[AFS3-std] Re: tokens for bosserver
Andrew Deason
adeason@sinenomine.net
Thu, 14 Feb 2013 16:41:07 -0600
On Thu, 14 Feb 2013 14:02:11 -0500 (EST)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> I think that the most promising approach is probably to have an
> afs3-bos@host GSS identity for each machine running a bosserver, and
> use that for the GSS negotiation service. Tokens thus obtained will
> be tied to that particular machine's bosserver, and 'bos -localauth'
> will only be able to affect the local machine upon which it is
> running. It does make administering machines serving multiple cells
> cleaner, though, and preservers our abstractions.
Can't we have it use either afs3-bos@host or afs-rxgk@_afs.cell? It
seems unnecessary to require the generation of a new identity for each
bosserver, if they're all allowed to have the cell-wide key, unless I'm
missing something.
--
Andrew Deason
adeason@sinenomine.net