[OpenAFS-devel] out of date code/apps/etc...
Sat, 02 Dec 2000 17:52:06 -0600
> Personally, I'd rather see the insecure token-passing inetd, ftpd, and
> rcmds disappear from OpenAFS altogether. A better approach would be to
> distribute patches to ssh to support token passing and/or getting AFS
> tokens when the user types a password or forwards Kerberos credentials.
Once krb5 support is more fully integrated, that's likely to be a good
avenue to follow.
> I also don't think we should be including any NTP implementation. The one
> currently in AFS does not include any AFS-specific features; stock ntp4
> will work just fine. Including a copy of ntp4 in openafs would only serve
> to insure that we distribute something that is always out-of-date with
> respect to the official distribution.
Yes, that's true, but at least if you distributed ntp4 w/ openafs, the
end user would have a 100% drop-in replacement.
> Unfortunately, I've heard mumblings that certain of the elders are opposed
> to the idea of removing any of these things from OpenAFS -- they'd rather
> keep them in the name of "backward compatibility". This seems silly, and
> I hope that eventually the elders can come to a concensus in favor of
> removing this obsolete and insecure code.
A partial compromise might be to separate the old/insecure/scary/etc.
stuff into a different package. If people really wanted to install that
stuff, they could, but it wouldn't be in the main build.
In fact, I suppose there isn't much reason to include wuftpd or ntp4 in
cvs either, but including them on the site might be a good idea to give
a central place where people can get everything-afs.
Nathan Neulinger EMail: email@example.com
University of Missouri - Rolla Phone: (573) 341-4841
CIS - Systems Programming Fax: (573) 341-4216