[OpenAFS-port-darwin] krb5 aklog.loginlogout ?
Eric Knauel
knauel@informatik.uni-tuebingen.de
Fri, 18 Jun 2004 13:35:30 +0200
--=-=-=
On Fri 18 Jun 2004 12:29, Sebastian Hagedorn <Hagedorn@uni-koeln.de> writes:
> --On Freitag, 18. Juni 2004 11:30 Uhr +0200 Eric Knauel
> <knauel@informatik.uni-tuebingen.de> wrote:
>
>>> Bah, just build openssh with krb5 support directly. Don't go out of
>>> your way to find problems.
>>
>> That would be too easy: In that setting there is now way to restrict
>> who can log on to my machine since it is configured to use NIS as a
>> user database. So, any NIS-user who obtains a Kerberos ticket can log
>> in via ssh.
>
> Really? Is the setting of AllowUsers in /etc/sshd_config ignored?
> That's what I use ...
I don't know. I'm not using AllowUsers/AllowGroups, because all
privileges of users are specified using netgroup not group NIS maps,
thus AllowUsers/AllowGroups doesn't help, unfortunatly.
-Eric
--
"Excuse me --- Di Du Du Duuuuh Di Dii --- Huh Weeeheeee" (Albert King)
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQBA0tOHbkvG5P2GZTMRAscEAJ9Rx7dHgoCejkTe72dyBe6rWH8K8gCdG/25
QFa3li6GRq7nEEoNup5Pa/M=
=/zAY
-----END PGP SIGNATURE-----
--=-=-=--