[OpenAFS-devel] kuserok() checking UID ownership on afs

Douglas E. Engert deengert at anl.gov
Wed Feb 2 10:12:56 EST 2005

Harald Barth wrote:
>>Would you accept any changes in this area to check if the file
>>is in AFS, and not check the ownership?
>>like if (strncmp(path,"/afs",4) ...
> If you do something like krb_afslog_*_() and then succeed to open
> .klogin for writing it would convince me that the user has enough
> rights without guessing what file system type .k5login is on.

Two points:

This assumes that there is already an AFS token. the .k5login (and
other dot files) have always been in a chicken and egg situation.
You don't get tickets and AFS tokens until you are allowed to login.
I wish the token could be obtained and then used by root to access
the potential home directory.

It then places AFS code in to the kuserok routines, but you may
want to use the same binaries or vendor distributed binaries on machines
without AFS.

> Harald.


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list