Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesComparative Security of NFS and AFS

June 1994 / Special Report / Comparative Security of NFS and AFS

Comparative Security of NFS and AFS 



FEATURE                         NETWORK FILE SYSTEM


ARCHITECTURAL MODEL             Client/server; each file server
                                managed independently


SECURITY MECHANISMS             Based on unencrypted user IDs,
                                trusted users, and hosts


SECURITY DURING                 Users lose access to files during
RECONFIGURATION                 reconfiguration; file-system moves
                                require changes to mount point


SECURITY ADMINISTRATION         Only system administrator can set up
                                and maintain protection groups--sets
                                of users with common access rights

                                to specific groups of files


ACCESS CONTROL                  Uses standard Unix chmod command and
                                mode bits on files and directories; offers
                                only read, write, and execute rights to
                                files and directories


AVAILABILITY                    No standard data replication


INTEGRATION WITH KERBEROS       Possible, but difficult


BACKUP                          Standard Unix backup; file system
                                inactive during backup; no cloning means
                                system administrator must perform all
                                restores; can use cachefs


FILE CACHING IN LOCAL STORAGE   Constant caching of file attributes slows
                                performance on WANs


FEATURE                         ANDREW FILE SYSTEM


ARCHITECTURAL MODEL             Truly distributed; administration by
 
                                cell--file servers and clients that
                                form a logical administrative unit


SECURITY MECHANISMS             Kerberos authentication; 
                                Authentication Server process, 
                                Protection Server process


SECURITY DURING                 Reconfiguration doesn't affect users; 
RECONFIGURATION                 files are accessible during moves, and
                                filenames don't change


SECURITY ADMINISTRATION         Users can create groups


ACCESS CONTROL                  Access-control lists allow fine control
                                granularity by groups and individuals;
                                supports read, lookup, insert, delete,
                                write, lock, and administration rights;
                                applied by directory only


AVAILABILITY                    Read-only replication per volume allows

                                users to access a different replica
                                in the event of a server crash


INTEGRATION WITH KERBEROS       Integrates tightly


BACKUP                          No system downtime during backup 
                                with AFS Backup Server; volume clones
                                allow limited user-controlled restores


FILE CACHING IN LOCAL STORAGE   Automatic notification 
                                of file changes cuts unnecessary
                                network traffic
Source: Transarc Corp.
Up to the Special Report section contentsGo to previous article: How the Kerberos Protocol WorksGo to next article: The Changing World of EISSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM   Copyright 
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network