[452] in SIPB-AFS-requests
Re: machines in pts database?
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Tue May 14 13:00:30 1991
From: jon@MIT.EDU (Jon A. Rochlis)
To: qjb@ATHENA.MIT.EDU
Cc: jik@pit-manager.MIT.EDU, eichin@ATHENA.MIT.EDU, sipb-afsreq@ATHENA.MIT.EDU
In-Reply-To: Your message of Thu, 09 May 91 23:57:32 -0400.
Date: Tue, 14 May 91 12:59:48 EDT
I think
it's a better idea to create some magic user (say sipbafs,
afsadmin, etc.) add just add that key to the srvtab rather than
adding rcmd.arbitrary-host to the protection database.
Could you explain *why* you think it's a better idea to avoid using rcmd.foo?
If the process getting the tokens needs to run as root and have access
to the srvtab then I don't think it matters. If the process can run
as some other uid than there is value in not using rcmd, otherwise I'm
dubious.
The only other down side I see to using rcmd.foo is the extra
cryptographic exposure of the rcmd key, but that seems like pretty
minor to me.
-- Jon
