[3792] in testers
al_login_allowed backwards incompatibility
daemon@ATHENA.MIT.EDU (James M. Kretchmar)
Thu Jul 16 15:34:32 1998
To: testers@MIT.EDU
Date: Thu, 16 Jul 1998 15:34:22 EDT
From: "James M. Kretchmar" <kretch@MIT.EDU>
Don't know if this is something you want to fix or not, but I thought
I'd mention it anyway.
There's a kind of backwards incompatibilty introduced by the fact that
al_login_allowed only sets int *local_acct (it's thrid arguemnt) high
if the user is root or the user is marked as local (L) in an
/etc/athena/access file. Older programs would allow users in the
passwd file to potentially be local users. Newer programs that use
al_login_allowed will be told that the user is not local if no
/etc/athena/access file has been created. The result is that some
programs on systems that have local users in the passwd file but have
not added an /etc/athena/access file will fail to allow local user
access. The only example of this I've run across so far is that sshd
will not allow local user logins without an /etc/athena/access file.
Perhaps local_acct should be also be set high under other conditions.
Nathanw asked me what I thought a good hueristic would be ... in the
couple of seconds I thought about it I suggested that a user in the
passwd file who either doesn't have hesiod information or whose uid
from the hesiod passwd entry does not match the uid in the passwdfile
might be considered local. Of course if backwards compatibilty is
really the goal then whatever the old hueristics were should be used
... (filesystem the homedir is on? that's not too good though ...)
kretch
