kadm5.acl rights for foreign principals
Marcio d'Avila Scheibler
marcio at cpd.ufsm.br
Tue Mar 12 15:28:43 EST 2002
>
> Marcio> Since we have a multi-realm KDC and in real life the same
> Marcio> people will manage those realms, I'd like to give permissions
> Marcio> to the same principal and if possible I wouldn't like
> Marcio> create user/admin at REALM1, user/admin at REALM2. I just want to
> Marcio> insert a entry for user/admin at REALM1 in kadm5.acl file
> Marcio> for each domain.
>
> Since realms generally define administrative boundaries, have you
> considered a single realm?
Yes, in general realms and domains matches administrative regions,
but we work with other questions, like:
- current domain structures for other services (dns for instance)
- number of objects
- expectations for future delegations
Taking them (and other) in account, we think we would have
a chaotic scenario with all objects inside one big and
monolithic realm.
------------------------------------------------------------------------------
Marcio d'Avila Scheibler - Divisao de Suporte (marcio at cpd.ufsm.br)
Centro de Processamento de Dados - Campus Universitario - CEP 97105-900
Universidade Federal de Santa Maria - RS - Brasil
=============================================================================
More information about the Kerberos
mailing list