Jeffrey Altman <[EMAIL PROTECTED]> writes: > Processing of the .k5login file is not an authentication operation, it > is an authorization operation. Therefore, it is perfectly reasonable > for the client to mutually authenticate with a server, forward a ticket > and then have access rejected due to an authorization failure.
Hm, yes, that's a good point. Okay, I withdraw my objection about how this works with OpenSSH forwarding; my only concern is for how to do the right thing in PAM modules then. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
