keberos/KL apis
Prabhakaran vaidya
prab at apple.com
Tue Jan 13 19:30:06 EST 2004
On Jan 13, 2004, at 4:22 PM, Sam Hartman wrote:
>>>>>> "Prabhakaran" == Prabhakaran vaidya <prab at apple.com> writes:
>
> Prabhakaran> Unfortunately our realms are for Test, dev and prod
> Prabhakaran> etc where realms should not trust each other.
>
> It seems entirely reasonable for the dev and test realms to trust user
> accounts from the prod realm.
>
>
>
true, but not the other way around.
There might be user ids in test/dev but not in prod.
We would like to coexist with power users who might have their own
KDCs/projects
they work on which we do not know about, so the safest approach was to
support realm separation.
It is not a problem for majority of users since they should only be
seeing prod realm and
not even know about the other realms. But there is a considerable
number of developers/testers
the same app has to be deployed. Many of them also have to
simultaneously use production
and test versions of the apps going to respective realms.
thanks
-prab
More information about the krbdev
mailing list