On Thu, Oct 4, 2012 at 10:15 PM, Troy Benjegerdes <[email protected]> wrote: > Would it be feasible for us to 'eat our own dogfood', so to speak, and > use SPNEGO and cross-realm Kerberos to log into RT? (If this is already > implemented, and I haven't noticed, then I will volunteer myself to go > document it better) >
Cross-realm isn't really a workable solution unless you have tight coordination between realms and general agreement about security policies. Fine for something like CS.FOO.EDU and ENG.FOO.EDU but as a general purpose solution it's unworkable in practice. Shibboleth or something similar would be more reasonable, but that's a whole lot of overhead for a service provided as a courtesy. - Booker C. Bense _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
