[OpenAFS-devel] out of date code/apps/etc...

[Nathan Neulinger]

> Personally, I'd rather see the insecure token-passing inetd, ftpd, and
> rcmds disappear from OpenAFS altogether.  A better approach would be to
> distribute patches to ssh to support token passing and/or getting AFS
> tokens when the user types a password or forwards Kerberos credentials.

Once krb5 support is more fully integrated, that's likely to be a good
avenue to follow.

> I also don't think we should be including any NTP implementation.  The one
> currently in AFS does not include any AFS-specific features; stock ntp4
> will work just fine.  Including a copy of ntp4 in openafs would only serve
> to insure that we distribute something that is always out-of-date with
> respect to the official distribution.

Yes, that's true, but at least if you distributed ntp4 w/ openafs, the
end user would have a 100% drop-in replacement.

> Unfortunately, I've heard mumblings that certain of the elders are opposed
> to the idea of removing any of these things from OpenAFS -- they'd rather
> keep them in the name of "backward compatibility".  This seems silly, and
> I hope that eventually the elders can come to a concensus in favor of
> removing this obsolete and insecure code.

A partial compromise might be to separate the old/insecure/scary/etc.
stuff into a different package. If people really wanted to install that
stuff, they could, but it wouldn't be in the main build.

In fact, I suppose there isn't much reason to include wuftpd or ntp4 in
cvs either, but including them on the site might be a good idea to give
a central place where people can get everything-afs.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216