[EMAIL PROTECTED] writes:
> (3) Bos and vos commands such as dump, restore, adduser, removekey,
> rename, and other serious functions should not allow -loc; they
> should require either a token for a user in UserList on the remote
> machine, or the password for such a user at execution time.
>
> -- Owen
> [EMAIL PROTECTED]
I once wrote a program called "klog-localauth". Given access to the
/usr/afs/etc/KeyFile for your cell, it provided a token for any
user-id you specify. If you understand how Kerberos authentication
works, it's easy to see that you don't need to know the user's
password if you have the service key. So I don't see any point in
removing the "-localauth" option in favor of more token checking.
Joe Jackson,
AFS Product Engineer,
Transarc Corp.
PS: I've lost track of my sources, so I won't be able to post my
program. Sorry.
