On Wed, Jan 27, 2010 at 3:22 AM, Lars Schimmer <[email protected]> wrote: > - -no single user (person) should be identified accessing that data by > sharing organization (to see which department is fine, but not the > single persons of the accessing department) >
The AFS-3 security model _cannot_ satisfy this anonymization requirement. With the current security model, each file server must know the identity of the caller in order to perform RPC authorization. I suppose you could give them file server binaries with auditing support disabled, call back table dump support disabled, and then hope that the satellite site admins don't know enough about AFS to dissect rxkad clear packets, file server cores, or use cmdebug to make educated inferences. But then again, if they know enough to do any of that, then I suppose they also know that the KeyFile effectively gives them full control over the entire distributed infrastructure. Cheers, -Tom _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
