Sharon, thank you for your patience with me - I'm sorry if I do go on and on about this. I find the subject very intriguing, although I don't anticipate any security problems on my network.
What I am thinking about is - a user can install staf on his own desktop and then create a "false" authenticator of the same name as the real one on the servers, which gives his username trust level 5. Wouldn't that give him level 5 access to the rest of the servers? Or are the credentials sent along with the requests and validated on the other servers? I know I am going to be asked this question, so I'd like to understand it. /jan Sharon Lucas wrote: > No, you only given trust level 5 to those user ids that you want to have > trust level 5. You can only authenticate a user id if you know the > password (its credentials). > > Also, note that to perform user authentication across systems, the > authenticator must be registered as the same name on all machines where > you want to use user trust authentication. > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users
