On Fri, Feb 6, 2009 at 22:21, Dirk Heinrichs <[email protected]> wrote: > Am Freitag, 6. Februar 2009 21:45:02 schrieb Christof Hanke: > >> Sorry, but I think you see this from the wrong angle. >> The point I think here is to protect sensitive data even against admins, >> the guys who can read /vicep* anyway... > > What prevents an admin from loggin in on the client machine to read the data > while the volume is mounted?
To do that the admin has to have a valid user on the client machine. The client and the server do not have to be administered by the same people. The users real and the servers kerberos realm might not even be the same realm. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
