Roland J. Schemers III writes:
> On Apr 28, 7:51pm, Paul Howell wrote:
> >
> > Since DFS will do it the way that AFS now does it, i.e.,
> > a host showing up as authuer, it makes more sense
> > to leave it the way it is.
>
> The difference with DFS is that the host must be registered in the
> security database and have its secret key stored on the local disk.
> So its more secure then just using an IP address (although only secure
> as the key stored on the disk). Not to mention the principal is stored as
> hosts/slapshot/self so if a host's IP address changes it authentication
> doesn't.
Perhaps I misunderstood how this works from Mike Kazar's description.
(I had just come from an all day class on ofs/dme, so i was woozy..)
> It still sounds like a big security hole to me. If you are using IP addresses
> to handout licensed software it seems like you would want to base authentication
> on more then just an IP address. If you really want access by IP address
> then you should explicitly have to say so.
Well, that's the way it works. Maybe someone at Transarc has heard of
something other than using the IP address in an ACL?
> Although I can see the usefulness for IP addresses in ACLs it seems like
> a big step backwards in terms of security, especially if they get
> system:authuser by default.
Again, this is current functionality. I'm surprised that more people
weren't aware of this.
This whole thread started because someone wanted to run pagsh from
a directory that wasn't system:anyuser. I simply suggested something
I know to work. I did not intend it to be a complaint or bug report.
Certainly the meaning of system:authuser has changed with the introduction
of IP addresses in the pt server, whether intentional or not.
< Paul
