I think your post is quite off the mark. Root access alone on a AFS
*client* machine will not let you do any of the things you mention.
That is only possible with root access on a AFS *server* machine, in
which case much more harm than what you list is conceivable.
Anyone klog'ing on a client machine as admin is inherently saying that
they trust that machine. No software, AFS or DCE or what have you, can
do much to prevent stealing of credentials saved on a machine by
someone with root access on that machine.
The only real security is physical security; on your servers, get a
lock that needs a physical key to allow root access (eg, place the
console in a locked room and disallow root logins from everywhere
else)
