capaths questions
Douglas E. Engert
deengert at anl.gov
Tue May 18 12:40:21 EDT 2004
Nicolas Williams wrote:
>
> It's actually quite simple since most folk will get by with a default
> rule allowing for any transited path and those who don't will generally
> have a few such rules.
>
This is a big security hole if they accept any path, in effect that
are not testing the transited path!
The point is that they should only accept one (or a few) trusted paths.
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krbdev
mailing list