[16222] in Kerberos_V5_Development
Re: Processing .k5login (another patch)
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Sep 1 17:29:35 2010
From: Greg Hudson <ghudson@mit.edu>
To: "Roland C. Dowdeswell" <elric@imrryr.org>
In-Reply-To: <20100901200750.GC10719@mournblade.imrryr.org>
Date: Wed, 01 Sep 2010 17:29:32 -0400
Message-ID: <1283376572.5992.1047.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:
> It is not always appropriate for users to be able to decide who is
> allowed to login to their accounts. I propose a krb5.conf setting
> to disable this called ``use-k5login'' which defaults to the current
> behaviour.
I'd be interested in feedback from others on whether this knob is
desirable.
I did notice an apparent error in the patch:
> + if (!krb5_aname_to_localname(ctx, princ, sizeof(kuser), kuser))
> + return FALSE;
> +
> + if (!strcmp(kuser, luser))
> + return TRUE;
Isn't that first conditional backwards?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
