Processing .k5login (another patch)
Russ Allbery
rra at stanford.edu
Wed Sep 1 17:34:37 EDT 2010
Greg Hudson <ghudson at MIT.EDU> writes:
> On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:
>> It is not always appropriate for users to be able to decide who is
>> allowed to login to their accounts. I propose a krb5.conf setting to
>> disable this called ``use-k5login'' which defaults to the current
>> behaviour.
> I'd be interested in feedback from others on whether this knob is
> desirable.
We maintained a somewhat related patch against MIT Kerberos 1.4 for years.
Our patch allowed us to require a .k5login to exist and remove the
fallback to krb5_aname_to_lname and username comparison. I think both
features are desirable.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list