Subject: | Need support for blocking profile homedir access for KLL on OS X |
Need support for blocking profile homedir access for the Kerberos Login
Library on Mac OS X. This should be at as low a layer as possible to
ensure that all callers (krb4, krb5, gss) do not touch the homedir.
This is for private KLL APIs for filesystem modules.
Note that this is only necessary on Mac OS X because only Mac OS X
touches the user's home directory looking for a krb5.conf file. It will
be conditionalized for USE_LOGIN_LIBRARY because it uses KLL APIs to
determine if it should touch the user's homedir.
Library on Mac OS X. This should be at as low a layer as possible to
ensure that all callers (krb4, krb5, gss) do not touch the homedir.
This is for private KLL APIs for filesystem modules.
Note that this is only necessary on Mac OS X because only Mac OS X
touches the user's home directory looking for a krb5.conf file. It will
be conditionalized for USE_LOGIN_LIBRARY because it uses KLL APIs to
determine if it should touch the user's homedir.