keberos/KL apis

Prabhakaran vaidya prab at
Tue Jan 13 19:30:06 EST 2004

On Jan 13, 2004, at 4:22 PM, Sam Hartman wrote:

>>>>>> "Prabhakaran" == Prabhakaran vaidya <prab at> writes:
>     Prabhakaran> Unfortunately our realms are for Test, dev and prod
>     Prabhakaran> etc where realms should not trust each other.
> It seems entirely reasonable for the dev and test realms to trust user
> accounts from the prod realm.

true, but not the other way around.
There might be user ids in test/dev but not in prod.
We would like to coexist with power users who might have their own 
they work on which we do not know about, so the safest approach was to 
support realm separation.
It is not a problem for majority of users since they should only be 
seeing prod realm and
not even know about the other realms. But there is a considerable 
number of developers/testers
the same app has to be deployed. Many of them also have to 
simultaneously use production
and test versions of the apps going to respective realms.

More information about the krbdev mailing list