[OpenAFS-devel] How can this happen, and how can I fix it...

[Nathan Neulinger]

"Robertson, Jason V" wrote:
> I've written an RPC service extension to Samba that allows you to klog
> through a GUI interface from Windows.  It works fine, but for one odd quirk
> - WTS
> machines use one process, so user's seem to be able to "see" (_but_!! not
> use !!) other users' tokens.

I assume you are doing klog/krb stuff alongside the samba connection so
that the plaintext password or token is not passed cleartext over the
samba connection? If so, how are you authenticating the initial samba
connection, and what mechanism are you using to transmit the
token/ticket? If you're just sending the ticket directly over RPC that
really isn't gaining you much over sending the password clear.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216