[OpenAFS] Roadmap for features

Derrick J Brashear shadow@dementia.org
Mon, 8 Nov 2004 10:46:49 -0500 (EST)


On Mon, 8 Nov 2004, Mike Burns wrote:

> - Native Kerberos 5 and support for multiple strong (better than single
> DES) encryption types.  I've used the migration toolkit patch to get K5
> support, but would rather not have to do that each time we upgrade to a
> new version of OpenAFS.
>
>  Jeffrey Altman already informed me that this will be worked on at the
>  AFS Hackathon next month and make it into OpenAFS 2.0, but that it
>  would not be stable enough for the 1.4 release.  There may not be
>  anything more to add to this..  Is there a projected timeframe for
>  the release of 1.4 and 2.0?

1.4 was supposed to be out "already" but there are a few more bugs to 
worry about. 2.0, well, most likely "when Kerberos 5 is stable enough", 
since that's the intended 2.0 feature.

> - A secure RPC / packet privacy.  This should be solved by above, right?
> We'd like to enforce packet privacy for secure file service on the file
> server side like in DCE/DFS and not rely on the client admin to remember
> to enable it.

well, we'd need some switch to enable/force it, there's a little bit of 
work to do for it, but it's mostly free once you have the above.

> - AFS/NFS translator for any one of Solaris, AIX or Linux.  I tried it on
> Solaris 9 and encountered knfs issues as per bugid 1480.  Does it work
> well on any of these three platforms now?

cs.cmu.edu is using it on solaris 9, but perhaps not with authentication. 
linux and aix aren't supported now; i only ported to solaris (the ibm 
translator was not provided)

> - UBIK best host algorithm rather than lowest IP#.

easy to write one, harder to come up with a way to distribute it generally

> - File level ACLs.

unlikely.

> - Volume names longer than 22/31 characters.

planned.