[OpenAFS-devel] Multi-User Windows 2000 Token security
Leif Johansson
leifj@it.su.se
Thu, 27 Sep 2001 08:31:44 +0200
On Wed, Sep 26, 2001 at 05:24:42PM -0700, James Peterson wrote:
>
> As others have mentioned there is a security problem with Windows 2000 in a
> multi-user environment.
>
> The only work around is, for multi-user Windows 2000 configure it so that
> all Logon require a restart.
>
If we can trust the security (?) of the local filesystem we could presumably
replace klog with kinit+afslog (I am temporarily ignoring the problems of
getting a multiuser-safe kerberos on windows) and do and afslog on each
smb session start. Would this be possible or have I just assumed someting
unrealistic, like access to windows sources... ??
MVH leifj