Excerpts from mail: 9-Feb-94 Re: [EMAIL PROTECTED] (994*)
> > The drawback to this kind of system, obviously, is
> > that your AFS security becomes vulneralbe to the same breaches that NFS
> > is susceptible to.
> Actually, this is not at all obvious. I would like to see a careful
> analysis of the additional security risks posed by the NFS translator.
I asked this list about this a while back and got nothing.
The obvious part is that NFS requires merely a userid to gain access to
NFS-mounted file systems.
If user "bob" has access rights on an NFS directory, then anybody with
root access on a remote host who can mount the file system can
masquerade as "bob" and access the directory. The part that might not
be obvious is that translator tokens aren't PAG-related, so if "bob" has
valid server tokens, then any other "bob" that accesses the server will
also have tokens.
-Bob
