Christopher D. Clausen wrote: > I have added an afs/<cell> principal from each of two realms > (AD.UIUC.EDU and ACM.UIUC.EDU) to the KeyFiles on our AFS servers. This > allows tokens obtained with AD.UIUC.EDU credentials to work just like > the ACM.UIUC.EDU credentials (i.e. users are NOT treated as foreign,) as > I've been told it should. > > Is it now safe to remove any @ad.uiuc.edu users that were auto-created > by previous foreign user handling (using the cross-realm trust from AD > to ACM)? > > What about removing the system:[EMAIL PROTECTED] group? > > Do these any of these still need to exist? > > <<CDC
You can remove the @ad.uiuc.edu users and the group. Neither are being used anymore because the users from AD.UIUC.EDU are now being treated as local users. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
