[Infrastructures] user management (mixing afs,ldap,kerberos)

[Steve Traugott]

--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 12, 2005 at 11:26:16AM -0500, David Magda wrote:
> On Mar 10, 2005, at 17:50, Steve Traugott wrote:
> >My own thoughts include an opinion that Sarbanes-Oxley sections 404 and
> >802 are likely to make NFS even less appealing by comparison.
>=20
> Are there any decent documents that give a decent summary of S-O? It=20
> seems to be a fairly large concern, but since some of us are not in the=
=20
> US we may not be up on all of this.

An accurate summary is hard to define because the legislation is new,
with implications more complex than the law itself, most of which are
not fully understood by anyone, because it's anyone's guess how auditors
and courts are going to interpret much of it.  Google for it -- there's
a copy of the act at http://www.law.uc.edu/CCL/SOact/toc.html, and lots
of pundit interpretations everywhere, many of which disagree with each
other.

In some interpretations, a single phrase here or there seems to require
a sweeping change in the way IT shops do business.  The safest thing to
do is look at the act itself, compare it to the summaries and articles
floating around the net, and then (for those in the US) use all that
to make sense of what your finance folks are asking you to do.  The
hardest part about all of this, I think, is that it's forcing
finance and IT groups to talk to each other about low-level details
they've never had to talk about before, and the common terminology
isn't there.

> Would NFSv4 be of any use? The base protocol is becoming available=20
> (especially on Solaris 10), and there seems to be some interesting=20
> research going on (e.g., pNFS: http://www.pdl.cmu.edu/pNFS/ ).

I have no idea.  ;-)  I think it's going to be a few years before we
know whether NFSv4 is going to work out, or whether it's going to go the
way of NIS+.  The advantage of AFS in this case is that it's already a
coherent suite of authentication, ACLs, volume and online archive
management with server-side replication, it's so secure even root has no
ordinary access (that statement makes auditors go all gooey inside), and
it's been in mission-critical production use for years. =20

Steve
--=20
Stephen G. Traugott  (KG6HDQ)
UNIX/Linux Infrastructure Architect, TerraLuna LLC
stevegt@TerraLuna.Org=20
http://www.stevegt.com -- http://Infrastructures.Org

--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCNzMB8rKIxO1Fc9MRAsM+AKCkCHXHc5tmepvQxma6H8fQFu9+OQCglVb3
hbRbKZ16izUAg/RWE6kgH1Q=
=tKEe
-----END PGP SIGNATURE-----

--vtzGhvizbBRQ85DL--