[128] in Moira
Re: afs incremental and kerberos instances on groups
daemon@ATHENA.MIT.EDU (marc@MIT.EDU)
Tue Jun 19 01:41:55 1990
From: marc@MIT.EDU
To: qjb@ATHENA.MIT.EDU
Cc: afsdev@ATHENA.MIT.EDU, moiradev@ATHENA.MIT.EDU
In-Reply-To: Your message of Mon, 18 Jun 90 15:49:33 -0400.
Reply-To: marc@MIT.EDU
Date: Tue, 19 Jun 90 01:41:16 EDT
>> If the realm is not the realm of authentication to the athena
>> afs cell, ignore this entry. Otherwise:
>>
>> 1. Remove the realm
>> 2. Create the principal in AFS (pts createuser) with id (uid of
>> <name> + 65536) if <name> has a uid, or something greater
>> than 131071 otherwise if it does not already exist.
>> 3. add it to the list.
Close, but not quite. What if someone creates a list with tom,
tom.root, tom.admin, and tom.ls in it? What id's should be assigned?
We should come up with a reasonable fallback if the first id is taken.
Incrementing by 65536 until an unused id is found seems reasonable to
me.
BTW, I think this is a great idea. LIST marc already contains all the
kerberos principals which refer to me, in hopes that someday, some
service will actually use that info, and I can just add LIST marc to
discuss acl groups or whatever, and the right thing will happen.
Marc
