[OpenAFS-devel] Re: [OpenAFS-GK] Rewite of the auth/userok.c SuperUser check routine
Derrick J Brashear
shadow@dementia.org
Mon, 14 May 2001 18:20:22 -0400 (EDT)
On Fri, 11 May 2001, Nathan Neulinger wrote:
> This rewrite cleans up the code a bit, removes any athena specific
> references (not needed anymore in this version), and adds support for
> multi realm management of afs servers (you can now specify
> "admin@OTHERREALM" in your userlist).
> if tinst
> allow if tname.tinst in UserList
> allow if tname/tinst in UserList
[]
> if tinst
> allow if tname.tinst@cell in UserList
> allow if tname/tinst@cell in UserList
> allow if tname.tinst@CELL in UserList
> allow if tname/tinst@CELL in UserList
Given that AFS has no krb5 conventions for anything else yet, I would
argue krb5-form names have no business being supported yet by some
subsystems since all (pts for example) can't support them. Comments?
-D