Hrrm? hasn't the 'user/admin' kerberos ticket to 'user.admin' AFS id
always been standard?
Everywhere I've gone.
[EMAIL PROTECTED]
user/[EMAIL PROTECTED]
Two identities in Kerberos should not be treated as the same identity in
AFS.
If you have a user in krb5 named "user.admin" i think we do something to
avoid it being simply "user.admin" for afs, so user/admin can be mapped
safely.
In fact, from rxkad/ticket5.c:
/*
* If the first part of the name_string contains a dot, punt since
* then we can't see the diffrence between the kerberos 5
* principals foo.root and foo/root later in the fileserver.
*/
if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
goto bad_ticket;
so, yes, user/admin becomes user.admin, and user.admin gets to pound salt.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
