Hi! As you might have seen I'm developing the fake-kaserver support in Samba. Samba creates the AFS token itself once it has found that the user has proved its identity.
In the VIOCSETTOK pioctl I've followed the comment in auth/ktc.c:328 that ct.ViceId = getuid(); is an acceptable choice for the ClearToken. I currently only have a single cell, to to me that seems ok. Now I want to extend this to write a substitution for klog using winbind authentication. This means that would like to contact winbind with user/pw via /tmp/.winbindd/pipe. Winbind then authenticates the user, creates the token and hands it to the contacting program via that pipe. This means that the process doing the actual VIOCSETTOK would be non-privileged and could set the fields in the ClearTok structure itself. To make sure this is ok I tried to follow the usage path of the ViceId and the other fields, but I failed to find the exact usage of the fields in the client. My interpretation is that in viced/host.c the MapName_r creates the vid field by asking the ptserver, so to me it seems that ct.ViceId is not really security-sensitive. So my question: Where in the client is ViceId really used? Thanks, Volker
pgp00000.pgp
Description: PGP signature
