Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How secure is AFS (Andrew File System)?
Special Forums Cybersecurity How secure is AFS (Andrew File System)? Post 302349130 by apprentice on Monday 31st of August 2009 07:29:20 AM
Old 08-31-2009
How secure is AFS (Andrew File System)?
Dear all,

I am instructed to use a licensed software on network. There are several ways of doing it, one of which includes using AFS, getting modules, etc.

I am not so sure about the security. I would not like the situation where people actually can see my data. Being an apprentice, I need your suggestions and wisdom about using AFS.

Thanks!

apprentice
 

4 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

Mounting AFS drive

I have an old amiga IDE drive that I wish to read. Its formated in FFS and I understand I can mount this under linux as an AFS filesystem. The drive is already installed in the PC. Can anyone explain in newbie terms the steps t mounting and reading this drive? Thanks (1 Reply)
Discussion started by: SocketSlave
1 Replies

2. Shell Programming and Scripting

question on afs

Hi, can someone please help me with one problem? I have a script on local file system. This script is called by cron and calls other script which is on AFS file system. Everything works as it was expected with one exception. In /usr/spool/name/my-userid I can see the messages: 3004-614... (0 Replies)
Discussion started by: Anta
0 Replies

3. Solaris

Secure FTP Problem using Sun SSH on Client system F-Secure on Server system

I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details: FTP Client has Sun SSH. FTP Server has F-Secure. I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies

4. Red Hat

Disable copying secure key's to remote system

Hi, We all know as we can connect remote system through ssh without entering username and password by copy the public key to remote host using ssh-copy-id. But my query is to i want to restrict the user as do not implement this feature.Whenever he is trying to login, he has to enter his/her... (1 Reply)
Discussion started by: mastansaheb
1 Replies

LEARN ABOUT DEBIAN

krb.excl

KRB.EXCL(5)							AFS File Reference						       KRB.EXCL(5)

NAME

       krb.excl - Lists exclusions for mapping kerberos principals to AFS identities

DESCRIPTION

       /etc/openafs/server/krb.excl is an optional file that resides on an OpenAFS server and is used to list exceptions to the algorithm of
       mapping kerberos principals to AFS identities. It contains the name of one or more principals; each principal should be on a line by
       itself. If a principal appears in this file, that principal will never be recognized by an OpenAFS server as a local identity, even if the
       realm is specified as a local realm in krb.conf(5).

       The principal names specified in this file must include the realm, and should be in Kerberos 4 format. That is, specify "user.inst@REALM",
       not "user/inst@REALM", "user.inst", nor "user/inst".

RATIONALE

       It is possible to use the krb.conf(5) configuration file to specify that multiple Kerberos realms can be considered `local' realms by
       OpenAFS fileservers, and those realms can be used nearly interchangeably. A site may list "FOO.EXAMPLE.COM" and "BAR.EXAMPLE.COM" to allow
       users to access AFS by using Kerberos tickets from either "FOO.EXAMPLE.COM" or "BAR.EXAMPLE.COM", and be treated as AFS users local to that
       cell.

       In many setups, one realm is really a `local' realm that is managed by the AFS administrators, and another `foreign' realm is specified in
       krb.conf that is managed by someone else, but in the same organization.	In such a case, the principal names for users are the same, so
       users should be able to use either realm to authenticate to AFS.  However, the principals for administrators are not the same between the
       two realms, and so the administrators in the `foreign' realm should not be considered AFS administrators. Specifying the administrator
       principals in the `foreign' realm prevents this, but still allows users to use either realm.

EXAMPLES

       The realms "FOO.EXAMPLE.COM" and "AD.EXAMPLE.COM" are configured to both be local realms, but "AD.EXAMPLE.COM" should not be used by AFS
       administrators. The AFS administrators are "admin" and "smith.admin".  krb.excl contains:

	  admin@AD.EXAMPLE.COM
	  smith.admin@AD.EXAMPLE.COM

       Now if someone authenticates with tickets for "smith/admin@AD.EXAMPLE.COM", they will not be recognized as the "smith.admin" AFS identity.
       However, "smith@AD.EXAMPLE.COM" will be treated as the "smith" AFS identity, and "smith/admin@FOO.EXAMPLE.COM" will still be treated as
       "smith.admin".

SEE ALSO

       krb.conf(5)

COPYRIGHT

       Copyright 2010 Sine Nomine Associates

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Andrew Deason for
       OpenAFS.

OpenAFS 							    2012-03-26							       KRB.EXCL(5)
All times are GMT -4. The time now is 03:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy