Jeffrey Altman <[email protected]> writes: > A security best practice is to never delete users and groups because you > don't know what ACLs they might be listed on. The same is true for > Kerberos principal names. You can disable the issuance of tickets but > do not remove them from the database.
I prefer deleting them and then running fs cleanacl across the entire cell on a time period faster than reuse of the same PTS ID. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
