[OpenAFS] Re: Any budding documentation writers
Wed, 3 Mar 2010 18:36:25 +0000
On 3 Mar 2010, at 18:28, Russ Allbery wrote:
> Simon Wilkinson <firstname.lastname@example.org> writes:
>> It might be, but I think documenting multiple ways of doing things is
>> likely to be confusing to a novice user. We should pick one mechanism
>> and stick to it, and aklog is probably the best one to choose. In
>> addition, klog.krb5 won't be applicable to rxgk, but aklog is.
> Why wouldn't klog.krb5 be applicable to rxgk, at least in the abstract
> (doing the work is another matter)? It's just the combination of a
> and aklog without storing the credentials in the file system. It
> be usable with any Kerberos-based authentication mechanism.
Because rxgk doesn't care what GSSAPI mechanism is being used to get
the initial credentials. The tools that AFS provides assume that a set
of credentials are available (from Kerberos, from GSI, from a local
smart card ...), and simply does GSSAPI calls from then on.
Building specific Kerberos knowledge into rxgk is a non-goal - one of
the primary aims of rxgk is to build an rx security layer which is