[1407] in SIPB-AFS-requests
Modified fileserver for Decstations
daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Mon Jun 6 11:04:46 1994
From: ghudson@MIT.EDU
Date: Mon, 6 Jun 94 11:04:33 -0400
To: sipb-afsreq@MIT.EDU
Cc: sss-dev@MIT.EDU, mhbraun@MIT.EDU
The AFS file server that Athena and SIPB are running contains a
modification Richard Basch made to close a security hole with extreme
prejudice. This prevents stock Transarc AFS clients from writing to
volumes in the athena, sipb, or zone cells. Because SunOS only has
stock Transarc AFS (to my knowledge), this is a problem for that
operating system.
Richard has come up with a server modification that allows stock
clients to write to the servers without (I assume) reopening the
security hole. Richard has tested it, Matt Braun has deployed it on
one Athena server (acheron), and I've had no problems using it for
builds in the Athena cell from a SunOS machine.
I'd like to install this on ronald-ann at some point in the near
future, to make it easier to do SunOS builds in the SIPB cell. This
would create a very short outage (just a 'bos restart'), and involves
a fairly minimal risk.
Comments? We may want to wait until Matt Braun is satisfied that the
file server is good enough for the Athena cell.
--GBH
