As a side note to the Kerberos developers, is it time to add referral suppport
to both the client and KDC? I believe that would go a long way solving the
update of the krb5.conf problem.
Adam Megacz wrote:
I may be abandoning this because there doesn't seem to be any reliable
way for clients to figure out that the cell is its own realm (without
requiring end-users to manually edit or replace their krb5.conf, which
is way beyond the abilities of many people, sad as that fact may be).
Basically, unless I can get this to a truly zero-configuration
situation for users, my project is not gonna fly. It's just the
realities of how things are.
- a
ted creedon <[EMAIL PROTECTED]> writes:
I'd appreciate some documentation when its done.
Thanks.
tedc
Adam Megacz wrote:
Ken Hornstein <[EMAIL PROTECTED]> writes:
When I tracked this one down, I found code to specifically disallow
foreign realm users in the code that handles the Bos UserList; it
would not surprise me to find similar code in the pts server.
Is there opposition to removing this code?
I'm starting to like the idea of running AFS in its own micro-realm
and having all users be cross-realm users. It cuts down a lot on
administrative overhead (asking for favors from kdc admins when stuff
changes) and keeps the username namespace nice and tidy without
unduely favoring one institution or department over another.
- a
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
