[OpenAFS] Tokens that do not expire

Nickolai Zeldovich kolya@MIT.EDU
Sat, 19 Oct 2002 03:21:20 -0400


> Or for that matter, why not just use an IP ACL.  Similar level of security
> to a hardcoded password (assuming hacked machine == stolen IP), but no
> tokens to worry about.

The level of security provided by IP ACLs is far less than that provided
by any sort of ticket, expiring or not.  (Especially if you do 'fs setcrypt
on', you're in much better shape with a token than with an IP ACL.)

-- kolya