[OpenAFS-devel] kuserok() checking UID ownership on afs
Jeffrey Hutzelman
jhutz at cmu.edu
Wed Feb 2 15:47:49 EST 2005
>> 1. Aquire krbtgt (forwarded or with passwd) to memory
>> 2. Setup AFS stuff (afs service ticket, token, pag) if possible
>> 3. Evaluvate .k5login
>> 4. Decide if user is OK
>> 5. Give ticket to user
>> 6. Login user into pag from above
> Its not the Kerberos code that needs bending its the login applications
> need to get credentials to access the potential home directory
> before trying to access any files in the home directory.
Unfortunately, you're both trying to solve not the problem that Troy and
Russ were actually discussing. You're trying to solve the "I can't access
the user's .k5login" problem, but the problem they were talking about is
"how can I prove that no one _except_ the user could have written to the
.k5login?".
-- Jeff
More information about the krbdev
mailing list