[16224] in Kerberos_V5_Development
Re: Processing .k5login (another patch)
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Wed Sep 1 17:53:48 2010
Date: Wed, 1 Sep 2010 16:51:56 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20100901215156.GN1198@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1283376572.5992.1047.camel@ray>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Wed, Sep 01, 2010 at 05:29:32PM -0400, Greg Hudson wrote:
> On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:
> > It is not always appropriate for users to be able to decide who is
> > allowed to login to their accounts. I propose a krb5.conf setting
> > to disable this called ``use-k5login'' which defaults to the current
> > behaviour.
>
> I'd be interested in feedback from others on whether this knob is
> desirable.
The user can always share their password and/or krb5 creds with
others... Just sayin'.
I'd rather have an option for specifying the location of the k5login
file, so it can be moved into a location where the user cannot control
it.
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
