[OpenAFS-devel] (no subject)
Troy Benjegerdes
hozer@hozed.org
Mon, 19 Dec 2005 14:11:51 -0600
On Thu, Dec 08, 2005 at 07:10:39PM +0000, David Howells wrote:
>
> Hi Derrick,
>
> Can you remind me of what it is you still want from the key management stuff to
> support OpenAFS please?
>From the user point of view, I'd need something equivalent to 'aklog',
and the libpam-openafs-session modules.
Would we lose anything by having the kerberos libraries be able to
manipulate keys directly? Such that kinit would place the keys in the
kernel keyring directly, without needing a (in my opinion) insecure
ticket cache in /tmp ?
Also, would it be possible to get a read-only, but authenticated rxkad
connections in the in-kernel AFS client? What is the status of this?
I'd also like to be able to run both the kernel AFS and OpenAFS clients
at the same time, but they both want to grab port 7000 for the cache
manager. Is there a clean around this? (say moving the port for the kAFS
client?)