[OpenAFS] IP based ACL and User Based ACL

Thossaporn (Pommm) Phetruphant pommm@yannix.com
Tue, 4 Jun 2019 19:05:17 +0700

Hi Everyone,

I'm looking to implement IP based ACL and User Based ACL in my openAFS 
setup. The scenario I like to have is :

Joe have right to access volumeĀ  work1.
Joe sit on a workstation IP address
Joe also have 2nd workstation IP address
Management want Joe to be able to access volume work1 only from 
workstation IP address

I currently know and have these setup on my openAFS :
Joe is member of work1

$ pts membership work1
Members of work1 (id: xxx) are:

$ pts membership work1-ip-whitelist
Members of work1-ip-whitelist (id: yyy) are:

Danny who don't assign in work1 can use his account on workstation to access work1 volume. <- I don't want this.

Is it possible to have ACL that only allow user Joe from workstation IP 
address to access but not allow Danny?
Basically, User based ACL "and" IP based ACL. Both need to be TRUE to 
authorize access.

Thank you.