Processing .k5login (another patch)
Greg Hudson
ghudson at MIT.EDU
Wed Sep 1 17:29:32 EDT 2010
On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:
> It is not always appropriate for users to be able to decide who is
> allowed to login to their accounts. I propose a krb5.conf setting
> to disable this called ``use-k5login'' which defaults to the current
> behaviour.
I'd be interested in feedback from others on whether this knob is
desirable.
I did notice an apparent error in the patch:
> + if (!krb5_aname_to_localname(ctx, princ, sizeof(kuser), kuser))
> + return FALSE;
> +
> + if (!strcmp(kuser, luser))
> + return TRUE;
Isn't that first conditional backwards?
More information about the krbdev
mailing list