[OpenAFS] Separating AFS tokens generation from Authenticatio n
Douglas E. Engert
deengert@anl.gov
Wed, 10 Oct 2001 12:43:10 -0500
Derek Atkins wrote:
>
> Leif Johansson <leifj@it.su.se> writes:
>
> > On Wed, Oct 10, 2001 at 10:24:18AM -0500, Neulinger, Nathan wrote:
> > > Interesting... will take a look, does sounds promising particular for
> > > integration with NT...
> > >
> > > Yucky tar file though that extracts into src/*... But that's just cosmetic.
> >
> > Both name-space mapping and alternative authentication mechanisms for
> > rx were discussed at the Arla Hackathon in Stockholm two weeks ago.
>
> Indeed, I would much rather see GSS incorporated directly into rxkad.
That would be fine too, as long as it is GSS.
> Then again, I'd also like to see each AFS server have its own key
> instead of using a single shared key across all servers in a cell.
Another nice idea, but then you get into what DFS had to do, in effect
getting a separate ticket for each server. This required a TGT.
The beauty of AFS today, is its simplicity. A token per cell.
>
> >
> > MVH leifj
>
> -derek
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444