[OpenAFS] Linux: systemctl --user vs. AFS
Jonathan Billings
jsbillin@umich.edu
Fri, 9 Mar 2018 15:00:40 -0500
--94eb2c0ca7c42bd0960567003fd1
Content-Type: text/plain; charset="UTF-8"
On Fri, Mar 9, 2018 at 2:24 PM, Garance A Drosehn <drosih@rpi.edu> wrote:
> Chances are very good that most administrators won't really understand
> the security issues. Or maybe THEY will understand, but their users
> will not. And then the users will get into weird problems with no
> understanding of what is causing the problem.
>
Heck, the systemd maintainers don't understand the security issues. The
"how does crond work then" question is common. Sad thing is, using NFSv4
with krb5 security suffers from the same problem, is in the Linux kernel
and supported by most distros, and yet breaks in mostly the same way.
--
Jonathan Billings <jsbillin@umich.edu>
College of Engineering - CAEN - Unix and Linux Support
--94eb2c0ca7c42bd0960567003fd1
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>On Fri, Mar 9, 2018 at 2:24 PM, Garance A Drosehn <sp=
an dir=3D"ltr"><<a href=3D"mailto:drosih@rpi.edu" target=3D"_blank">dros=
ih@rpi.edu</a>></span> wrote:=C2=A0</div><blockquote class=3D"gmail_quot=
e" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204)=
;padding-left:1ex">Chances are very good that most administrators won't=
really understand<br>
the security issues.=C2=A0 Or maybe THEY will understand, but their users<b=
r>
will not.=C2=A0 And then the users will get into weird problems with no<br>
understanding of what is causing the problem.<br></blockquote><div class=3D=
"gmail_extra"><br></div><div class=3D"gmail_extra">Heck, the systemd mainta=
iners don't understand the security issues.=C2=A0 The "how does cr=
ond work then" question is common.=C2=A0 Sad thing is, using NFSv4 wit=
h krb5 security suffers from the same problem, is in the Linux kernel and s=
upported by most distros, and yet breaks in mostly the same way.<br clear=
=3D"all"></div><div class=3D"gmail_extra"><br>-- <br><div class=3D"gmail_si=
gnature" data-smartmail=3D"gmail_signature">Jonathan Billings <<a href=
=3D"mailto:jsbillin@umich.edu" target=3D"_blank">jsbillin@umich.edu</a>>=
<br>College of Engineering - CAEN - Unix and Linux Support<br><br></div>
</div></div>
--94eb2c0ca7c42bd0960567003fd1--