Owen,
I'm guessing from your statement below that you keep a copy
of /usr/afs/etc/KeyFile on *every* machine in your cell (server
or client), and not just on your AFS fileservers. Your KeyFile
is the cornerstone of the security of your AFS cell; if you make
it more generally accessible, you are seriously compromising the
security of your cell.
Just curious -- if my assumption is correct, why do you distribute
your KeyFile so widely?
--Judy
[EMAIL PROTECTED] writes:
>
> For example, if you are root on a fileserver (or in our cell on
> any machine), you can, without any tokens at all, use 'vos dump'
> to dump any volume. You can read the files in the dumped volume
> with no difficulty. If you know what you're doing, you can then
> modify the dump and restore it, overwriting the original volume.
>
--
Judy Warren [EMAIL PROTECTED]
Cornell Theory Center (607) 254-8792
