[OpenAFS] renaming principals

Christopher D. Clausen cclausen@acm.org
Mon, 7 May 2007 11:41:58 -0500

And unless I misunderstand what it is for, there is already a pts rename 
command that appears to rename PTS users or groups.  There would not be 
a need to delete and re-create the PTS entry, assuming a rename is what 
you really want to do.


Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> Kim:
> What you describe is how to change the authorization name for AFS.
> The challenge is changing the authentication name without forcing a
> password change.  That is a Kerberos issue.
> Then there is the logistics of ensuring that the authentication name
> change and all of the authorization name changes for all services that
> accept Kerberos authentication occur at approximately the same time.
> Kim Kimball wrote:
>> I'm missing something WRT to Open AFS ACL changes.
>> Why not delete the PTS user entry "unmarriedname" and create the new
>> PTS entry "marriedname" with the same PTS ID?
>> ACLs store numeric PTSID; next time ACL entry is resolved the new
>> name will appear, retrieved from PTS DB.
>> Unless we're talking about non-AFS ACLs.