[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: API differences between Heimdal and MIT

> > I understand your view, but cannot agree. If match_local_principals()
> > succeeds I think there is no reason to block the user just because
> > .k5login is *inaccesible* (if it's empty, but readable, I agree: block
> You can't have both. Suppose I can trick your fileservers to be
> unavailable for a some time -- it's then possible to login even though
> I'm not allowed to.

Err..? I don't quite see how this could happen. Should
match_local_principals() not take care of that? What is it for if not
exactly this?

Or, with little more thinking, do you mean a scenario, where ~foo/.k5login
would disallow user "foo" from logging into the machine? In this - and as
far as I understand ONLY this - situation, would a non-accessible .k5login
allow a login which would otherwise be disallowed. Am I correct?

I suppose some sites may want to disallow users from logging into their
own accounts on a machine-to-machine basis (otherwise just disabling the
whole account would be the correct way to go anyway), but we do not desire
that behaviour, so we will be fine with EACCES behaving the same as
ENOENT. I understand, though, that this may not be convincing enough to
implement the change in stock-Heimdal. =)


                | Juha Jäykkä, juolja@utu.fi			|
		| Laboratory of Theoretical Physics		|
		| Department of Physics, University of Turku	|
                | home: http://www.utu.fi/~juolja/              |

PGP signature