[OpenAFS] To read a file from a directory whose ACL is r-l (read permission but no lookup permission)

acemi acemi@spymac.com
Wed, 14 Sep 2005 14:40:49 +0300

Hi Jeffrey,

 > In addition, before the
 > RUNAS session can access to non-system:anyuser areas of AFS,
 > it will need to obtain an AFS token that will in turn also
 > require a username and password.

I think to start AFS session in RunAS session. So I don't need
to obtain an AFS token before the RunAS session.

 > Where do you plan to store the usernames and passwords that
 > are required such that the user is unable to obtain them and
 > simply access AFS themselves?

I plan to store the username and passwords (for RunAs and for
Kerberos) in a database server. The logged user can access them
using an application. But now, I understand that this is also a 
"Security through obscurity" case.

Any suggestions?