[OpenAFS] Kerberos 5 cache in /tmp

Russ Allbery rra@stanford.edu
Thu, 08 Apr 2004 09:18:37 -0700


Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

> We were batting around the idea of working on a capability-based system
> last year.  There is one glaring problem: all of the capability-based
> systems that are available today are all geared toward producing PhD
> thesis rather than actually being useful.  I made the mistake once of
> trying to use somebody's PhD thesis software in a real application; I
> won't make that mistake again.  As always, YMMV.

The other part of that is that I'm really too busy with other interesting
projects to experiment with a new operating system.

We currently run our servers on Unix varients (including Linux).  I've
used capability-based systems before (I cut my teeth on VMS), but Unix
isn't a capability-based system.  It's probably possible to build a real
capability-based operating system on top of some of the fundamentals of
Unix, but it would be exactly that, a new operating system.

I'm not actually in the market for a new operating system right now, since
I know the capabilities and weaknesses of the one I have now fairly well
and it does the job.  I suppose if someone made it sufficiently attractive
and easy, there's always room to consider one, but I'm not particularly
well-motivated to seek it out just at the moment.

I think that most people feel the same way about capabilities-based
systems right now.

There are just so many more pressing things to deal with beyond root
stealing people's tickets, such as getting completely off of K4 so that we
can turn on preauth everywhere.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>