OpenAFS CVS Commit: openafs/src/auth by shadow
Mon, 14 May 2001 18:56:34 EDT

Update of /usr1/cvs/openafs/src/auth
In directory

Modified Files:
Log Message:
DELTA afs-superuser-foreign-realm-checks-20010514

This rewrite cleans up the code a bit, removes any athena specific 
references (not needed anymore in this version), and adds support for 
multi realm management of afs servers (you can now specify 
"admin@OTHERREALM" in your userlist).

Code now checks as follows:

tinst  - remote user info from conn
lcell - local cell
lrealm - local realm (defaults to lcell if not avail)

if no remote cell or instance
        allow localauth
if the cell of the remote connection matches local cell or local realm
        if not tinst
                allow if tname in UserList
        if tinst
                allow if tname.tinst in UserList
if cell doesn't match local cell or realm
        if not tinst
                allow if tname@cell in UserList
                allow if tname@CELL in UserList
        if tinst
                allow if tname.tinst@cell in UserList
                allow if tname.tinst@CELL in UserList

modified per openafs-devel discussion such that krb5 versions (/tinst 
rather than .tinst) code path disabled for now
DELTA some-name-yyyymmdd

--- DELTA config follows ---
afs-superuser-foreign-realm-checks-20010514 openafs/src/auth/userok.c 1.3 1.4