Hullo list. is a proposal
from some years ago from TIP9UG to do multi-domain authentication in a way
somewhat reminiscent of Kerberos.[1]

The only change to factotum, AFAICT, was the following addition:
> if(_strfindattr(s->key->attr, "grid")){
> snprint(s->t.suid, sizeof s->t.suid, "%s@%s", s->t.cuid, _strfindattr(s->key->attr, "dom"));
> safecpy(s->t.cuid, s->t.suid, sizeof s->t.cuid);
> flog("grid user: %s", s->t.suid);
> }

in the SHaveAuth case of p9skread.

This seems like a good way to go about MDA, so I am curious why this change
didn't get put back into the mainline code? Is there something
fundamentally wrong? Was a different approach selected? Was the issue
simply tabled?


[1] I say similar to Kerberos in that it requires a domain A wishing to
accept identities from domain B to have a key from B's authsrv. It differs
from Kerberos in that users in domain B act as if B's authsrv was the
authenticator for domain A.

Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkj8CzkACgkQTeQabvr9Tc+ACQCfQmkYIKqjcc ZgTv25+Y3Od4+W