[AFS3-std] Re: rxgk-afs tokens for ptservers, etc.

Simon Wilkinson simon@sxw.org.uk
Thu, 14 Feb 2013 15:02:34 +0000


That's a Kerberos principal, we've been talking in terms of GSS identities (=
which use @ instead of / as a component separator)

S.

Sent from my iPhone

On 14 Feb 2013, at 14:52, Brandon Allbery <ballbery@sinenomine.net> wrote:

> afs3-fs-UUID@REALM ?
>=20
> --
> brandon s allbery kf8nh                               sine nomine associat=
es
> allbery.b@gmail.com                                  ballbery@sinenomine.n=
et
> unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.n=
et
>=20
> ________________________________________
> From: afs3-standardization-admin@openafs.org [afs3-standardization-admin@o=
penafs.org] on behalf of Simon Wilkinson [simon@sxw.org.uk]
> Sent: Thursday, February 14, 2013 03:49
> To: Benjamin Kaduk
> Cc: Andrew Deason; afs3-standardization@openafs.org
> Subject: Re: [AFS3-std] Re: rxgk-afs tokens for ptservers, etc.
>=20
> The possibilities here seem to be requiring the identity<->UUID mapping to=
 be part of the server configuration (which would permit any form of identit=
y to be used), using a leap of faith where the first identity used to regist=
er a UUID is the only one which can then make changes to that UUID, or using=
 an identity which contains the server's UUID. For the latter, using afs3-fi=
leserver@UUID is tempting, but means that we lose any domain-to-realm magic t=
hat may be required.
> _______________________________________________
> AFS3-standardization mailing list
> AFS3-standardization@openafs.org
> http://lists.openafs.org/mailman/listinfo/afs3-standardization