[OpenAFS] renaming principals
Christopher D. Clausen
Mon, 7 May 2007 11:41:58 -0500
And unless I misunderstand what it is for, there is already a pts rename
command that appears to rename PTS users or groups. There would not be
a need to delete and re-create the PTS entry, assuming a rename is what
you really want to do.
Jeffrey Altman <email@example.com> wrote:
> What you describe is how to change the authorization name for AFS.
> The challenge is changing the authentication name without forcing a
> password change. That is a Kerberos issue.
> Then there is the logistics of ensuring that the authentication name
> change and all of the authorization name changes for all services that
> accept Kerberos authentication occur at approximately the same time.
> Kim Kimball wrote:
>> I'm missing something WRT to Open AFS ACL changes.
>> Why not delete the PTS user entry "unmarriedname" and create the new
>> PTS entry "marriedname" with the same PTS ID?
>> ACLs store numeric PTSID; next time ACL entry is resolved the new
>> name will appear, retrieved from PTS DB.
>> Unless we're talking about non-AFS ACLs.