[3566] in testers


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

klogind/kshd vs. /etc/athena/access

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 10 11:05:29 1998

Date: Wed, 10 Jun 1998 11:05:19 -0400
From: Greg Hudson <ghudson@MIT.EDU>
To: testers@MIT.EDU

Right now klogind and kshd authenticate and authorize the user just
with a call to krb5_kuserok().  This has some bad consequences:

	* If a user has remote access according to /etc/athena/access
	  but is not listed in the passwd file, they can't log in.
	* If a user does not have remote access according to
	  /etc/athena/access but is listed in the passwd file, they
	  can log in.

At the very least, we need to fix the second problem.  There are
several things we can do about this; I'll send a proposed patch with
some alternatives soon.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3566] in testers

klogind/kshd vs. /etc/athena/access

daemon@ATHENA.MIT.EDU (Greg Hudson)Wed Jun 10 11:05:29 1998

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 10 11:05:29 1998