokens. This means an attacker can capture the data and recover
-a valid authentication token, and use it to perform authenticated operations.
-
-Consider foregoing the rcmds altogether and using ssh. You can get Dug Song's
-ssh patch to support AFS here:
-http://www.monkey.org/~dugsong/ssh-afs/
-but you'll also need to install Kerberos 4 for libraries (which isn't a bad
-idea anyhow). The KTH implementation includes the AFS helper library libkafs,
-and so is desirable:
-ftp://ftp.pdc.kth.se/pub/krb/src/
-
-As a side effect, the insecure, but AFS aware ftpd included in AFS can be
-replaced by the ftpd included in the above-mentioned Kerberos package, as it
-has RFC2228 security extensions.
-
-In any case, carefully consider the security implications before deploying
-these utilities.
-
-To enable building of the insecure code included with OpenAFS, run
-configure with the --enable-insecure switch.
-