git.openafs.org Git - openafs.git/commit

ptserver: Optionally restrict anonymous access to the ptserver

Currently, one could simply query from 0 to 'pts listmax' to determine
all the usernames in a cell.  The -restrict_anonymous option will block
access to almost all of the unauthenticated RPC's.   PR_NameToID is still
open since aklog still needs access to this RPC.  An "attack" against
this RPC would have to scan a much larger key space to determine valid
usernames in a cell.

Change-Id: I7e475bc004f08d28d195c199804befa89f0ceb0c
Reviewed-on: http://gerrit.openafs.org/10951
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Gergely Risko <gergely@risko.hu>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>

author	Chas Williams (CONTRACTOR) <chas@cmf.nrl.navy.mil>
	Wed, 26 Mar 2014 14:15:10 +0000 (10:15 -0400)
committer	D Brashear <shadow@your-file-system.com>
	Wed, 2 Apr 2014 14:06:35 +0000 (07:06 -0700)
commit	cc4e292174f36868008d35df63df57543f033ee4
tree	df3bc2bbcb669eb7eaa24aaef73f20edc38b16c1	tree \| snapshot
parent	972585c24b5c193a982570ff9264a1971760f48f	commit \| diff

doc/man-pages/pod8/ptserver.pod		diff \| blob \| history
src/ptserver/ptprocs.c		diff \| blob \| history
src/ptserver/ptserver.c		diff \| blob \| history