hm. interesting issues. First to address will be authentication I think. If users do not have principal accounts in your realm, you will need to some way to create a cross realm trust with their kerberos realm. Then you can use cross realm principals to for authorization.
Second, proper authorization and good path schemes will make it easy to make sure nobody can read stuff they are not supposed to read. File drawers may work well becuase if the user is only authorized to 'list' folder contents and not read folder contents, they can navigate to where they are authorized to read folder contents. Third, the openafs client is very stable and likely not much different to use that sftp or something similar. It will present a consistent interface for everyone so its advantages may outweigh having to install the client. Finally, if the remote users don't have some kind of kerboros infrastructure (MIT, Hiemdal, Active Directory)-- you may be out of luck. On Tue, Jan 27, 2009 at 5:53 AM, Lars Schimmer <[email protected]>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > The users of my department wants a "easy" way to exchange files with > poeples not running a AFS client. > > Has anyone a idea of what works best for it? > > I first thaught about filedrawers - but it does not fit perfect. > One point: I cannot limit filedrawers to a special path of the cell, or? > E.G. filedrawers should only be able to reach all dirs under > /afs/cgv.tugraz.at/filedrawers/ and no other paths of the cell. > Another point: users without account at our cell, how do they get files > and maybe upload files for a special user? > > Maybe I want a perfect solution and it is yet not available... > FTP is already applied, but upload is a problem and "personal" files for > users outside, to be secured by a password... > > > MfG, > Lars Schimmer > - -- > - ------------------------------------------------------------- > TU Graz, Institut für ComputerGraphik & WissensVisualisierung > Tel: +43 316 873-5405 E-Mail: [email protected] > Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkl/A7cACgkQmWhuE0qbFyPjHACdGRO4P65ikf6eebgZFcpmOwH3 > oZgAoJEQ2qt29MgtLdMkUGgJjuJ7hw2T > =wYDr > -----END PGP SIGNATURE----- > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > -- David Bear College of Public Programs at ASU 602-464-0424
