[OpenAFS] Problems giving a daemon process permanent access to AFS

Christopher D. Clausen cclausen@acm.org
Thu, 1 Feb 2007 17:51:12 -0600


Jeffrey Hutzelman <jhutz@cmu.edu> wrote:
> On Thursday, February 01, 2007 03:57:47 PM -0500 Earl Shannon
> <Earl_Shannon@ncsu.edu> wrote:
>> I don't know what all your security considerations are, but I'd
>> suggest you create an IP ACL
>> in the filespace the daemon needs to access.
>
> Don't do this.  IP-address-based ACL's are not only very insecure but
> also notoriously unreliable.

There is also no encryption with IP based ACLs.

<<CDC