[OpenAFS] renaming principals
Christopher D. Clausen
cclausen@acm.org
Mon, 7 May 2007 11:41:58 -0500
And unless I misunderstand what it is for, there is already a pts rename
command that appears to rename PTS users or groups. There would not be
a need to delete and re-create the PTS entry, assuming a rename is what
you really want to do.
<<CDC
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> Kim:
>
> What you describe is how to change the authorization name for AFS.
>
> The challenge is changing the authentication name without forcing a
> password change. That is a Kerberos issue.
>
> Then there is the logistics of ensuring that the authentication name
> change and all of the authorization name changes for all services that
> accept Kerberos authentication occur at approximately the same time.
>
> Kim Kimball wrote:
>> I'm missing something WRT to Open AFS ACL changes.
>>
>> Why not delete the PTS user entry "unmarriedname" and create the new
>> PTS entry "marriedname" with the same PTS ID?
>>
>> ACLs store numeric PTSID; next time ACL entry is resolved the new
>> name will appear, retrieved from PTS DB.
>>
>> Unless we're talking about non-AFS ACLs.