From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 21 Oct 2008 13:43:10 -0400 From: Nathaniel W Filardo To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-ID: <20081021174310.GR4216@masters10.cs.jhu.edu> References: <476c0463b6a73667d50ba792ef1ada3d@quanstro.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vDz90IqCUeSi4M1R" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Subject: Re: [9fans] Multi-domain authentication? Topicbox-Message-UUID: 23d9643a-ead4-11e9-9d60-3106f5b1d025 --vDz90IqCUeSi4M1R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 20, 2008 at 10:29:17PM -0500, Eric Van Hensbergen wrote: > Good general problem, I'd also like to add my personal pain point that > only the file server knows about the relationship between groups and > users. It'd be nice to have a more general service to take care of > this, and include some ability to assign remote delegated user names > to local groups. > > I also like the idea of having "user-context" groups where users can > create their own groups and assign local and remote users to them for > the purposes of accessing file servers they "own". My internalized model of how this should work is AFS's ACL system (if that's not a dirty word...) and the associated PTS group system. Between them, they provide excellent ability to talk about users from remote cells and allow users to create and manage their own groups. --nwf; --vDz90IqCUeSi4M1R Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkj+FK4ACgkQTeQabvr9Tc9x4ACfdnW81APOdz6fghC1NHQGcxep VLQAn0h3bbbLF9jGNREnCvxzVoA5btmc =sY6w -----END PGP SIGNATURE----- --vDz90IqCUeSi4M1R--