[OpenAFS-devel] Multiple AFS principals per pts id?

Derek Atkins warlord@MIT.EDU
04 Jan 2001 11:28:14 -0500 

IIRC, I was able to do this a while ago by duplicating the afs service
key in both realms.  I seem to recall that this worked, but this was
back in the early 90s, and all the affected systems have been in the
trash for several years by now.

Alternatively, you can use the standard AFS cross-realm authentication,
and you can use groups to combine users.  For example:

~% pts mem warlord:warlord
Members of warlord:warlord (id: -99013) are:
	warlord
	warlord.root
	warlord@ihtfp.org
	warlord.root@ihtfp.org

Then you can just use the id 'warlord:warlord' on all acls and it gets
all instances of 'me'.  You could even automate it and use system
groups.

-derek

"Neulinger, Nathan R." <nneul@umr.edu> writes:

> Would it be possible to modify the ptserver to allow multiple principal
> names per pts id? 
> 
> I.e. I'd like to be able to have princ@REALM1 and princ@REALM2 when run
> through aklog, both get the same pts id. Obviously the reverse lookup (get
> name from id) would only return 1. Or alternatively, I guess I'm looking for
> a way to modify the ptserver to be able to establish a cross-realm
> trust/equivalency. (I would actually not have any objection to the ptserver
> simply treating the two realms as 100% equivalent as one possible approach.)
> 
> 
> Ideally, some way of saying "if I aklog with princ@REALM2, I want it to look
> up the mapping to see what AFS access it really should give me as opposed to
> princ@REALM2."
> 
> -- Nathan
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nneul@umr.edu
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-devel

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available