[OpenAFS-devel] Re: [OpenAFS-GK] Rewite of the auth/userok.c
SuperUser check routine
Nathan Neulinger
nneul@umr.edu
Mon, 14 May 2001 17:25:29 -0500
Derrick J Brashear wrote:
>
> On Fri, 11 May 2001, Nathan Neulinger wrote:
>
> > This rewrite cleans up the code a bit, removes any athena specific
> > references (not needed anymore in this version), and adds support for
> > multi realm management of afs servers (you can now specify
> > "admin@OTHERREALM" in your userlist).
>
> > if tinst
> > allow if tname.tinst in UserList
> > allow if tname/tinst in UserList
> []
> > if tinst
> > allow if tname.tinst@cell in UserList
> > allow if tname/tinst@cell in UserList
> > allow if tname.tinst@CELL in UserList
> > allow if tname/tinst@CELL in UserList
>
> Given that AFS has no krb5 conventions for anything else yet, I would
> argue krb5-form names have no business being supported yet by some
> subsystems since all (pts for example) can't support them. Comments?
>
> -D
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
Feel free to #ifdef out the few lines in that code that support the "/"
and uppercase styles. I figured that we might as well work toward krb5
styles eventually. (Main goal is to get user@cell to work, which doesn't
currently.) Seemed like a good enough time to make the UserList file
syntax equivalent to .k5login.
Maybe just have them
#ifdef FUTURE_KRB5_SUPPORT
#endif
that way code can just be uncommented later on.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216