[252] in Kerberos
an_to_ln
daemon@TELECOM.MIT.EDU (Stan Zanarotti)
Fri Nov 13 16:02:22 1987
From: srz@MELANGE.LCS.MIT.EDU (Stan Zanarotti)
To: kerberos@ATHENA.MIT.EDU
In paris:/mit/srz/rpc.mountd, I have a version of Bill Sommerfeld's
an_to_ln routine that uses /etc/aname.{pag,dir} to convert
authentication names into local user names. This was part of the
original Kerberos concept, but was never implemented by the time Cliff
left.
I also changed it so that it special cases name.root to map to name.
Although this is a site-specific customization (in other words, Jeff
Schiller couldn't live without it), an_to_ln was intended to have some
site customization in it.
With this feature, users can allow arbitrary principals to map to their
user name on the local machine. This comes in very handy for people
who live on the interrealm boundary. In the same directory, I have a
modified version of rpc.mountd that uses an_to_ln to do the mapping,
and Bill's krb_alias program that allows people to update this database.
I propose that this version of an_to_ln gets installed in the kerberos
library. Athena's version of rpc.mountd should be updated, although
Jeff hasn't found the time to install it yet. If it had used an_to_ln
in the first place, it could have avoided the "it doesn't check the
realm name" bug.
Comments?
-stan
