[OpenAFS] ip based ACLs

Frank Burkhardt fbo2@gmx.net
Tue, 22 Nov 2005 10:41:45 +0100


Hi,

On Mon, Nov 21, 2005 at 05:47:33PM -0600, Christopher D. Clausen wrote:

[snip]

> >what do you mean "there are", i haven't seen anything like this in the
> >openafs documentation.Or is it a sysadmin hack?
> >
> >>resulting in a PC with a special IP "possessing a legal token" as the
> >>user.
> >>
> >sounds interesting..could you elaborate more on that?
> 
> http://www.duke.edu/~jhv/answers/afs-ip-acls.html

There's one important hint missing in the documentation:

Using IP base ACLs means that there's no token involved which means that
your AFS-traffic is neither signed nor encrypted when travelling over the
network. It's up to you to decide if that's a problem or not. It's one for
me which is why I never use IP-ACLs.

> I believe that it is even documented in the IBM docs on openafs.org

Your're right - i.e. here:

 http://www.openafs.org/pages/doc/AdminReference/auarf211.htm
 
Regards,

Frank