[OpenAFS-devel] Better Logging and Access Control

Derek Atkins warlord@MIT.EDU
06 Mar 2001 19:04:44 -0500


You can already build IP-based (as well as user-based) ACLs for
directories within AFS.  And servers all require user-based
authentication to do anything but read certain status messages.

What, exactly, do you mean here?

-derek

Thomas Vincent <thomasv@apple.com> writes:

> Hi Folks,
> Perhaps there is a way to do this , and I haven't figured it out.
> It would be nice if there was tcp_wrapper type support built in. With 
> the granularity to control access by ip , and go directory by directory 
> or user by user.
> Also logging seems to be in pretty bad shape under afs. Are there any 
> plans to say: Record reads, writes, executes. To the point where I can 
> log all a persons actions if I so choose.
> Maybe there is a way to do this, and I haven't figured it out yet.
> 
> Cheers,
> Thomas Vincent
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-devel

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available