[OpenAFS] my afs wish list

[Charles Clancy]

On Tue, 29 Apr 2003, Derek Atkins wrote:

> Charles Clancy <security@xauth.net> writes:
>
> > The cool thing is that you could use something like SESAME instead of
> > Kerberos.  For that matter, you could even use SSL and authenticate with
> > certificates.  I don't even want to think about the amount of work
> > required, but would such flexibility be useful?
>
> Uhh, I for one would not want to implement SSL in the kernel, let alone
> require RX to work over tcp sessions!

Well, perhaps SSL wasn't a good example.  As GSS doesn't make any
requirements of the transport protocol being used, SSL doesn't fit all
that well into its structure.  I think SESAME would still be useful,
though.

As far as the kernel issue goes, that could be a problem, though not
without solution.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]