[3771] in Athena Bugs
login, xlogin let's non-active users login
daemon@ATHENA.MIT.EDU (Mark Rosenstein)
Mon Dec 4 10:58:48 1989
Date: Mon, 4 Dec 89 10:58:30 -0500
From: Mark Rosenstein <mar@MIT.EDU>
To: bugs@MIT.EDU, testers@MIT.EDU
Cc: accounts@MIT.EDU
We just deactivated a bunch of user accounts, and now I've discovered
that they are still allowed to log in on both 6.3B and 6.4A
workstations.
A deactivated user has no hesiod information, but still has a kerberos
principal. The bug is that when hes_getpwnam returns NULL, login
doesn't check to see if it's a network error (unable to get info on
this user) or if that user really isn't there. So it creates an entry
for the user with UID 200, and lets them continue with a temporary
directory. It should use hes_error() and check for HES_ER_NOTFOUND,
and not let them log in if hesiod authorativly says that they don't
have a password entry.
-Mark
