Hullo list.

http://osdir.com/ml/os.plan9.nine-grid/2005-06/msg00001.html is a proposal
from some years ago from TIP9UG to do multi-domain authentication in a way
somewhat reminiscent of Kerberos.[1]

The only change to factotum, AFAICT, was the following addition:
>    if(_strfindattr(s->key->attr, "grid")){
>      snprint(s->t.suid, sizeof s->t.suid, "%s@%s", s->t.cuid, _strfindattr(s->key->attr, "dom"));
>      safecpy(s->t.cuid, s->t.suid, sizeof s->t.cuid);
>      flog("grid user: %s", s->t.suid);
>    }
in the SHaveAuth case of p9skread.

This seems like a good way to go about MDA, so I am curious why this change
didn't get put back into the mainline code?  Is there something
fundamentally wrong?  Was a different approach selected?  Was the issue
simply tabled?

Thanks.
--nwf;

[1] I say similar to Kerberos in that it requires a domain A wishing to
accept identities from domain B to have a key from B's authsrv.  It differs
from Kerberos in that users in domain B act as if B's authsrv was the
authenticator for domain A.