[AFS3-std] Revised PTS authentication name mapping draft,
call for review
Simon Wilkinson
simon@sxw.org.uk
Fri, 18 Jun 2010 18:37:28 +0100
On 20 Apr 2010, at 22:27, Derrick Brashear wrote:
> As before, I've written up a draft based on the 2004 Stockholm AFSig =
hackathon
> discussion of the PTS alternate authentication names proposal, as
> modified based on further feedback and the 2009 Edinburgh Hackathon.
> Comments welcome and encouraged.
I've finally had a chance to review this. I've split my comments into =
ones of substance, and ones of style.
Substance:
> 10.4. Authentication Name Type Rewriting
I'm still uneasy about requiring the rewriting of GSSAPI obtained =
Kerberos names to use the Kerberos name type. If we believe that GSSAPI =
is the future, then I would prefer that we use the GSSAPI exported name =
for
all GSSAPI mechanisms, rather than special casing Kerberos.
Style:
> Some deployments provide several mechanisms to obtain AFS
> authentication; While mappings between Kerberos 4 and Kerberos 5
> [RFC1510] authentication names allow use of most Kerberos 5
> deployments with AFS, supporting more than a single realm requires
> matching usernames in all realms; Additionally, support for other
> systems is not provided at all.
I'm not sure about the readability of this paragraph - in particular the =
use of the semicolon.
> 3. Background information on operation of AFS
Whilst this background information is of use to a reader inexperienced =
with AFS, I'm not sure that every draft we produce needs to explain what =
AFS is, and how it works. Given that AFS novices are probably not the =
intended audience, I'm not convinced that this section is required.
> permitted for administrations
for adminstrators?
> section 7above
missing space
Apart from those, looks good to me.
S.