[OpenAFS] Some questions about the future of OpenAFS
Douglas E. Engert
deengert@anl.gov
Tue, 30 Apr 2002 14:09:34 -0500
Derrick J Brashear wrote:
>
> On Tue, 30 Apr 2002, Douglas E. Engert wrote:
>
> > The beauty of AFS is its simplicity. I like the coherent unit concept, it
> > keeps it simple. You could always have multiple cells. The question is then
> > what do you gain by having to authenticte to different servers in the same
> > cell? If you are going to try and base some authorization decision on this,
> > i.e. some users can only authenticte to some servers, the complexity goes
> > up very fast. (Another way to maybe achieve this is multiple cells.)
>
> Actually, the goal is to allow different people to control different
> servers, without having to give them all the AFS key, yet still let them
> all be in a single cell. If there were a way to do delegation in PTS (true
> remote references) this wouldn't matter, but it has its own barriers to
> implementation.
That could still work, if the token the gssklogd creates is a cell token
which can be used to obtain server tokens.
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444