[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug in kinit and afslog
On Aug 1, 2007, at 13:24 , Alf Wachsmann wrote:
> On Wed, 1 Aug 2007, Brandon S. Allbery KF8NH wrote:
>> On Aug 1, 2007, at 12:56 , Alf Wachsmann wrote:
>>> when I obtain an AFS token from my account (alfw; UID 5828) for
>>> an account
>>> with a different Unix UID (vanilla; UID 1820), the resulting AFS
>>> token has
>>> the wrong UID stored in it (my own instead of vanilla's) even
>>> though the credential in that token belongs to the other account.
>> This is expected behavior. OpenAFS's aklog does a round-trip with
>> the AFS ptserver to find the correct PTS id; this isn't necessary
>> to create a token, and heimdal avoids dependencies on AFS
>> libraries (even to the extent of providing its own absolutely
>> minimal AFS syscall wrapper), so it cheats and assumes the current
>> uid is correct.
> Maybe it would be better to put the principal name in the token
> instead of the potentially completely wrong UID?
I have this vague recollection of stuff checking that it starts with
"AFS ID ", and I'm not sure there is enough room after that for a
principal name (especially with an instance).
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] firstname.lastname@example.org
system administrator [openafs,heimdal,too many hats] email@example.com
electrical and computer engineering, carnegie mellon university KF8NH