[OpenAFS] home on afs woes
Thu, 5 Jan 2006 12:30:53 -0800
On Thursday 05 January 2006 7:32 am, Ken Hornstein wrote:
> Given the choice between files possibly being world-readable and users
> having to expose their password for every login (even if you're
> encrypting the session, we've learned the hard way that isn't enough
> anymore), we decided to go with the former. As always, to each his or
> her own.
This appears to be a security decision based primarily on a technical
limitation in AFS. The per-directory ACL limitation itself was more or less
what I was discussing, as it has caused me more than its share of headaches.
If I could place an ACL on a file and have it alone be readable/listable by
the authentication process, that would be ideal. It's great that a world
listable/readable top level home directory configuration works for your
environment's security requirements, and it certainly saves a bit of work. It
just isn't sufficient to comply with our security plans.