If I am accessing AFS via an NFS/AFS translator, what IP number
is used for checking the PTS if it has IP numbers, wildcards or
groups with IP numbers? Is it the NFS client's IP number, or the
translator's number?
If it is the translator's number then if someone exports /afs to
the world, the world can bypass campus wide protections by using
NFS from some on campus translator. This requires the
translator's system manager to export /afs to on campus only
systems.
If it is the NFS client's number, then it is a little better, but
you are still relying on NFS security. But since any system
,manager could make the translator believe that it was receiving
a request from an IP number, AFS cant trust the clients IP
number.
But in either case, you have extended the responsibility of
protection of AFS data to the translator's system manager with
out requiring any tokens.
In no way do I want this to be considered system:authuser.
Has anyone looked into how this works?
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: [EMAIL PROTECTED]
