Unfortunately your security model does not match that of AFS. You can RUNAS a user other than the logged in user, but the person executing the RUNAS will need to know a valid username and password for a Windows account. In addition, before the RUNAS session can access to non-system:anyuser areas of AFS, it will need to obtain an AFS token that will in turn also require a username and password.
Where do you plan to store the usernames and passwords that are required such that the user is unable to obtain them and simply access AFS themselves? Jeffrey Altman acemi wrote: > Jeffrey and Frank > thank you for your quick replies > > >> AFAIK this is not possible but why would you want to do that? It's >> "Security throug Oscurity" (aka "The Windows Way" ;-) ). > >> A wise man once said, "Security through obscurity is worse than no >> security at all". > > I want that my windows users can access the files through a custom > application, not directly. And I think that if I prevent users to browse > the directory and only the custom application knows the names of files, > it'll be OK. > > But as you say, this is not a good solution, so I try to find another > solution. My new solution is to run my application with RunAs in a > sandbox. This application access the files in AFS cache as a special > user. I want to ask that the administrator of the windows machine can > access the files in AFS cache which belongs to this special user when > the application is running? > > > Thanks > acemi > > > > _______________________________________________ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info
begin:vcard fn:Jeffrey Altman n:Altman;Jeffrey org:Secure Endpoints Inc. adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States email;internet:[EMAIL PROTECTED] title:President tel;work:+1 212 769-9018 x-mozilla-html:TRUE url:http://www.secure-endpoints.com version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature