[126] in Moira
afs incremental and kerberos instances on groups
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Mon Jun 18 15:49:59 1990
From: qjb@ATHENA.MIT.EDU
Date: Mon, 18 Jun 90 15:49:33 -0400
To: afsdev@ATHENA.MIT.EDU, moiradev@ATHENA.MIT.EDU
Since AFS 3.0 has support for name.instance on lists, and since
some lists (administrators) will definitely contain such
members, I suggest that the support be added to afs incremental
stuff to do the following if something of type KERBEROS is added
to a group:
If the realm is not the realm of authentication to the athena
afs cell, ignore this entry. Otherwise:
1. Remove the realm
2. Create the principal in AFS (pts createuser) with id (uid of
<name> + 65536) if <name> has a uid, or something greater
than 131071 otherwise if it does not already exist.
3. add it to the list.
Thus, adding "qjb.root@ATHENA.MIT.EDU" to the list
"administrators" would do the Right Thing. Right now, since
probe and qjb have removed their null instances from
system:administrators and added their root instances, there is
an inconsistency between the moira list "administrators" and the
AFS list system:administrators. I'd like to add qjb.root to a
group that I use in afs as well. This is a group that is
controlled by moira so that there can be other administrators,
but it is an AFS group.
I can think of a number of variations to the above suggestion,
but, in any case, the functionality needs to be added.
BTW, I left "USER qjb" on the list "administrators" so that I
wouldn't lose next time afssync is run....
Jay
