[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in kinit and afslog

On Wed, 1 Aug 2007, Brandon S. Allbery KF8NH wrote:
> On Aug 1, 2007, at 12:56 , Alf Wachsmann wrote:
>> when I obtain an AFS token from my account (alfw; UID 5828) for an account
>> with a different Unix UID (vanilla; UID 1820), the resulting AFS token has
>> the wrong UID stored in it (my own instead of vanilla's) even though the 
>> credential in that token belongs to the other account.
> This is expected behavior.  OpenAFS's aklog does a round-trip with the AFS 
> ptserver to find the correct PTS id; this isn't necessary to create a token, 
> and heimdal avoids dependencies on AFS libraries (even to the extent of 
> providing its own absolutely minimal AFS syscall wrapper), so it cheats and 
> assumes the current uid is correct.

Maybe it would be better to put the principal name in the token
instead of the potentially completely wrong UID?

-- Alf.

   Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
   SLAC - Scientific Computing         | Phone:  +1-650-926-4802
   2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
   Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
                 http://www.slac.stanford.edu/~alfw (PGP)