Processing .k5login (another patch)
Roland C. Dowdeswell
elric at imrryr.org
Thu Sep 2 19:20:55 EDT 2010
On Fri, Sep 03, 2010 at 12:17:40AM +0100, Roland C. Dowdeswell wrote:
>
> Defining types to be:
>
> NONE nothing.
> FILE simple file from argument
> ANAME2LNAME use krb5_aname_to_lname() to see if it matches
> KDB use a KDB looking for an entry of the form
> principal\0luser
> with a key of ``1'' indicating yes
>
> with this, the current behaviour would be defined to be:
>
> k5login = FILE:%h/.k5login
> k5login = ANAME2LNAME
>
> (roughly, because currently it looks like if ~/.k5login exists but is
> not owned by the right people the ANAME2LNAME is short-circuited.)
I didn't make it clear in this e-mail: I think that something like
ANAME2LNAME as a type is required to subsume current semantics and
I think that it would be better to be explicit about how it is
evaluated rather than just falling back on ANAME2LNAME lookups in
some of the cases where the files are not found (the current
behaviour.)
--
Roland Dowdeswell http://Imrryr.ORG/~elric/
More information about the krbdev
mailing list