[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in kinit and afslog

To: heimdal-discuss@sics.se
Subject: Re: Bug in kinit and afslog
From: Alf Wachsmann <alfw@slac.stanford.edu>
Date: Wed, 1 Aug 2007 10:24:03 -0700 (PDT)
In-Reply-To: <B5B85735-4643-46EA-A7AC-51208962273C@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <Pine.LNX.4.64.0708010947040.11782@iris01.slac.stanford.edu><B5B85735-4643-46EA-A7AC-51208962273C@ece.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Alf Wachsmann <alfw@slac.stanford.edu>

On Wed, 1 Aug 2007, Brandon S. Allbery KF8NH wrote:
> On Aug 1, 2007, at 12:56 , Alf Wachsmann wrote:
>> when I obtain an AFS token from my account (alfw; UID 5828) for an account
>> with a different Unix UID (vanilla; UID 1820), the resulting AFS token has
>> the wrong UID stored in it (my own instead of vanilla's) even though the 
>> credential in that token belongs to the other account.
>
> This is expected behavior.  OpenAFS's aklog does a round-trip with the AFS 
> ptserver to find the correct PTS id; this isn't necessary to create a token, 
> and heimdal avoids dependencies on AFS libraries (even to the extent of 
> providing its own absolutely minimal AFS syscall wrapper), so it cheats and 
> assumes the current uid is correct.

Maybe it would be better to put the principal name in the token
instead of the potentially completely wrong UID?

-- Alf.

-----------------------------------------------------------------------
   Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
   SLAC - Scientific Computing         | Phone:  +1-650-926-4802
   2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
   Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
-----------------------------------------------------------------------
                 http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------

Follow-Ups:
- Re: Bug in kinit and afslog
  - From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
- Re: Bug in kinit and afslog
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Bug in kinit and afslog
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

References:
- Bug in kinit and afslog
  - From: Alf Wachsmann <alfw@slac.stanford.edu>
- Re: Bug in kinit and afslog
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: Bug in kinit and afslog
Next by Date: Re: Bug in kinit and afslog
Prev by thread: Re: Bug in kinit and afslog
Next by thread: Re: Bug in kinit and afslog
Index(es):
- Date
- Thread