[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in kinit and afslog

To: heimdal-discuss@sics.se, Alf Wachsmann <alfw@slac.stanford.edu>
Subject: Re: Bug in kinit and afslog
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Wed, 1 Aug 2007 11:15:37 -0700
In-Reply-To: <Pine.LNX.4.64.0708011038080.11782@iris01.slac.stanford.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <200708011729.l71HTNKx002491@ginger.cmf.nrl.navy.mil> <Pine.LNX.4.64.0708011038080.11782@iris01.slac.stanford.edu>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

What's the status of libkopenafs?  IIRC Russ Allbery (just down hill  
from you) was working on getting Heimdal's libkafs generalized for  
inclusion in the AFS tree (or maybe he was trying to add the kafs API  
to the aklog code).  If you *know* you have the pt* calls available  
then it's not hard to put the right calls in libkafs place to fix the  
label.

I think my current position is that the token shouldn't list a UID  
unless it got it from AFS.  For libkafs that means it should leave it  
blank unless it was told by the caller (e.g. ftpd) tells it what UID  
to include.  I have flip-flopped on this point a several times over  
the last couple of years however.

On Aug 1, 2007, at 10:41 AM, Alf Wachsmann wrote:

> On Wed, 1 Aug 2007, Ken Hornstein wrote:
>>> Maybe it would be better to put the principal name in the token
>>> instead of the potentially completely wrong UID?
>>
>> I hate to ask ... why do you care what UID is in there?  It was  
>> only used
>> by one piece of software that I know of (the Andrew Mail System).
>
> I hope none of our scripts/software cares - but users do, incl.  
> myself.
>
> It is really irritating to look at your AFS token and see a UID that
> you don't expect. In most cases a user would not even try to use such
> a token because it is "just wrong".
>
> -- Alf.
>
> ---------------------------------------------------------------------- 
> -
>   Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
>   SLAC - Scientific Computing         | Phone:  +1-650-926-4802
>   2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
>   Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
> ---------------------------------------------------------------------- 
> -
>                 http://www.slac.stanford.edu/~alfw (PGP)
> ---------------------------------------------------------------------- 
> -

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

References:
- Re: Bug in kinit and afslog
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
- Re: Bug in kinit and afslog
  - From: Alf Wachsmann <alfw@slac.stanford.edu>

Prev by Date: Re: Problem with OpenSSH
Next by Date: Re: Bug in kinit and afslog
Prev by thread: Re: Bug in kinit and afslog
Next by thread: Re: Bug in kinit and afslog
Index(es):
- Date
- Thread