multiple-local-realms-
20051208
This patch extends the krb.conf file allowing the specification of
multiple realms which should be treated as equivalents to the local
cell authentication domain. Additional realms are specified on the
first line of the krb.conf file and are separated by white space.
In addition, the patch adds a new file stored in the same directory
as the krb.conf file called krb.excl. This file contains a list of
principal names, one per line, that must not be treated as local
identities.
The purpose of this patch is to allow organizations that are supporting
multiple realms with synchronized user principal databases to allow
their users to login with any of the realms and treat the principal
names as equivalent to the local PTS identity. The exclusion is
to allow certain names, such as those for administrative IDs, to be
restricted to a subset of the realms.
Further optimization of the afs_krb_exclusion() should be performed to
remove the need to re-read the file. This patch should be considered
a temporary solution until a more permanent set of extensions to the
PT database and RPCs allow for the assignment of mechanism specific
aliases for PT IDs.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
correction to exclusion list parsing
git://git.openafs.org / openafs.git / commit