[105] in Kerberos
Re: simpler approach to RVD-kerberos
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:28:59 1987
From Saltzer@ATHENA.MIT.EDU Sat Sep 27 19:04:58 1986
Date: Sat, 27 Sep 86 19:02:55 EDT
To: Robert L. Krawitz <rlk@ATHENA.MIT.EDU>
Subject: Re: simpler approach to RVD-kerberos integration
Cc: rlk@ATHENA.MIT.EDU, Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>,
kerberos@ATHENA.MIT.EDU, rvd-info@ATHENA.MIT.EDU, yba@ATHENA.MIT.EDU
In-Reply-To: Robert L. Krawitz <rlk@ATHENA.MIT.EDU>'s message of Sat, 27 Sep 86 14:12:00 EDT
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Originating-Client: <Saltzer-PC>
> How are
> people going to share files under these circumstances? By the obvious
> expedient of giving out their password.
I agree, that is probably what will happen. To forestall it, see below.
> Why not allow people to specify a different password for r/o spinup,
> and use the same sort of procedure? Then people at least don't have
> to give out their login password just to give other people the [bogus]
> sort of access that r/o spinup allows?
That is allowed by the existing machinery in the RVD server; the only
hitch is providing an administrative mechanism to do the change to
the database. The missing piece is an interface to the database
stored on Hector to make the change permanent. We can add that as
soon as someone gets time to code it, without touching the server.
What I would rather do is quickly design and code a simple Access
Control List server and interface so people can set their own ACL's.
We need it anyway, for all services including NFS export control.
Jerry
