Excerpts from mail: 9-May-95 Re: Reaching AFS from a chr..
[EMAIL PROTECTED] (852*)
> If anyone _ever_ happens to login via some method which does not generate
> a PAG, and then klogs and forgets to unlog when they logout, ftpd will
have your tokens until they expire.
You can start your ftp daemon from within a PAG shell
(#!/usr/afsws/bin/pagsh), then use "reauth" (from the AFS contrib
binaries) to keep "ftp" tokens alive. Then anonymous ftp users will run
"authenticated" as AFS user "ftp".
This circumvents the possibility of ftp users stealing left-over root
shell tokens, and it allows you to place ACLs (other than
system:anyuser) on the ftp directory tree.
-Bob
