Your observation of the behavior is correct. A foreign system:authuser group is not equivalent to the system:authuser group. There is no method to add groups to system:authuser.
If you wish to grant privileges to a foreign system:authuser group to portions of the tree you must add the group to all directories. Jeffrey Altman > On Jul 21, 2014, at 10:16 AM, Jaap Winius <[email protected]> wrote: > > Hi folks, > > After setting up Kerberos cross-realm access and then creating a > system:authuser@<MY_REALM> group in a foreign cell, it seems that basic rl > access to the cell's contents is only possible after that group is given rl > access to every single directory that system:authuser has access to. Not very > convenient. > > Is there an easy way around this, like something equivalent to making > system:authuser@<MY_REALM> a member of system:authuser? > > Thanks, > > Jaap > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info
smime.p7s
Description: S/MIME cryptographic signature
