> I recommend using a Kerberos identity rather than an IP address. The > advantage is that while an IP address grants access to anyone who manages > to get any sort of access to that machine, the Kerberos identity requires > that they manage to read the srvtab, and in practice can limit the access > to root on that system. Slightly more secure. You don't even need access to the machine to fake the IP address. I would not recommend to use IP-ACLs because it lowers your security to something like NFS. However, I would never have _write_ permission anyway. However the fundamental problem is that the general user (if grasping the concept of ACLs) probably will remove system:backup and then whine if no backup is available. Susan's strategy of changing fs is maybee a solution for that. Harald.
- AFS backup/restore using ADSM Morris Strongson
- Re: AFS backup/restore using ADSM Hung T Pham
- Re: AFS backup/restore using ADSM Russ Allbery
- Re: AFS backup/restore using ADSM Susan Feng
- RE: AFS backup/restore using ADSM Jan Hrabe
- Re: AFS backup/restore using ADSM Susan Feng
- RE: AFS backup/restore using ADSM Brian T. Huntley
- Re: AFS backup/restore using ADSM Russ Allbery
- Re: AFS backup/restore using ADSM Harald Barth
- Re: AFS backup/restore using ADSM Russ Allbery
- Re: AFS backup/restore using ... Susan Feng
- Re: AFS backup/restore us... Nathan Neulinger
- Re: AFS backup/restore us... Harald Barth
- Re: AFS backup/restore us... Earl R Shannon
- Re: AFS backup/restore us... David Thompson
- Re: AFS backup/restore us... Harald Barth
- Re: AFS backup/restore us... David Thompson
- Re: AFS backup/restore us... Harald Barth
- OpenAFS enhancements wish... Mitch Collinsworth
