Esther Filderman <[EMAIL PROTECTED]> writes:
> When users log in, login picks up a token and they're in their home
> directory.
I think this is the reason why you're confused; apparently a bunch of
other folks aren't using an AFS-aware login and therefore the user can't
get tokens until after they've logged in. So everything that login has to
access has to be world-accessible.
Personally, I'd say the solution is to switch to an AFS-aware login, but
given that I didn't have to write it or even maintain it much, that's easy
for me to say. :) I have no idea how well the Transarc-supplied one
works; we've used our own locally written one for years.
> Home directories by default are set to "userid all" and that's about it.
> There's rarely a reason for people's home directories to be
> "system:anyuser" anything.
One case where it matters is if you use .klogin files to control remote
Kerberos logins; they need to be readable by unauthenticated users.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
