[OpenAFS] Better Logging and Access Control
Sam Hartman
hartmans@mit.edu
06 Mar 2001 19:41:41 -0500
>>>>> "Thomas" == Thomas Vincent <thomasv@apple.com> writes:
Thomas> Hi Folks, Perhaps there is a way to do this , and I
Thomas> haven't figured it out. It would be nice if there was
Thomas> tcp_wrapper type support built in. With the granularity to
Thomas> control access by ip , and go directory by directory or
Thomas> user by user. Also logging seems to be in pretty bad
Thomas> shape under afs. Are there any plans to say: Record reads,
Thomas> writes, executes. To the point where I can log all a
Thomas> persons actions if I so choose. Maybe there is a way to
Thomas> do this, and I haven't figured it out yet.
While IP ACL support is present, you should be aware that IP
authentication in most environments is significantly less secure than
the authentication provided by AFS's use of Kerberos.