[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in kinit and afslog

On Aug 1, 2007, at 12:56 , Alf Wachsmann wrote:

> when I obtain an AFS token from my account (alfw; UID 5828) for an  
> account
> with a different Unix UID (vanilla; UID 1820), the resulting AFS  
> token has
> the wrong UID stored in it (my own instead of vanilla's) even  
> though the credential in that token belongs to the other account.

This is expected behavior.  OpenAFS's aklog does a round-trip with  
the AFS ptserver to find the correct PTS id; this isn't necessary to  
create a token, and heimdal avoids dependencies on AFS libraries  
(even to the extent of providing its own absolutely minimal AFS  
syscall wrapper), so it cheats and assumes the current uid is correct.

brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH