[OpenAFS-devel] Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT
Kerberos
Sam Hartman
hartmans@mit.edu
Tue, 27 Jan 2004 07:27:04 -0500
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz@cmu.edu> writes:
Jeffrey> On Monday, January 26, 2004 11:23:34 -0800 "Henry
Jeffrey> B. Hotz"
Jeffrey> <hotz@jpl.nasa.gov> wrote:
>> Isn't the reason this keeps coming up that AFS client doesn't
>> (can't?) behave like a normal Kerberos application and just
>> get it's own service ticket when it needs one (based on an
>> existing tgt)? The real reason this doesn't happen is that
>> tickets are stored in a file in /tmp, but it's a different set
>> of file system code inside the kernel that would need to access
>> it to request the service ticket.
Jeffrey> No; it's not that simple. Making the cache manager
Jeffrey> access ticket files would require first gaining a
Jeffrey> Kerberos dependency that we don't already have, and then
Jeffrey> importing lots of code into the kernel, much of which
Jeffrey> depends on network and filesystem interfaces that simply
Jeffrey> don't exist in kernel mode.
Or taking the Kerberos dependency and having a up call into userspace
for credential management. I don't dispute that doing so is a lot of
work, but discarding what seems like a necessary step for AFS if it
survives long enough when discussing solutions seems poor.