Processing .k5login (another patch)
Nicolas Williams
Nicolas.Williams at oracle.com
Wed Sep 1 17:51:56 EDT 2010
On Wed, Sep 01, 2010 at 05:29:32PM -0400, Greg Hudson wrote:
> On Wed, 2010-09-01 at 16:07 -0400, Roland C. Dowdeswell wrote:
> > It is not always appropriate for users to be able to decide who is
> > allowed to login to their accounts. I propose a krb5.conf setting
> > to disable this called ``use-k5login'' which defaults to the current
> > behaviour.
>
> I'd be interested in feedback from others on whether this knob is
> desirable.
The user can always share their password and/or krb5 creds with
others... Just sayin'.
I'd rather have an option for specifying the location of the k5login
file, so it can be moved into a location where the user cannot control
it.
Nico
--
More information about the krbdev
mailing list