[OpenAFS] Re: AFS and Windows PAC data still and issue?
John W. Sopko Jr.
sopko@cs.unc.edu
Fri, 27 Jul 2007 14:27:28 -0400
So if a user principal is in many groups and exceeds 12k
this will be a problem?
Jeffrey Altman wrote:
> John W. Sopko Jr. wrote:
>
>> The afs/cell.name service principal only belongs to the standard
>> "domain users" group, (I think this is standard), and I do not believe
>> the afs service principal will need to be in any other groups. Thus
>> the PAC data for the service principal should not be growing. And as
>> long as it is less then 12k this should not cause a problem,
>> sound correct? Thanks.
>
> The PAC doesn't contain the authorization data for the service.
> It contains the authorization data for the user.
>
>
--
John W. Sopko Jr. University of North Carolina
email: sopko AT cs.unc.edu Computer Science Dept., CB 3175
Phone: 919-962-1844 Sitterson Hall; Room 044
Fax: 919-962-1799 Chapel Hill, NC 27599-3175