[OpenAFS] cross-realm AFS IDs
lamont@scriptkiddie.org
lamont@scriptkiddie.org
Sun, 20 Nov 2005 18:45:43 -0800 (PST)
It looks like cross-realm AFS IDs are required to have the group ID of the
cross-realm group (system:authuser@realm) in the lower 16-bits of the ID:
user id & 0x0000ffff = group id
Does this imply that you only get 16-bits of local IDs and 16-bits for
each cross-realm realm?
What would break if you assigned arbitrary AFS IDs to cross-realm users,
particularly in the <= 0x0000ffff ID space? What expects to be able to
take a user id and strip out the group id from it?
I've got cross-realm users which are in an AD REALM that I want to use
while keeping my cell principal in an MIT KDC. Those cross-realm users
are already in my /etc/passwd file with a globally unique uid that it
would simply my life greatly if I could use for an AFS ID. Also, all the
foreign cells that I'll access will have exactly the same mapping of IDs
to the AD realm.
Is there any way around this, or am I stuck with only 16-bits of
0xnnnnff2e IDs and the need to use some kind of nss_afs to resolve those
names with getpwuid()?