[OpenAFS] Better Logging and Access Control

Sam Hartman hartmans@mit.edu
06 Mar 2001 19:41:41 -0500

>>>>> "Thomas" == Thomas Vincent <thomasv@apple.com> writes:

    Thomas> Hi Folks, Perhaps there is a way to do this , and I
    Thomas> haven't figured it out.  It would be nice if there was
    Thomas> tcp_wrapper type support built in. With the granularity to
    Thomas> control access by ip , and go directory by directory or
    Thomas> user by user.  Also logging seems to be in pretty bad
    Thomas> shape under afs. Are there any plans to say: Record reads,
    Thomas> writes, executes. To the point where I can log all a
    Thomas> persons actions if I so choose.  Maybe there is a way to
    Thomas> do this, and I haven't figured it out yet.

While IP ACL support is present, you should be aware that IP
authentication in most environments is significantly less secure than
the authentication provided by AFS's use of Kerberos.