[OpenAFS] To read a file from a directory whose ACL is r-l (read
permission but no lookup permission)
Wed, 14 Sep 2005 14:40:49 +0300
> In addition, before the
> RUNAS session can access to non-system:anyuser areas of AFS,
> it will need to obtain an AFS token that will in turn also
> require a username and password.
I think to start AFS session in RunAS session. So I don't need
to obtain an AFS token before the RunAS session.
> Where do you plan to store the usernames and passwords that
> are required such that the user is unable to obtain them and
> simply access AFS themselves?
I plan to store the username and passwords (for RunAs and for
Kerberos) in a database server. The logged user can access them
using an application. But now, I understand that this is also a
"Security through obscurity" case.