Doesn't really matter in this case, unless you're concerned that someone would want to grant admin access to "joe/admin" instead of granting access to "joe" with instance "admin".
Since UserList only checks against the instance, the only problem would be that if a "joe" with instance "admin" existed that you did NOT want to grant access to. If that user didn't exist, it just wouldn't grant any extra permissions. Someone going and creating "joe/admin" wouldn't result in any security problem, since it would never compare against "joe/admin" in the ticket. Since we're slowly moving toward more real krb5 support, seems like we need to pick one or the other to concentrate on, cause the more krb5'ized it becomes, the more people are going to want to make use of krb5 syntax. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 > -----Original Message----- > From: Derrick J Brashear [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 1:15 PM > To: [EMAIL PROTECTED] > Subject: RE: [OpenAFS-devel] pts examine > > > On Tue, 3 Dec 2002, Neulinger, Nathan wrote: > > > You can remove those ifdef's, but as I said, I don't > remember the discussion. I originally wrote those in there > cause I wanted to do just what you are doing locally. The > code was committed, but the krb5 syntax support was disabled > in the commit. > > > > I do not believe there would be any problem with enabling > it, but others may have something to say here. > > See my earlier comment: "/" is a legal character in krb4 and > so while you > might be smart enough to not allow a user named "foo/admin" > to be created > it's legal to do so; We never figured out how we were going > to deal with > this scenario, and encouraging people to do something which > might end up > conflicting with whatever we end up needing to do later seems unwise. > > > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel > _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
