On 27/11/12 20:54, Rick Brode wrote:
> Michael,
>
> Either syntax is valid. However, the "user=???,host=???" syntax is a
> bit more precise and is what EMC recommends.
>
The "user@host" format is ambiguous and hence less secure. If you look
at the various attributes available you will find that you can also
specify groups and domains in the format, so by specifying exactly what
you mean you avoid the possibility of security breaches by someone
creating a group with the same name as a user, or a domain with the same
name as a machine, or other such possibilities.
|