[OpenAFS] Re: foreign-realm members of system:administrators have weakened powers?

ted creedon tcreedon@easystreet.com
Thu, 26 Jan 2006 07:55:51 -0800

I'd appreciate some documentation when its done.



Adam Megacz wrote:
>Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
>>When I tracked this one down, I found code to specifically disallow
>>foreign realm users in the code that handles the Bos UserList; it
>>would not surprise me to find similar code in the pts server.
>Is there opposition to removing this code?
>I'm starting to like the idea of running AFS in its own micro-realm
>and having all users be cross-realm users.  It cuts down a lot on
>administrative overhead (asking for favors from kdc admins when stuff
>changes) and keeps the username namespace nice and tidy without
>unduely favoring one institution or department over another.
>  - a