> Once client ``login'' is complete, the common code forks
> specific UNIX process [aka pcidossvr] that is per ``PC'' that runs
> as that person [i.e. clemc/bob/dmr etc]. It is the pcidossvr
> process that does a work on behalf of a user.
>
> Thus, in order the use the AFS token [which is shared in the AFS client
> cache], a random PC must still reconnect the the PC-I server.
> Since the PC-I ``sessions'' are not shared, you get protection.
>
> NFS uses a common set of remote processes for everyone, hense once the
> AFS authenication is done, an other system that can forge a UID
> has access. Hense you have a hole.
clem, you seem to have a very naive view of security. are you familiar with
the hijack attacks on afs and netware?
peter
