[OpenAFS] Future of AFS? Interesting Ideas!?

[Ken Hornstein]

>> I wish Outlook _did_ do Kerberos; that's rather unfortunate, since
>> MS even ships with Kerberos in the OS and they have no excuse.
>> However, other than Outlook, things aren't bad.  Eudora and Mulberry
>> both support Kerberos for POP/IMAP/SMTP, and so does the "Mail"
>> app that ships with OS X.  These are real applications that are
>> production quality, and our users seem to be happy with them.
>The following Article (MS Technet) may be of interest to you:
>http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp

Unfortunately, this document doesn't help.  What needs to happen is that
MS needs to add support for Kerberos 5/GSSAPI to Outlook; until that
happens, it doesn't solve the problem.

>I am not sure whether it is possible to logon to a unix box with only a 
>kerbereos ticket. Where would the uid/guid information come from??

Your LDAP server, probably.

>Of course you could use NIS for uid/guid things to work, but I really hate the 
>concepts of NIS - It`s flat!

Well, it's designed to emulate a Unix password file ... which is flat.
The "flatness" doesn't really bother me.  The lack of security in NIS
does.

--Ken