[OpenAFS] token theft under XP

[Charles Clancy]

Scenario:
1. domain user 'x' logs in, gets tokens
2. 'x' logs out
3. local machine administrator goes in and creates local user 'x'
4. log in as local user 'x'
5. local user has access to the token and drive mappings obtained by the
   domain user

The seriousness of this could easily be argued away, but perhaps it could
be solved by associating tokens with one's fully qualified username (i.e.
DOMAIN\username or COMPUTER\username).

Just a thought.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]