Processing .k5login (another patch)
Russ Allbery
rra at stanford.edu
Wed Sep 1 18:49:57 EDT 2010
"Roland C. Dowdeswell" <elric at imrryr.org> writes:
> On Wed, Sep 01, 2010 at 03:35:41PM -0700, Russ Allbery wrote:
>> Can that support the case where multiple principals are authorized to
>> log on to the local account? The use case I have in mind are for
>> things like the oracle account.
> Yes. The BDB is a hash of principal to local name. Local name
> can be the same for multiple principals.
The common scenario here is for all the DBAs to have their own individual
accounts on the system with their individual .k5login files, plus all have
access to the oracle account via .k5login. Maybe it's a failure of the
imagination, but I don't see how any hash of one value to one other value
would work for that. I think multiple values would have to be allowed.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list