[OpenAFS] Re: foreign-realm members of system:administrators have weakened
Thu, 26 Jan 2006 22:09:05 -0800
Jeffrey Hutzelman <firstname.lastname@example.org> writes:
> Is there some reason you _need_ to operate your own realm?
> Wouldn't it be easier to get the CS.BERKELEY.EDU admins to create the
> service principal afs/research.cs.berkeley.edu@CS.BERKELEY.EDU ?
There is no such realm (CS.BERKELEY.EDU) -- there is only
EECS.BERKELEY.EDU. Yes, I know, this is lame.
And, even if that weren't a problem, the administrative overhead of
having to go through them in order to create guest accounts, establish
trust with other realms (ie other campuses), etc would never fly. And
I wasn't planning on giving the department's KDC admins (or any
principals in their realm) system:administrator.
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380