[20711] in Athena Bugs
Question on credentials files
daemon@ATHENA.MIT.EDU (Tom Cavin)
Thu Sep 12 15:09:39 2002
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15744.58992.815214.185680@lap1-wccf.mit.edu>
Date: Thu, 12 Sep 2002 15:09:36 -0400
From: Tom Cavin <cavin@MIT.EDU>
To: Athena Bugs list <bugs@MIT.EDU>
CC: Tom Cavin <cavin@MIT.EDU>
Hi,
This is a question on Kerberos principles and the credentials file for KNFS
servers.
If I have a list of Kerberos principles such as:
$ blanche wccf-acl
KERBEROS:cavin@ATHENA.MIT.EDU
KERBEROS:stasik@ATHENA.MIT.EDU
KERBEROS:woconnor@ATHENA.MIT.EDU
and this list is included as a list member of another list such as:
$ blanche cbcl-all | tail -3
vpkumar
vsw
LIST:wccf-acl
and the cbcl-all list is included in a list used for credentials such as:
$ blanche yoda-wccf-credentials
camillo
glenda
LIST:cbcl-all
LIST:wccf
Are the users "cavin", "stasik", and "woconnor" considered members of the
cbcl-all NFS group? How about the AFS group?
If the Kerberos principles are considered members of the groups, should
this be reflected in the credentials file?
The reason for this question is I sometimes need to have permissions in a
group's lockers in order to make changes, but I don't want to get all the
group's internal e-mail. If I can use Kerberos principles in this manner,
I get the (limited) authority I need for testing and don't get the noise.
Thanks,
--Tom
--
Tom Cavin Phone: (617) 258 - 7806
Computer Operations Manager Email: cavin@mit.edu
MIT - Whitaker College Computer Facility or tec@ai.mit.edu
