[16244] in Kerberos_V5_Development
Re: Processing .k5login (another patch)
daemon@ATHENA.MIT.EDU (Roland C. Dowdeswell)
Thu Sep 2 19:20:22 2010
Date: Fri, 3 Sep 2010 00:20:55 +0100
From: "Roland C. Dowdeswell" <elric@imrryr.org>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20100902232055.GC15284@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20100902231740.GA15284@mournblade.imrryr.org>
Cc: Russ Allbery <rra@stanford.edu>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, Sep 03, 2010 at 12:17:40AM +0100, Roland C. Dowdeswell wrote:
>
> Defining types to be:
>
> NONE nothing.
> FILE simple file from argument
> ANAME2LNAME use krb5_aname_to_lname() to see if it matches
> KDB use a KDB looking for an entry of the form
> principal\0luser
> with a key of ``1'' indicating yes
>
> with this, the current behaviour would be defined to be:
>
> k5login = FILE:%h/.k5login
> k5login = ANAME2LNAME
>
> (roughly, because currently it looks like if ~/.k5login exists but is
> not owned by the right people the ANAME2LNAME is short-circuited.)
I didn't make it clear in this e-mail: I think that something like
ANAME2LNAME as a type is required to subsume current semantics and
I think that it would be better to be explicit about how it is
evaluated rather than just falling back on ANAME2LNAME lookups in
some of the cases where the files are not found (the current
behaviour.)
--
Roland Dowdeswell http://Imrryr.ORG/~elric/
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
