[OpenAFS] using cross-realm kerberos principal in ACL before pts id is created (or, creating it as non-admin)?

Adam Megacz megacz@cs.berkeley.edu
Sun, 14 May 2006 23:15:55 -0700

Is it possible for a non-administrator user to add user@otherrealm.edu
to an ACL before user@otherrealm.edu has aklog'ed for the first time?
Currently it doesn't happen automatically (no big deal), but is there
any way to do it without admin intervention?

In theory the fs command could ask the pts server to create the
userid, but that would mean that the ptserver would have to be able to
query the other realm to ask if a given user exists or not... I don't
know if kerberos supports that, though.

  - a

PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380