gss_pname_to_uid: is that the right interface

Love Hörnquist Åstrand lha at
Thu Sep 22 10:18:43 EDT 2011

22 sep 2011 kl. 11:08 skrev Danilo Almeida:

> Adding OS authorization notions such as username or uid as a new calls into
> GSSAPI seems like a really bad idea

Not having it creates security bugs, there are plenty examples where people do gss_display_name() and then cut the string at the @ and call it a username.


More information about the krbdev mailing list