hartmans at MIT.EDU
Tue Jan 13 19:40:20 EST 2004
>>>>> "Prabhakaran" == Prabhakaran vaidya <prab at apple.com> writes:
Prabhakaran> On Jan 13, 2004, at 4:22 PM, Sam Hartman wrote:
>>>>>>> "Prabhakaran" == Prabhakaran vaidya <prab at apple.com>
Prabhakaran> Unfortunately our realms are for Test, dev and prod
Prabhakaran> etc where realms should not trust each other.
>> It seems entirely reasonable for the dev and test realms to
>> trust user accounts from the prod realm.
Prabhakaran> true, but not the other way around. There might be
Prabhakaran> user ids in test/dev but not in prod. We would like
So only create the key in one direction.
Prabhakaran> to coexist with power users who might have their own
Prabhakaran> KDCs/projects they work on which we do not know
Prabhakaran> about, so the safest approach was to support realm
Power users can be expected to set up their credentials caches
correctly and modify the edu.mit.kerberos file appropriately.
Prabhakaran> It is not a problem for majority of
Prabhakaran> users since they should only be seeing prod realm and
Prabhakaran> not even know about the other realms. But there is a
Prabhakaran> considerable number of developers/testers the same
Prabhakaran> app has to be deployed. Many of them also have to
Prabhakaran> simultaneously use production and test versions of
Prabhakaran> the apps going to respective realms. thanks -prab
I'd recommend providing a facility to launch test versions of the app
that sets the KRB5_CONFIG environment variable to a special
More information about the krbdev