[OpenAFS] eliminating non-ptserver authorization (was: "vos dump" authorization based on "bos adduser")

[Christopher D. Clausen]

Adam Megacz <megacz@cs.berkeley.edu> wrote:
> "Christopher D. Clausen" <cclausen@acm.org> writes:
>> So how would I issue bos shutdown for an entire cell, and then bos
>> startup?
>
> I guess that's the only case where this is a problem.  But how often
> does somebody without login access to any of the fileservers shut down
> an entire cell (for that matter, how often does anybody ever shut down
> an entire cell)?
>
>> Logon to one of the AFS servers so that I have access to the
>> KeyFile?  This isn't ideal in certain situations.
>
> If you are on the UserList, can't you (ab)use "bos exec" to steal the
> KeyFile anyways?

There is a --enable-bos-restricted-mode configure option.  I'm pretty 
sure that it disables bos -exec.  Maybe someone can specify what exactly 
bos restricted mode enables or disables?

<<CDC