[2330] in Info-AFS_Redistribution
Re:
daemon@ATHENA.MIT.EDU (rick@msc.cornell.edu)
Wed Feb 9 13:05:42 1994
Reply-To: rick@msc.cornell.edu
From: rick@msc.cornell.edu
X-Originated-From: panther.msc.cornell.edu
To: rdew+@alw.nih.gov (Bob Dew)
Date: Wed, 9 Feb 1994 09:26:59 -0500 (EST)
Cc: info-afs@transarc.com (AFS Mailing List), afshelp@transarc.com
In-Reply-To: <IhJwVaW0ts4j423m07@alw.nih.gov> from "Bob Dew" at Feb 8, 94 12:14:14 pm
> The drawback to this kind of system, obviously, is
> that your AFS security becomes vulneralbe to the same breaches that NFS
> is susceptible to.
Actually, this is not at all obvious. I would like to see a careful
analysis of the additional security risks posed by the NFS translator.
I asked this list about this a while back and got nothing.
I think it may be reasonable to expect Transarc to provide this.
> I too would welcome hearing from anybody who uses this kind of setup in
> a production environment.
We do. The weak link is PC/NFS, DOS, etc.
We have placed the source for an AFS authenticating pcnfsd in
/afs/grand.central.org/pub/afs-contrib/tools/pcnfsd
Alternatively, there is PCVENUS. I have been trying unsuccessfully to
get information about this for quite a while.
--
|Rick Cochran 607-255-7223 rick@msc.cornell.edu|
|Cornell Materials Science Center rick@crnlmsc2.bitnet|
|E20 Clark Hall, Ithaca, N.Y. 14853 cornell!msc.cornell.edu!rick|
