[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: API differences between Heimdal and MIT

Juha Jäykkä <juhaj@iki.fi> writes:

> I understand your view, but cannot agree. If match_local_principals()
> succeeds I think there is no reason to block the user just because
> .k5login is *inaccesible* (if it's empty, but readable, I agree: block the
> user). 

You can't have both. Suppose I can trick your fileservers to be
unavailable for a some time -- it's then possible to login even though
I'm not allowed to.

Maybe this should be configurable.