[25470] in Source-Commits
Re: /svn/athena r25002 -
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Sat Mar 5 17:53:53 2011
Date: Sat, 5 Mar 2011 17:53:46 -0500 (EST)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Jonathan Reed <jdreed@MIT.EDU>
cc: source-commits@MIT.EDU
In-Reply-To: <97F63ADC-4428-4D60-B7DD-7BA4DBB33F7C@MIT.EDU>
Message-ID: <alpine.GSO.1.10.1103051753090.19944@multics.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
On Sat, 5 Mar 2011, Jonathan Reed wrote:
>>> If HOME is not in AFS, you don't get to log into the cluster machine. Setting HOME to something else is unsupported.
>>
>> Sure. We should be robust in handling such cases when possible, though (which was the whole motivation for thinking enough to send the first mail).
>>
>>>
>>> This check is here for the following case: your homedir is in a foreign cell, and you have tokens for that cell, but you let your Athena tokens expire because oyu don't need them. In that case, we still want to do a graceful logout.
>>
>> Right, that was clear. But somehow the "$afspath does not start with /afs" case feels like an error case which may or may not merit treatment other than defaulting to assuming that athena cell tokens are necessary.
>
> I don't understand what case is missing. What could HOME be set to that
> doesn't begin with /afs or /mit? And what should we do in that
> situation?
As far as I can tell, "only what some evil user sets it to". In which
case we should pkill their session with fire.
-Ben
