[OpenAFS] home on afs woes

Lester Barrows barrows@email.arc.nasa.gov
Thu, 5 Jan 2006 12:30:53 -0800

On Thursday 05 January 2006 7:32 am, Ken Hornstein wrote:
> Given the choice between files possibly being world-readable and users
> having to expose their password for every login (even if you're
> encrypting the session, we've learned the hard way that isn't enough
> anymore), we decided to go with the former.  As always, to each his or
> her own.
> --Ken

This appears to be a security decision based primarily on a technical 
limitation in AFS. The per-directory ACL limitation itself was more or less 
what I was discussing, as it has caused me more than its share of headaches. 
If I could place an ACL on a file and have it alone be readable/listable by 
the authentication process, that would be ideal. It's great that a world 
listable/readable top level home directory configuration works for your 
environment's security requirements, and it certainly saves a bit of work. It 
just isn't sufficient to comply with our security plans.

Best regards,
Lester Barrows