[OpenAFS] home on afs woes
Wed, 04 Jan 2006 13:36:03 -0800
Jeffrey Altman <email@example.com> writes:
> Processing of the .k5login file is not an authentication operation, it
> is an authorization operation. Therefore, it is perfectly reasonable
> for the client to mutually authenticate with a server, forward a ticket
> and then have access rejected due to an authorization failure.
Hm, yes, that's a good point.
Okay, I withdraw my objection about how this works with OpenSSH
forwarding; my only concern is for how to do the right thing in PAM
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>