[OpenAFS] Re: foreign-realm members of system:administrators have weakened
Wed, 25 Jan 2006 22:21:46 -0800
Ken Hornstein <email@example.com> writes:
> When I tracked this one down, I found code to specifically disallow
> foreign realm users in the code that handles the Bos UserList; it
> would not surprise me to find similar code in the pts server.
Is there opposition to removing this code?
I'm starting to like the idea of running AFS in its own micro-realm
and having all users be cross-realm users. It cuts down a lot on
administrative overhead (asking for favors from kdc admins when stuff
changes) and keeps the username namespace nice and tidy without
unduely favoring one institution or department over another.
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380