[OpenAFS] renaming principals

Kim Kimball dhk@ccre.com
Tue, 08 May 2007 07:55:56 -0700


Christopher D. Clausen wrote:
> And unless I misunderstand what it is for, there is already a pts rename 
> command that appears to rename PTS users or groups.  There would not be 
> a need to delete and re-create the PTS entry, assuming a rename is what 
> you really want to do.
>
>   
Of course.  I completely forgot rename :-[
> <<CDC
>
> Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>   
>> Kim:
>>
>> What you describe is how to change the authorization name for AFS.
>>
>> The challenge is changing the authentication name without forcing a
>> password change.  That is a Kerberos issue.
>>
>> Then there is the logistics of ensuring that the authentication name
>> change and all of the authorization name changes for all services that
>> accept Kerberos authentication occur at approximately the same time.
>>
>> Kim Kimball wrote:
>>     
>>> I'm missing something WRT to Open AFS ACL changes.
>>>
>>> Why not delete the PTS user entry "unmarriedname" and create the new
>>> PTS entry "marriedname" with the same PTS ID?
>>>
>>> ACLs store numeric PTSID; next time ACL entry is resolved the new
>>> name will appear, retrieved from PTS DB.
>>>
>>> Unless we're talking about non-AFS ACLs. 
>>>       
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
>