Hullo list. http://osdir.com/ml/os.plan9.nine-grid/2005-06/msg00001.html is a proposal from some years ago from TIP9UG to do multi-domain authentication in a way somewhat reminiscent of Kerberos.[1]
The only change to factotum, AFAICT, was the following addition:
> if(_strfindattr(s->key->attr, "grid")){
> snprint(s->t.suid, sizeof s->t.suid, "[EMAIL PROTECTED]", s->t.cuid,
> _strfindattr(s->key->attr, "dom"));
> safecpy(s->t.cuid, s->t.suid, sizeof s->t.cuid);
> flog("grid user: %s", s->t.suid);
> }
in the SHaveAuth case of p9skread.
This seems like a good way to go about MDA, so I am curious why this change
didn't get put back into the mainline code? Is there something
fundamentally wrong? Was a different approach selected? Was the issue
simply tabled?
Thanks.
--nwf;
[1] I say similar to Kerberos in that it requires a domain A wishing to
accept identities from domain B to have a key from B's authsrv. It differs
from Kerberos in that users in domain B act as if B's authsrv was the
authenticator for domain A.
pgpSCoaiGCeDm.pgp
Description: PGP signature
