[OpenAFS-devel] RT, Gerrit, Release Management changes

[Booker Bense]

On Thu, Oct 4, 2012 at 10:15 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
> Would it be feasible for us to 'eat our own dogfood', so to speak, and
> use SPNEGO and cross-realm Kerberos to log into RT? (If this is already
> implemented, and I haven't noticed, then I will volunteer myself to go
> document it better)
>

Cross-realm isn't really a workable solution unless you have tight coordination
between realms and general agreement about security policies.

Fine for something like

CS.FOO.EDU

and

ENG.FOO.EDU

but as a general purpose solution it's unworkable in practice.
Shibboleth or something
similar would be more reasonable, but that's a whole lot of overhead
for a service provided
as a courtesy.

- Booker C. Bense