[AFS3-std] Re: rxgk-afs tokens for ptservers, etc.

[Benjamin Kaduk]

On Tue, 12 Feb 2013, Andrew Deason wrote:

> This requires bosserver to be running and reachable to have
> authenticated access to e.g. ptserver, but that seems reasonable (and
> certainly more reasonable than requiring vlserver to be up). But having
> other services accept GSSNegotiate calls I could maybe see, though: for
> example, if for whatever reason you can't talk to bosserver or vlserver,
> you can still do authenticated actions on ptserver. That doesn't strike
> me as terribly common, though, so it doesn't seem like a great concern.
> Maybe it could be optional?

I think that having each server process offer an RXGK_GSSNegotiate service 
that produces tokens only valid for that server/process pair is already 
allowed by the RXGK spec itself, and would be an implementation-specific 
thing.  I'm not at present inclined to do so in the code I'm writing, 
though; I think the other things we're talking about should be sufficient.

-Ben