[OpenAFS-devel] aklog on MacOS X was Re: Service Ticket Questions
Henry B. Hotz
hotz@jpl.nasa.gov
Tue, 21 Mar 2006 11:49:20 -0800
On Mar 21, 2006, at 11:02 AM, Alexandra Ellwood wrote:
> Now Kerberos has serious problems with identity selection.
> Currently applications automatically select the "default"
> credentials, which results in terrible behavior when the user has
> multiple identities which they want to use simultaneously. So in
> the multiple-identity Kerberos case, something is going wrong
> constantly, and users need to use Kerberos.app all the time. But
> rather than sinking resources into Kerberos.app now, I think we'd
> get a whole lot more bang for our buck if we replace the default
> ccache model with something more expressive. Then users won't need
> to go to Kerberos.app except when they have a real problem.
>
>
> None of this solves the problem for AFS of course, I'm just
> explaining why you shouldn't count on a Mac version of the Network
> Identity Manager (or similar functionality in Keychain Access) any
> time soon.
Well put.
I will note that AFS PAG's do provide a much better model for how to
manage credentials. It's not perfect either, but I consider it a
reasonable minimum for what Apple should provide.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu