Having user accounts on an AFS database server machine is a pretty heavy
security exposure.
Ideally, AFS dbservers should be console access only. If that's not
practial, then SecurID, ssh, and/or Kerberos encrypted rlogin/telnet
should be used. A compromise of the cell encryption key would render all
database transactions vulnerable, rendering useless most AFS
security/authentication mechanisms.
The "server under the desk" (or on in this case) service model is not a
good idea. Spend the $7,000 to get a Sparc 5 class machine if you need
to. If integrity and security of your data is important, then the small
investment in hardware is more than worth it.
My $0.02.
-brian
On Thu, 20 Jun 1996, Daniel Bromberg wrote:
> > one will be just a server, but since it's on my desk, I'll be running X and
> > all. How will this affect performance on my machine? It will NOT be an AFS
>
> "just a server" - you'll need to be more precise...is this a sytem
> control machine, binary distibution machine, or database server
> machine? (since it's not a simple fileserver). I would still recommend
> against non-dedicated AFS servers of any type. Interactive use of
> machines can use up all of a system's resources especially as X
> servers tend to bloat or runaway processes get spawned. What do
> other people think?
>
> Daniel Bromberg
> Jet Propulsion Laboratory
>
--
Brian W. Spolarich - ANS CO+RE Systems - [EMAIL PROTECTED] - (313)677-7311
If wishes were fishes we'd all cast nets.
