Depends on your threat model. It means someone can gain access as a local user (probably non-root) provided they can send a fake AS_REP to "themselves". If you also compare to a local passwd/shadow entry then there is no security hole.
-derek Josh Huber <[EMAIL PROTECTED]> writes: > Alexei Kosut <[EMAIL PROTECTED]> writes: > > > P.S. With Mac OS X 10.2.1, you can use "krb5auth:authnoverify" > > instead of "krb5auth:authenticate" in /etc/authorization to enable > > Kerberos authentication without needing to have a keytab installed. > > This seems like a bad idea...doesn't it? > > -- > Josh Huber > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
