The following commit has been merged in the master branch:
commit cc4e292174f36868008d35df63df57543f033ee4
Author: Chas Williams (CONTRACTOR) <[email protected]>
Date: Wed Mar 26 10:15:10 2014 -0400
ptserver: Optionally restrict anonymous access to the ptserver
Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell. The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's. PR_NameToID is still
open since aklog still needs access to this RPC. An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.
Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <[email protected]>
Reviewed-by: Gergely Risko <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
Reviewed-by: D Brashear <[email protected]>
doc/man-pages/pod8/ptserver.pod | 7 ++++-
src/ptserver/ptprocs.c | 63 +++++++++++++++++++++++++++++---------
src/ptserver/ptserver.c | 5 +++
3 files changed, 59 insertions(+), 16 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
