On Mon, Oct 20, 2008 at 10:29:17PM -0500, Eric Van Hensbergen wrote:
> Good general problem, I'd also like to add my personal pain point that
> only the file server knows about the relationship between groups and
> users.  It'd be nice to have a more general service to take care of
> this, and include some ability to assign remote delegated user names
> to local groups.
>
> I also like the idea of having "user-context" groups where users can
> create their own groups and assign local and remote users to them for
> the purposes of accessing file servers they "own".

My internalized model of how this should work is AFS's ACL system (if that's
not a dirty word...) and the associated PTS group system.  Between them,
they provide excellent ability to talk about users from remote cells and
allow users to create and manage their own groups.

--nwf;