I don't care if the local user id is 'root', or 'nobody'. As long as
this session hasn't gone through the steps to prove its identity, it
should not be allowed to hijack an existing session.
What should be allowed is for someone to obtain credentials (tokens) and
explicitly pass them to another PAG. Which is probably the reason you
want to be able to join a PAG in the first place.
situation:
"Hmm, my AFS tokens on my desktop are about to expire"
solution 1 (which I believe is bad):
"log in remotely, join the existing PAG and refresh the tokens"
solution 2:
"log in remotely, obtain new tokens and explicitly pass them to
another PAG"
A really bad reason for joining a PAG would be that you want to log in
remotely, but don't want to pay for the cost of proving your identity in
the new session.
Jan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/