Mitch Collinsworth <[EMAIL PROTECTED]> writes:
Second, there is a security concern that Rick Cochran has pointed out
here before. If you happen to login to the ftp server as root, do a klog,
and leave a token owned by root laying around, all anonymous ftp users
will have access to that token until it expires (or you unlog it)!
Hi Mitch,
There is a simple way to deal with that: get a Process Authentication Group
by running pagsh then klog. That way the AFS token is only associated
with processes with that PAG _not_ with UNIX UID 0.
Alternatively, install AFS aware login which will automatically get
you the PAG on login.
See also: http://www.transarc.com/Product/AFS/FAQ/faq.html#sub2.06
--
paul http://acm.org/~mpb/homepage.html
