[OpenAFS-devel] Re: Initial implementation of RestrictedQuery,
please comment
chas williams - CONTRACTOR
chas@cmf.nrl.navy.mil
Fri, 28 Mar 2014 07:24:17 -0400
On Wed, 19 Mar 2014 00:21:10 -0400
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> > On 3/18/2014 10:26 AM, Gergely Risko wrote:
> > Good to know. BTW, I'm not advocating firewalling the protection
> > database, I just wanted to say that for now it seems so that this VL +
> > Vol work is meaningful in itself at least for me. Because for small
> > non-windows sites it seems to be possible to disable PRDB altogether.
> > But I'm not saying that after this patch we shouldn't have a look on the
> > ptserver and look around for RPCs to protect.
>
> Many organizations do firewall the protection database from clients.
I made a first stab at protecting the ptserver from anonymous access.
http://gerrit.openafs.org/#change,10951
It isn't entirely clear to me how this with interact with cross realm.