[OpenAFS] The removal of afscreds.exe and afs_config.exe on Windows
Vista and Windows 7: Seeking Opinions
Fri, 09 Oct 2009 19:34:18 -0400
> What has been voiced as part of this thread by Chaz and Dave and perhaps
> by Ragge (not sure yet) is that there is a desire to have an AFS
> identity centric model in preference to a Kerberos v5 identity centric
> model when it comes to authentication. ...
Yes, perhaps that's the best way to think about the value that afscreds
currently brings: it's AFS identity-centric. Some of the "red X"
comments highlight the value of this emphasis from the user's
perspective. I would guess that some sites only use krb5 because they
need some kind of authentication method for AFS (and, of course, krb4 is
no longer a good bet).
> 1. in order to perform credentials acquisition or drive mapping
> the process must be unprivileged.
> 2. in order to start/stop the service or change configuration
> settings it must be "run as administrator"
And some of the other comments on the list, could the future of afscreds
be isolated to #1 (unprivileged-type activities)? Then let the
following items take care of more complex scenarios and privileged
> 1. A Microsoft Management Console for configuration which Brant
> Gurganus worked on for GSoC but has yet to be completed.
> 2. Explorer Shell extensions to provide a tighter integration
> between AFS and the user desktop experience so that drive
> mapping would no longer be required.
> 3. Network Identity Manager for authentication.