[OpenAFS] Re: foreign-realm members of system:administrators
have weakened powers?
Thu, 26 Jan 2006 07:55:51 -0800
I'd appreciate some documentation when its done.
Adam Megacz wrote:
>Ken Hornstein <email@example.com> writes:
>>When I tracked this one down, I found code to specifically disallow
>>foreign realm users in the code that handles the Bos UserList; it
>>would not surprise me to find similar code in the pts server.
>Is there opposition to removing this code?
>I'm starting to like the idea of running AFS in its own micro-realm
>and having all users be cross-realm users. It cuts down a lot on
>administrative overhead (asking for favors from kdc admins when stuff
>changes) and keeps the username namespace nice and tidy without
>unduely favoring one institution or department over another.
> - a