On 3 Feb 2014, at 22:24, Benjamin Kaduk <[email protected]> wrote: > * In order to have secure callbacks work properly, we need to know which > identity (if any!) from the user's token was the cache manager token.
You also want to be able to handle single identity tokens - such as those from single user machines, or from single user tools such as libafscp. You can do this by just using the user's identity as the cache manager identity in these situations. It is up to the cache manager to then deal with any poisoning attacks that this might open up. Cheers, Simon _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
