[OpenAFS-devel] RT, Gerrit, Release Management changes
Troy Benjegerdes
hozer@hozed.org
Mon, 8 Oct 2012 00:09:06 -0500
On Sun, Oct 07, 2012 at 06:43:10PM -0700, Gary Buhrmaster wrote:
> On Sun, Oct 7, 2012 at 10:28 AM, Troy Benjegerdes <hozer@hozed.org> wrote:
> ....
> > My take on the political layer obstacles to cross-realm is to figure out
> > a way to leverage DNSSEC in some way to facilitate no-administrator
> > intervention cross realm key exchange.
>
> We all look forward to your RFC.
Before I bother with an RFC that nobody other than me cares about, I'd
like to see gerrit.openafs.org *use* the following RFCs, so that I can
trivially log in when authenticated to my own local cell:
http://tools.ietf.org/html/rfc4120
http://tools.ietf.org/html/rfc4178
http://tools.ietf.org/html/rfc4559
If given a database dump of the RT database backing rt.central.org, I can
attempt to set up a test version that will allow any realm with manually
configured cross-realm trust to log in.
Once I am tired of manually configuring cross-realm trust, or phone
conversations with admins unwilling to configure said trust, then I will
implement some code and finally, after that, propose an RFC.
At this point, all I know is I've set up an RT instance that DOES allow
properly configured manual cross-realm trust, and I'm reasonably confident I
can do the same thing with a clone of the rt.central.org database.
This is all on the 'when I feel like it' timeframe.
If you would like to see an RFC on a sooner timeframe, I am more than happy
to discuss a professional services development contract off-list.
On the email list, I am particularly interested in constructive criticism
that might help me understand what I'm missing, and make better use of the
'when I feel like it' time so that the work I do ends up benefiting both
myself and the rest of the community.