[OpenAFS] Re: final prerequesite for world domination

Adam Megacz megacz@cs.berkeley.edu
Thu, 29 Dec 2005 23:33:42 -0800

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
> While I am pretty liberal with who we cross-realm with, that does
> not extend to users using those realms.  We control the principal
> to userid mapping, and do not let users get interactive access to
> our systems from arbitrary principals.

This is a good point: if there were to be some mechanism for assigning
access based on non-kerberos principals, it would definately be a good
idea to make it possible for cell administrators to allow or disallow
this.  I can see how there are sites out there that would not want to
let their users do this (or perhaps only for certain volumes?).

  - a