[OpenAFS] Re: Any budding documentation writers
Simon Wilkinson
sxw@inf.ed.ac.uk
Wed, 3 Mar 2010 18:36:25 +0000
On 3 Mar 2010, at 18:28, Russ Allbery wrote:
> Simon Wilkinson <sxw@inf.ed.ac.uk> writes:
>
>> It might be, but I think documenting multiple ways of doing things is
>> likely to be confusing to a novice user. We should pick one mechanism
>> and stick to it, and aklog is probably the best one to choose. In
>> addition, klog.krb5 won't be applicable to rxgk, but aklog is.
>
> Why wouldn't klog.krb5 be applicable to rxgk, at least in the abstract
> (doing the work is another matter)? It's just the combination of a
> kinit
> and aklog without storing the credentials in the file system. It
> should
> be usable with any Kerberos-based authentication mechanism.
Because rxgk doesn't care what GSSAPI mechanism is being used to get
the initial credentials. The tools that AFS provides assume that a set
of credentials are available (from Kerberos, from GSI, from a local
smart card ...), and simply does GSSAPI calls from then on.
Building specific Kerberos knowledge into rxgk is a non-goal - one of
the primary aims of rxgk is to build an rx security layer which is
mechanism independent.
Cheers,
Simon.