[OpenAFS-devel] RT, Gerrit, Release Management changes

Ken Hornstein kenh@cmf.nrl.navy.mil
Sat, 06 Oct 2012 00:02:28 -0400


>> Would it be feasible for us to 'eat our own dogfood', so to speak, and
>> use SPNEGO and cross-realm Kerberos to log into RT? (If this is already
>> implemented, and I haven't noticed, then I will volunteer myself to go
>> document it better)
>
>Cross-realm isn't really a workable solution unless you have tight coordination
>between realms and general agreement about security policies.

That has NOT been my experience, and we use cross-realm a lot (probably
more than most sites).  I think there's no reason why we couldn't do
what Troy is suggesting (other than the kinda pain-in-the-ass part of
actually setting up cross-realm).

--Ken