>Generally, DFS can do this about as well as can AFS. The limitation of
>having appropriate tokens for each cell is annoying, but you can (or
>should be able to) put cross-cell users on admin lists in DFS.
As long as we're talking about cross-cell and AFS .... I have a "wish list"
item I'd like to bring up.
We're starting to make heavier use of cross-realm authentication, and
we're finding that the fact that cross-realm PTS entries have a different
AFS uid than the Unix userid is a real stumbling block; a number of things
break in strange ways, especially if you're using the AFS-NFS translator
(the AFS-NFS translator is mostly broken and has been for over a year,
but that's a completely _seperate_ issue :-/).
Anyway, it would be nice if there was a way to create something akin
to "PTS aliases", where [EMAIL PROTECTED] could be considered an
"alias" for local PTS user kenh. Or maybe [EMAIL PROTECTED] could
be made to magically have the same PTS userid as kenh .... the whole
point here is that the foreign realm PTS entries really have to have
the PTS id match the Unix userid.
I understand the security issues involved with that, but I have strong
reasons why this would be useful at our site, and I can only see this
as a benefit to AFS as a whole.
--Ken
