[OpenAFS-devel] More on aklog
Derrick J Brashear
Tue, 12 Oct 2004 01:05:25 -0400 (EDT)
You found me at a particularly vicious moment. There's even a story to go
with it, but I can't tell it yet.
On Mon, 11 Oct 2004, Ken Hornstein wrote:
>> Jeff Altman explained why in the RT ticket you opened; Basically, "because
>> it can lead to 2 principals being treated as the same one".
> I feel it's only fair to say that I know someone that got screwed,
> hard, because of this code.
We distribute source; Are they not particularly resourceful? Cell and
realm in control of different entities which can't play nicely? What?
Really, if you got screwed hard by this, either there are extenuating
circumstances, or being stuck inside a paper bag seems like it could be
> Yeah, it can lead to two principals being treated the same: so what?
the obvious use would seem to be firstname.lastname; i suppose the surname
admin is uncommon; we have, however, had root as a surname here.
> So far it's only seemed to cause
> people problems,
Because the people who haven't had any problems are busily reporting the
problems they don't have, I suppose...
> because this _USED_ to work fine with krb524d,
> which people used FOR YEARS without any problems, confusion or
> security incidents.
That you know of.
> The end result is that it's not a seamless
> upgrade from a V4 ticket to a V5 ticket with krb524d, and that
A proposal of anything better than "well, 2 users could potentially be
treated as one" would be more entertaining at minimum.
Hey, I have a rotten idea, send a patch with aklog and some configure
gunk, and slip in the reversion of this "change" with it.