[OpenAFS] some basic infos about security

Derek Atkins warlord@MIT.EDU
09 Apr 2003 13:02:28 -0400


AFS uses Kerberos to authenticate connections between the client and
server.  Each directory within AFS has an ACL that lists who may
access files in that directory.  You can set the acl for everyone
(system:anyuser), everyone who has authenticated (system:authuser), or
individual users or groups of users.  Each ACL entry can have it's own
list of permissions.  So, for example you can set an acl that looks
like:

        system:anyuser     l
        system:authuser    rl
        warlord:my-friends rli
        warlord:family     rlidwk
        warlord            rlidwka

So, depending how a user authenticates they gain different access
to the directory.

I hope this helps,

-derek

"Lo'oRiS il Kabukimono" <lo_oris@libero.it> writes:

> i'd like to know some basic info about security using AFS... just to know
> if it is what i'm searching for... :)
>=20
> what i need is something more secure than nfs, but more powerful than
> sshfs.
>=20
> so, how does the host authentication work? i mean, trusting the ip address
> of an host is not nice... i'd like something like key-checking, like with
> ssh and sshfs... something that if somebody adds a new host in the net, he
> can't do anything... can AFS do that?
>=20
> --=20
> "Never give up  Never give in  Be on our side  So we can win
>  Never give up  Never give in  Be on our side
>  Old moon's time is soon to come"
>   - Blind Guardian, "And then there was silence"
>=20
> http://lano.webhop.net =B7-:=3D[asd]=3D:-=B7 http://lano-forum.webhop.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

--=20
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available