> > > I would hope that people understand that not advertising their AFS cell
> > > is the worst sort of security through obscurity :-) But for these people,
> >
> > Especially with people around who semi-actively search for and collect
> > information about AFS cells.
I didn't realize this (didn't want to think about it, actually), but...
Owen ([EMAIL PROTECTED]) said:
>
> Some of us do not advertise our cells, but not because we think this
> makes them more secure. In our case the cell (which is indeed
> relatively insecure in many frightening ways) makes a lot of software
> available to system:anyuser because it is used for distributing
> software locally.
Yes, very definitely. we have paid thousands (well, a lot for a small
university department) for our software, which might be yanked if the
companies thought we were broadcasting it.
> Nobody has the time to go through everything
> and set up IP ACLs, which will not be able to be carried over to
> DFS in any case. So we keep the site-licensed stuff readable
> by system:anyuser and just don't publish our cell data, expecting
> that this will keep the software suppliers happy that we're not
> distributing things illicitly.
In our case, we *had* the IP acls, and they were working very well.
We had SunOS 4.1.3u1 (or u2), and I think AFS 3.3. however...we
upgraded to 4.1.4, and boom! they broke. (Quite painfully...our
httpd was running with no authentication, and files were permitted
to the web server machine...same for some status programs, and our
licenced programs, one of which has a license manager.)
how can i find out what version of the server and of the cache manager
(afsd, correct?) we are running, to see if there is a known problem
with that, or if changing one (hopefully the afsd) would fix things?
I didn't realize how much I used and appreciated IP Acls until they
didn't work!
ka
--
Kathy Madison SysAdmin, Department of Statistics
[EMAIL PROTECTED] College of LS&A, University of Michigan
Very few profundities can be expressed in fewer than 80 characters.
