[OpenAFS-devel] Jaguar: Loginwindow - pam - getting there
Derek Atkins
warlord@MIT.EDU
01 Oct 2002 18:03:29 -0400
Depends on your threat model. It means someone can gain access as a
local user (probably non-root) provided they can send a fake AS_REP to
"themselves". If you also compare to a local passwd/shadow entry
then there is no security hole.
-derek
Josh Huber <huber+keyword+openafs-devel.8b4f6e@alum.wpi.edu> writes:
> Alexei Kosut <akosut@stanford.edu> writes:
>
> > P.S. With Mac OS X 10.2.1, you can use "krb5auth:authnoverify"
> > instead of "krb5auth:authenticate" in /etc/authorization to enable
> > Kerberos authentication without needing to have a keytab installed.
>
> This seems like a bad idea...doesn't it?
>
> --
> Josh Huber
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available