No, you only given trust level 5 to those user ids that you want to have 
trust level 5.  You can only authenticate a user id if you know the 
password (its credentials). 

Also, note that to perform user authentication across systems, the 
authenticator must be registered as the same name on all machines where 
you want to use user trust authentication.

--------------------------------------------------------------
Sharon Lucas
IBM Austin,   luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313




agou <a...@talktalk.net> 
01/21/2009 12:47 PM

To
Sharon Lucas/Austin/i...@ibmus
cc
staf <staf-users@lists.sourceforge.net>
Subject
Re: [staf-users] Trust?






But doesn't that mean that the user is validated is only validated 
locally, then? So a malicious user could validate a user on his own 
machine and gain level 5 trust on any other machine?

/jan

Sharon Lucas wrote:
> In regards to user level trust, you are right that submitting a CREATE 
> HANDLE NAME request to the HANDLE service requires trust level 5. 
However, 
> there's an important note in the STAF User's Guide, section "8.5.2 
> CREATE", sub-section "Security", that says:
> Note: This command is only valid if submitted to the local machine, not 
to 
> remote machines. 
> 
> So, since you can only create a STAF handle on your local machine (e.g. 
> STAF local HANDLE CREATE HANDLE NAME ...), and since the local machine 
> always has trust level 5 to itself, this isn't an issue.  Then you can 
use 
> this handle to submit STAF service requests (like a PROCESS START 
request) 
> to other machines.
> 

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users

Reply via email to