[OpenAFS] Re: Any budding documentation writers
Andrew Deason
adeason@sinenomine.net
Wed, 3 Mar 2010 14:32:27 -0600
On Wed, 3 Mar 2010 18:36:25 +0000
Simon Wilkinson <sxw@inf.ed.ac.uk> wrote:
> On 3 Mar 2010, at 18:28, Russ Allbery wrote:
>
> > Why wouldn't klog.krb5 be applicable to rxgk, at least in the
> > abstract (doing the work is another matter)? It's just the
> > combination of a kinit and aklog without storing the credentials in
> > the file system. It should be usable with any Kerberos-based
> > authentication mechanism.
>
> Because rxgk doesn't care what GSSAPI mechanism is being used to get
> the initial credentials. The tools that AFS provides assume that a set
> of credentials are available (from Kerberos, from GSI, from a local
> smart card ...), and simply does GSSAPI calls from then on.
I'm not familiar with this area of the code at all, but are you saying
you cannot acquire krb5 creds within an application, and (through some
GSS hoops) pass it on to rxgk? That we must have a ticket cache (e.g.
pointed to by KRB5CCNAME) available?
I believe I am just misunderstanding you, but that is what I am hearing.
--
Andrew Deason
adeason@sinenomine.net