[OpenAFS-devel] Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
ted creedon
tcreedon@easystreet.com
Tue, 27 Jan 2004 08:28:49 -0800
Please clarify "for AFS if it
survives long enough"....
tedc
-----Original Message-----
From: openafs-devel-admin@openafs.org
[mailto:openafs-devel-admin@openafs.org] On Behalf Of Sam Hartman
Sent: Tuesday, January 27, 2004 4:27 AM
To: Jeffrey Hutzelman
Cc: Henry B. Hotz; Douglas E. Engert; openafs-devel@openafs.org
Subject: Re: [OpenAFS-devel] Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT
Kerberos
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz@cmu.edu> writes:
Jeffrey> On Monday, January 26, 2004 11:23:34 -0800 "Henry
Jeffrey> B. Hotz"
Jeffrey> <hotz@jpl.nasa.gov> wrote:
>> Isn't the reason this keeps coming up that AFS client doesn't
>> (can't?) behave like a normal Kerberos application and just
>> get it's own service ticket when it needs one (based on an
>> existing tgt)? The real reason this doesn't happen is that
>> tickets are stored in a file in /tmp, but it's a different set
>> of file system code inside the kernel that would need to access
>> it to request the service ticket.
Jeffrey> No; it's not that simple. Making the cache manager
Jeffrey> access ticket files would require first gaining a
Jeffrey> Kerberos dependency that we don't already have, and then
Jeffrey> importing lots of code into the kernel, much of which
Jeffrey> depends on network and filesystem interfaces that simply
Jeffrey> don't exist in kernel mode.
Or taking the Kerberos dependency and having a up call into userspace
for credential management. I don't dispute that doing so is a lot of
work, but discarding what seems like a necessary step for AFS if it
survives long enough when discussing solutions seems poor.
_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel