[OpenAFS] some basic infos about security
Derek Atkins
warlord@MIT.EDU
09 Apr 2003 13:02:28 -0400
AFS uses Kerberos to authenticate connections between the client and
server. Each directory within AFS has an ACL that lists who may
access files in that directory. You can set the acl for everyone
(system:anyuser), everyone who has authenticated (system:authuser), or
individual users or groups of users. Each ACL entry can have it's own
list of permissions. So, for example you can set an acl that looks
like:
system:anyuser l
system:authuser rl
warlord:my-friends rli
warlord:family rlidwk
warlord rlidwka
So, depending how a user authenticates they gain different access
to the directory.
I hope this helps,
-derek
"Lo'oRiS il Kabukimono" <lo_oris@libero.it> writes:
> i'd like to know some basic info about security using AFS... just to know
> if it is what i'm searching for... :)
>=20
> what i need is something more secure than nfs, but more powerful than
> sshfs.
>=20
> so, how does the host authentication work? i mean, trusting the ip address
> of an host is not nice... i'd like something like key-checking, like with
> ssh and sshfs... something that if somebody adds a new host in the net, he
> can't do anything... can AFS do that?
>=20
> --=20
> "Never give up Never give in Be on our side So we can win
> Never give up Never give in Be on our side
> Old moon's time is soon to come"
> - Blind Guardian, "And then there was silence"
>=20
> http://lano.webhop.net =B7-:=3D[asd]=3D:-=B7 http://lano-forum.webhop.net
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--=20
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available