[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in kinit and afslog




On Aug 1, 2007, at 12:56 , Alf Wachsmann wrote:

> when I obtain an AFS token from my account (alfw; UID 5828) for an  
> account
> with a different Unix UID (vanilla; UID 1820), the resulting AFS  
> token has
> the wrong UID stored in it (my own instead of vanilla's) even  
> though the credential in that token belongs to the other account.

This is expected behavior.  OpenAFS's aklog does a round-trip with  
the AFS ptserver to find the correct PTS id; this isn't necessary to  
create a token, and heimdal avoids dependencies on AFS libraries  
(even to the extent of providing its own absolutely minimal AFS  
syscall wrapper), so it cheats and assumes the current uid is correct.

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH