[OpenAFS] Future of AFS? Interesting Ideas!?

Derrick J Brashear shadow@dementia.org
Sun, 5 Jan 2003 18:47:08 -0500 (EST)

On 5 Jan 2003, Patrick J. LoPresti wrote:

> Derrick J Brashear <shadow@dementia.org> writes:
> > Agree. We ran krb5 and kaserver in a loosely synchronized manner at
> > CMU for a while, it was unpleasant. The tradeoff is now we have
> > fixed-master replication. Sigh.
> I was 1/4 serious when I suggested contributing Ubik code to OpenLDAP.
> An Ubik-based krb5 server would be pretty cool, too.  I wonder if the
> maintainers would even be interested, though.

The Ubik election code would be good. The Ubik "database" backend isn't a
database. I think I said this already.

> Derrick also wrote:
> > Do you think Kerberos is not (part of) said solution? Do you feel
> > LDAP is?  I'm mostly just curious.
> LDAP is an overengineered monstrosity.  But it appears to be the only
> game in town (except for Active Directory, of course).  So yeah, I
> suppose I consider it part of the solution.  I wish there were a
> decent free implementation.

OpenLDAP is decent. It just isn't what (everything) I want from a

> Kerberos, on the other hand, I am not so sure about.  Web-based
> services are a very important class of application, and it is quite
> possible that they will be the only important class in the long run.
> So perhaps the fully standardized "Global Public Key Infrastructure"
> is the real solution.  Too bad it's a myth...

I expect the Kerberos problem will be solved for the Web before we get to
this point.