OpenAFS CVS Commit: openafs/src/auth by shadow
cvs@penn.central.org
cvs@penn.central.org
Mon, 14 May 2001 18:56:34 EDT
Update of /usr1/cvs/openafs/src/auth
In directory penn.central.org:/usr0/build/openafs/openafs/src/auth
Modified Files:
userok.c
Log Message:
DELTA afs-superuser-foreign-realm-checks-20010514
AUTHOR nneul@umr.edu
This rewrite cleans up the code a bit, removes any athena specific
references (not needed anymore in this version), and adds support for
multi realm management of afs servers (you can now specify
"admin@OTHERREALM" in your userlist).
Code now checks as follows:
tname
tinst - remote user info from conn
tcell
lcell - local cell
lrealm - local realm (defaults to lcell if not avail)
if no remote cell or instance
allow localauth
if the cell of the remote connection matches local cell or local realm
if not tinst
allow if tname in UserList
if tinst
allow if tname.tinst in UserList
if cell doesn't match local cell or realm
if not tinst
allow if tname@cell in UserList
allow if tname@CELL in UserList
if tinst
allow if tname.tinst@cell in UserList
allow if tname.tinst@CELL in UserList
modified per openafs-devel discussion such that krb5 versions (/tinst
rather than .tinst) code path disabled for now
DELTA some-name-yyyymmdd
AUTHOR contributor@some.site
--- DELTA config follows ---
afs-superuser-foreign-realm-checks-20010514 openafs/src/auth/userok.c 1.3 1.4