Presented without comment
Because Xsan is simply another file system, it adheres to the file system permissions built into Mac OS X, including permissions established in a central LDAP directory. Whether you use Open Directory, Active Directory, or another enterprise LDAP service,
Xsan accesses information in the directory accounts that you have in placemaking it easy to share permissions across computers.
You can use Xsan administration tools to set user and group permissions, as well as
access privileges, at several levels:
Restrict user access to folders on a volume by specifying owner, group, and general
Unmount a SAN volume from selected client computers.
Restrict a client computer to read-only access to a volume.
Remove a client from a SAN.
Can a user be a member of more than one group?
Can a computer be a member of more than one computer list?
mail – allowed mail to be sent to list
Finder – Some limits, simple finder
– open all sys prefs, modify dock, administer printers, born CDs, allow supporting programs, change password
– set which apps can be opened
ichat – allow user to chat with (list)
Safari – must be logged in with that account to edit the sites list
Dictionary – on/off (when set to on, profanities can be used in dictionary)
that the IP ranges for each protcol do not overlap
MS-CHAPv2 supported by default
Other authentication methods can be used with advanced configuration.
NAT: network address translation
also known as IP masquerading or IP aliasing