Date
Attendees
Goals
- discuss requirements, and better understand the choices availble
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
30 |
| ||
90 | The 3 to 4:30 meeting, the white board session captures a lot of that |
WhiteBoard photo
Left side
batchtkts/~ @SLAC ->
joe/batch/<...> @SLAC
Center Top Third (around the discussion of accounts and roles in a Kerberos domain)
joe/admin joe.admin@WIN.SLAC
ajoe
joe-a
Center mid-third
joe@SLAC.STANFORD.EDU --> AFSID 2311
joe/batch/cluster1.slac.stanford.edu@SLAC --> AFSID 2311
Center, bottom third, left
on node with keytable entry host/ubuntu.win.slac.stanford.edu@win.slac.stanford.edu
aklog call
Center whiteboard, bottom third center and right
yfs-rxgk (connecting left with right)
On the right it connects to
joe@slac pts 2311
joe/batch/cluster1.slac.stanford.edu 54000
Note to the far right about the audit trail availble here an the the ip based tracking with Good and BAD
Underneath the permit and do-not permit lists that are set on the file system.
Action items
- as a group at SLAC consider cost and benefits to handle multiple identity/role principals (use of some existing Kerberos tools that are gssapi enable to permit action, or leverage Auristor's means of having multiply identity/role tokens, and even negation in cases warranted (this at base is going to lean on the pts service.)