[OpenAFS] ip based ACLs
Frank Burkhardt
fbo2@gmx.net
Tue, 22 Nov 2005 10:41:45 +0100
Hi,
On Mon, Nov 21, 2005 at 05:47:33PM -0600, Christopher D. Clausen wrote:
[snip]
> >what do you mean "there are", i haven't seen anything like this in the
> >openafs documentation.Or is it a sysadmin hack?
> >
> >>resulting in a PC with a special IP "possessing a legal token" as the
> >>user.
> >>
> >sounds interesting..could you elaborate more on that?
>
> http://www.duke.edu/~jhv/answers/afs-ip-acls.html
There's one important hint missing in the documentation:
Using IP base ACLs means that there's no token involved which means that
your AFS-traffic is neither signed nor encrypted when travelling over the
network. It's up to you to decide if that's a problem or not. It's one for
me which is why I never use IP-ACLs.
> I believe that it is even documented in the IBM docs on openafs.org
Your're right - i.e. here:
http://www.openafs.org/pages/doc/AdminReference/auarf211.htm
Regards,
Frank