From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <1364e9ff9f9f43e6a30ac71076e4204d@ar.aichi-u.ac.jp>
Subject: Re: [9fans] Multi-Domain-Authentication
Date: Wed,  8 Jun 2005 22:51:03 +0900
From: arisawa@ar.aichi-u.ac.jp
To: 9fans@cse.psu.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Topicbox-Message-UUID: 5c76ad4c-ead0-11e9-9d60-3106f5b1d025

>Anyone got other proposals?  I would like to hear and discuss
>about MDA issues very much. :)

one of other possible solutions is to simply prohibit host owners privilege
from the authdom that is not for the host.
that is, a requester using factotum:
key proto=p9sk1 dom=outside.plan9.bell-labs.com user=arisawa !password=XXXX
becomes arisawa@outside.plan9.bell-labs.com even if I don't write "grid" attribute
in my factotum.

Giving host owners privilege to the person out of your control makes things confusing.

Kenji Arisawa