[16223] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Processing .k5login (another patch)

daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Sep 1 17:34:40 2010

From: Russ Allbery <rra@stanford.edu>
To: "krbdev\@mit.edu" <krbdev@mit.edu>
In-Reply-To: <1283376572.5992.1047.camel@ray> (Greg Hudson's message of "Wed, 
	01 Sep 2010 17:29:32 -0400")
Date: Wed, 01 Sep 2010 14:34:37 -0700
Message-ID: <87aao1up02.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Greg Hudson <ghudson@MIT.EDU> writes:
> On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:

>> It is not always appropriate for users to be able to decide who is
>> allowed to login to their accounts.  I propose a krb5.conf setting to
>> disable this called ``use-k5login'' which defaults to the current
>> behaviour.

> I'd be interested in feedback from others on whether this knob is
> desirable.

We maintained a somewhat related patch against MIT Kerberos 1.4 for years.
Our patch allowed us to require a .k5login to exist and remove the
fallback to krb5_aname_to_lname and username comparison.  I think both
features are desirable.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16223] in Kerberos_V5_Development

Re: Processing .k5login (another patch)

daemon@ATHENA.MIT.EDU (Russ Allbery)Wed Sep 1 17:34:40 2010

daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Sep 1 17:34:40 2010