>> Would it be feasible for us to 'eat our own dogfood', so to speak, and >> use SPNEGO and cross-realm Kerberos to log into RT? (If this is already >> implemented, and I haven't noticed, then I will volunteer myself to go >> document it better) > >Cross-realm isn't really a workable solution unless you have tight coordination >between realms and general agreement about security policies.
That has NOT been my experience, and we use cross-realm a lot (probably more than most sites). I think there's no reason why we couldn't do what Troy is suggesting (other than the kinda pain-in-the-ass part of actually setting up cross-realm). --Ken _______________________________________________ OpenAFS-devel mailing list OpenAFS-devel@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-devel
