On Fri, 2002-08-09 at 09:27, Richard Hoffbeck wrote:

> IT manages access to the e-mail system, and so on. They've done this in 
> the belief that someone in finance, properly trained, is in a better 
> position to serve as a gatekeeper to the financial applications than 
> someone in IT.  Maybe, maybe not, we'll have to see.

Agreed. It's hard to say without lots of hard experience in it, and I
don't know of too many places really talking about the pitfalls yet. 
I've seen the pitch though.  It could be good, it could blow up badly.

> People have successfully dealt with the issue of distributed security in 
> the past. Kerberos comes to mind (I don't recall if NFS plays with 
> Kerberos or whether you need to use AFS), and the MS security model 

Theres been some hacks to NFS to support kerberos, but from what I hear
AFS is really the way to go, for now.  Does anyone else here have good
information on this subject?  I know at least one of you out there has
production AFS servers that they interact with...

VMS tho, yikes.  I'm not old enough to have worked with one of those. :)

-- 
Scott Dier <dieman at ringworld.org> http://www.ringworld.org/