[OpenAFS] Re: final prerequesite for world domination
Thu, 29 Dec 2005 23:33:42 -0800
Ken Hornstein <email@example.com> writes:
> While I am pretty liberal with who we cross-realm with, that does
> not extend to users using those realms. We control the principal
> to userid mapping, and do not let users get interactive access to
> our systems from arbitrary principals.
This is a good point: if there were to be some mechanism for assigning
access based on non-kerberos principals, it would definately be a good
idea to make it possible for cell administrators to allow or disallow
this. I can see how there are sites out there that would not want to
let their users do this (or perhaps only for certain volumes?).