[OpenAFS-devel] kuserok() checking UID ownership on afs

Russ Allbery rra@stanford.edu
Thu, 03 Feb 2005 08:08:56 -0800


Douglas E Engert <deengert@anl.gov> writes:

> Those are both valid problems,

> Maybe its time to get rid of the .k5login, it has some security
> implications where a user can give access to his accounts. Some sites
> might not like this flexibility.

> The related problem I would like to solve, is I don't want to have to
> have the dot files world readable so root on a machine I am on can read
> the .k5login without a token. and don't have to play all the games of
> symlinks to a dotfile directory with rl.

Certainly, use of .k5login should be optional; we patched K4 for years
locally to allow the sysadmin to indicate that the Kerberos and local
account namespace should be assumed to be the same for some particular
realm and the .klogin file should only be checked if it exists, and I
believe that's now the default behavior in K5.

However, the functionality still needs to be there.  Use of local account
names distinct from one's Kerberos principal are in widespread use for
various reasons.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>