It sounds like the actual implementation of machines on ACL's differs
>From the documentation and from what was taught in the AFS system
administrator's course. I believe that machines are not supposed to
be allowed directly on ACL's, only in groups, which in turn appear on
ACL's. Also, it seems to me that being on a machine that is in the
protection database should not give you system:authuser permissions,
since the access allowed to anyone on that machine may well be
different to the access you allow to truly authenticated users. If
the machine requires access to a directory, the group containing
that machine, not just system:authuser, should appear on the ACL.
This brings up the whole issue of what will happen to the ability to
authorize access from a particular machine in DFS. At the last AFS
Users' Group meeting, I learned that IP numbers either in groups or
directly on ACL's will not be implemented in DFS. Will there be a way
to provide the equivalent functionality in DFS? It seems that this is
a very valuable feature, but I hesitate to use it very much knowing
that it may go away.
