On Thu, Aug 19, 1999 at 07:23:55PM -0400, Pete Gonzalez wrote:
>
> This doesn't get rid of the bug (your new ID simply gets assigned as
> "zero"), but it at least gives you a chance to set it to something else
> with the "ci" command.  Unfortunately I never got around to figuring out
> how to repair the database itself.

Hi Pete,

Only the `maxids' field is screwed up. There is a command called (I
believe) maxids to (re)set the current maximum user and group id's.
OTOH, the patch I sent to the list earlier actually fixes the `screwing
things up in the first place' part of the problem.

> If you're a programmer, you might consider overhauling the pdbtool (and at
> some point the entire CODA authentication system).  In fact, if someone is
> interested in this, I'd happy to write up a list of what I perceive as
> some major "lacking areas" of the CODA authentication system design, and
> proposals for how I think they should be fixed.  :-)

At least I am interested in hearing some comments. The pdb library
actually already was an overhaul of some previously existing
authentication mechanism. And the pdbtool is just a dumb interface to
modify things in the pdb databases. I added some functionality to the
pdbtool to make it easier to use by scripts.

btw. Some of the lacking areas might even be explicit design decisions,
such as the trusted-servers/untrusted-clients security model, which is
`inherited' from AFS/Kerberos.

> -Pete

Jan