[OpenAFS] The Illusion of Security

[Rodney M Dyer]

At 02:20 AM 8/19/2003 -0400, Derrick J Brashear wrote:

>While I'm spewing my biases, system("somecommand") instead of using the
>API provided to do (whatever) also pushes my buttons.

It's very strange how I got into this state of affairs.  Until a few years 
back I was also a die-hard core API programmer.  That is, I used to develop 
more single "sealed" applications.  Being a systems programmer has made me 
a bit more open to the larger picture.  It's next to impossible to solve 
everyone's problems with a single large hammer.  Working at the "Lego" 
level allows scaffolding, or "glue", to be developed that holds the 
structure up until at such time a more complete product can fill in.  This 
is the state we've been in for the last 6 years.  No one has developed a 
product "yet" that solves our problems caused by using AFS, Windows, and 
Kerb 5.  Maybe I should develop one, but hey, I don't have the luxury of 
that amount of time.

I do however carefully select my options.  Depending on what needs to be 
done, as in speed, or size constraints, I'll jump back down into the 
API.  User logon, into a Windows box, is not something that is done a 
thousand times a second, or requires code with a small footprint.  It just 
needs to run "fast-enough" to not impact them.  I seem to instinctively 
know when I shouldn't script, and when I should.  That's probably from 
experience.  The biggest obstacle seems to be the development time.  Sure, 
I could as Sam says "do the right thing" (based on -his- definition of what 
is right), but I'll probably end up with a 12 month development project on 
my hands.  And, in the end, the more "solid" something is means the less 
"fluid" it is.

To each his own.  Thanks for your opinion.

Rodney