[OpenAFS] Re: Any budding documentation writers

Andrew Deason adeason@sinenomine.net
Wed, 3 Mar 2010 15:06:53 -0600

On Wed, 03 Mar 2010 15:53:24 -0500
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:

> rxgk is not Kerberos based.  Kerberos happens to be one of the
> authentication mechanisms that can be used via a GSSAPI mechanism to
> produce rxgk tokens.  The others that will be available will include
> the GSI GSSAPI mechanism which will permit direct use of x.509
> certificates for obtaining rxgk tokens and SCRAM which is a password
> based GSSAPI mechanism.

I know and understand this.

> As with any Kerberos based GSSAPI mechanism there needs to be a
> credential cache.  Even klog.krb5 uses a credential cache.  It just
> destroys the contents of the cache it creates after it is finished.

This is what I didn't know. That seems crazy to me, but if that's what
we've got, it's what we've got.

Andrew Deason