H2: Files related to authentication
- /adm/users # cpu server
is he registered?
isn't he a member of noworld?
- /mnt/keys/*/key # auth server
is his key given?
- /lib/ndb/auth # auth server
is he allowed to be authenticated?
- /adm/keys.who
users listed in this file will be seen in /mnt/keys
H2: case study (su ver1.0a)
H3: su on al
H4: su -p xxxxx alice
su# t
alice 1426 0:00 0:00 184K Pread ps
--rw-rw-rw- M 894 alice sys 0 Nov 2 16:10 x
OK
H4: su alice
su# t
alice 1434 0:00 0:00 184K Pread ps
--rw-rw-rw- M 902 arisawa sys 0 Nov 2 16:13 x
H4: su -p xxxxx sho
su: execl: permission denied
H2: case study (su ver1.0)
H3: su on ar
host: cpu server
method: cpu
executer: bootes
H4: alice
- alice is in /adm/users
- alice has password
- $home is given
- he owns $home
ar% grep alice /adm/users
alice:alice:arisawa:web,arisawa,backup
ar% su -p $p -f $f alice
result: OK
H4: bob
H4: douke
- he is in /adm/users
- he is noworld
- password is not given
- $home is given
- he owns $home
result:
Eve -> douke
Adm -> bootes
douke 17524 0:00 0:00 184K Pread ps
--rw-rw-rw- M 30028 bootes sys 0 Nov 2 09:42 x
H4: carol
- not in /adm/users
- password is not given
- $home is not given
Eve -> carol
Adm -> bootes
H3: su on al
h
H4: su none
su# t
none 1202 0:00 0:00 184K Pread ps
--rw-rw-rw- M 805 none sys 0 Nov 2 15:07 x
su# cd
su# touch z
touch: z: cannot create: permission denied
OK, reasonable.
H4: su alice
alice is in /adm/users
alice has password
su# t
alice 1288 0:00 0:00 184K Pread ps
--rw-rw-rw- M 831 arisawa sys 0 Nov 2 15:44 x
H4: su -p xxxxx alice
alice is in /adm/users
alice has password
su# t
alice 1309 0:00 0:00 184K Pread ps
--rw-rw-rw- M 839 arisawa sys 0 Nov 2 15:50 x
H4: su bob
bob is not in /adm/users
bos is not in /mnt/keys
su# t
bob 1278 0:00 0:00 184K Pread ps
--rw-rw-rw- M 823 arisawa sys 0 Nov 2 15:41 x
OK, reasonable.
------------------------
|