[OpenAFS] Some questions about the future of OpenAFS
Derek Atkins
warlord@MIT.EDU
01 May 2002 12:35:35 -0400
Note that I still see cross-cell authentication working the same, so
you would still have "system:authuser@foreign-realm" and pts users
named "user@foreign-realm" which can be members of both PTS groups and
ACLs.
-derek
Derrick J Brashear <shadow@dementia.org> writes:
> On Wed, 1 May 2002, Douglas E. Engert wrote:
>
> > AFS has done the authorization via the PTS. Will this continue to
> > work the same way?
>
> For the moment. Something obviously needs to be done about it, but for
> instance switching to LDAP would be dangerous for fileserver performance
> reasons and because LDAP is not strictly a superset of PTS functionality.
>
> > Would you map foreign users to local users in the PTS?
>
> Would be nice to have the ability, it's certainly high on the list for a
> next-generation version of the service.
>
> > Will foreign users be allowed on ACLs?
>
> In PTS groups, or on ACLs? They're not the same.
>
> > Do you still have the AFS ID? Do these need to be UUIDs?
>
> As long as you still have local users you're mapping to, there's no reason
> it needs to change. It may be that it should, but it's not required.
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available