[01:24:19] --- Russ has left: Disconnected [04:30:05] --- reuteras has become available [05:46:36] --- reuteras has left [05:47:16] --- meffie has become available [08:01:51] --- reuteras has become available [09:06:26] --- rdw has become available [09:20:54] hmm. getting illegal or out of range when trying to pts delete a foreign realm group. thoughts? [09:22:53] ah, there were still members of the group left [09:30:47] --- Russ has become available [09:50:42] --- kaduk@mit.edu/barnowl has become available [09:51:03] Er, why is 'git describe' on master (via openafs-cvs) still referring to BP--openafs-stable-1_6_x-[...] ? [09:53:09] Hmm, how long was I gone? (I didn't notice being disconnected ...) [09:58:13] --- reuteras has left [10:02:59] --- rdw has left [10:04:35] --- jaltman/FrogsLeap has left: Replaced by new connection [10:04:36] --- jaltman/FrogsLeap has become available [10:07:35] because that's the last tag on master. simon hasn't nuked it yet [10:07:47] Sigh. [10:08:17] Aren't you supposed to tag 1.7 mumble or something, though? [10:09:24] Yeah, but it was tagged on the 1.7 branch. :) [10:09:37] "Shouldn't the branchpoint be tagged?" [10:09:43] Why? [10:10:08] Well, I suppose the answer could be "to provide git describe something to work from on master." [10:10:12] But other than that, there's really no point. [10:10:25] I thought BP--openafs-stable-1_6_x was just that for the 1.6 branch ... [10:10:27] Git can tell you where the branch branched without needing any help from a tag. [10:10:33] Yeah, but it dates back to CVS practices. [10:11:01] Although it's not clear that there was much point even in CVS, since similarly CVS could tell you where you branched without any help. [10:11:26] But branching in CVS was such a pain that having lots of tags to use to refer to was sometimes helpful. [10:27:44] So is there no way to create a foreign user with a low id number? Was hoping to just pts rename abc123 to abc123@foreignrealm and not have to clean up acls... [10:37:47] no; pretty sure ptserver enforces the synthetic id thing for foreign users [11:22:50] yeah, meh. [11:23:04] is there anything that uses the id to differentiate between local and foreign users? [11:24:04] I'm going to just use krb.conf to do what I want, but I'm curious if there's a reason behind the minimum id thing [11:24:47] well, it's not a general minimum; the users in a certain foreign group are limited to certain ids based on that group [11:25:05] but it's a function of the group id and something else [11:25:17] I'm not entirely sure why it's there, but I thought maybe it was to prevent self-registrations from "sniping" unused ids [11:25:41] so if system:authuser in our cell is -102, and system:authuser@foreign -103, and the foreign user ids are still in the 100k range [11:25:45] yeah, that would make sense [11:25:59] yes, I just mean, it's not just "foreign users have minimum id X", it's "users in foreign group X must have ids in the range Y-Z" [11:26:03] except our ldap2pts script will kill the users rather quickly if they 'snipe' an id [11:26:18] actually, not a contiguous range like that, since the 'range' part is in the upper bits of the id, but whatever [11:26:26] but I hadn't looked at it from that perspective. [11:27:50] so, next question: is the documentation correct on the krb.conf usage? all realms to be treated as local on one line separated by spaces? [11:28:21] yes [11:28:26] at least, that part is correct [11:28:36] I can't guarantee that everything in there is right :) [11:29:29] should the local realm also be listed? [11:29:45] local realm == cell name is implied [11:29:51] ok [11:30:15] it won't hurt to add it but it is not required [11:44:23] yeah, that seems to work [12:04:46] > "users in foreign group X must have ids in the range Y-Z" there's a weird transmutation function which basicalyly does "for cell foo, start with id X and each id after, add Y" [12:05:14] said function did not originally check that the id it chose was not taken, and well, predictable badness [12:06:14] ah [12:06:41] well yeah, that's >actually, not a contiguous range like that, since the 'range' part is in the upper bits of the id, but whatever [12:10:43] yeah [12:10:52] i was catching up and hadn't gotten to that [12:58:51] --- jaltman/FrogsLeap has left: Disconnected [13:52:03] --- jaltman/FrogsLeap has become available [14:00:05] --- asedeno has become available [15:56:49] --- deason has left [16:12:18] --- sxw has become available [16:22:41] --- sxw has left [17:33:09] --- Russ has left: Disconnected [17:36:11] --- Russ has become available [17:42:38] --- kaduk@mit.edu/barnowl has left [17:43:17] --- kaduk@mit.edu/barnowl has become available [18:44:10] --- jaltman/FrogsLeap has left: Replaced by new connection [18:44:11] --- jaltman/FrogsLeap has become available [18:45:30] --- mdionne has become available [19:35:13] --- mdionne has left [20:31:11] --- jaltman/FrogsLeap has left: Replaced by new connection [20:31:11] --- jaltman/FrogsLeap has become available [20:47:22] --- jaltman/FrogsLeap has left: Replaced by new connection [20:47:23] --- jaltman/FrogsLeap has become available [20:58:36] --- jaltman/FrogsLeap has left: Replaced by new connection [20:58:42] --- jaltman/FrogsLeap has become available [21:09:11] --- jaltman/FrogsLeap has left: Replaced by new connection [21:09:12] --- jaltman/FrogsLeap has become available [21:20:56] --- jaltman/FrogsLeap has left: Replaced by new connection [21:20:56] --- jaltman/FrogsLeap has become available [21:48:11] --- jaltman/FrogsLeap has left: Replaced by new connection [21:48:12] --- jaltman/FrogsLeap has become available [22:00:42] --- jaltman/FrogsLeap has left: Replaced by new connection [22:00:43] --- jaltman/FrogsLeap has become available [22:11:50] --- jaltman/FrogsLeap has left: Replaced by new connection [22:11:51] --- jaltman/FrogsLeap has become available [22:23:36] --- jaltman/FrogsLeap has left: Replaced by new connection [22:23:37] --- jaltman/FrogsLeap has become available [22:28:16] --- reuteras has become available [22:36:29] --- jaltman/FrogsLeap has left: Replaced by new connection [22:36:30] --- jaltman/FrogsLeap has become available [22:47:06] --- jaltman/FrogsLeap has left: Replaced by new connection [22:47:07] --- jaltman/FrogsLeap has become available [22:54:14] --- reuteras has left [22:59:11] --- jaltman/FrogsLeap has left: Replaced by new connection [22:59:12] --- jaltman/FrogsLeap has become available [23:11:20] --- jaltman/FrogsLeap has left: Replaced by new connection [23:11:20] --- jaltman/FrogsLeap has become available [23:23:12] --- jaltman/FrogsLeap has left: Replaced by new connection [23:23:13] --- jaltman/FrogsLeap has become available [23:34:20] --- jaltman/FrogsLeap has left: Replaced by new connection [23:34:21] --- jaltman/FrogsLeap has become available [23:46:29] --- jaltman/FrogsLeap has left: Replaced by new connection [23:46:30] --- jaltman/FrogsLeap has become available