[OpenAFS] Re: Any budding documentation writers
Wed, 3 Mar 2010 15:06:53 -0600
On Wed, 03 Mar 2010 15:53:24 -0500
Jeffrey Altman <email@example.com> wrote:
> rxgk is not Kerberos based. Kerberos happens to be one of the
> authentication mechanisms that can be used via a GSSAPI mechanism to
> produce rxgk tokens. The others that will be available will include
> the GSI GSSAPI mechanism which will permit direct use of x.509
> certificates for obtaining rxgk tokens and SCRAM which is a password
> based GSSAPI mechanism.
I know and understand this.
> As with any Kerberos based GSSAPI mechanism there needs to be a
> credential cache. Even klog.krb5 uses a credential cache. It just
> destroys the contents of the cache it creates after it is finished.
This is what I didn't know. That seems crazy to me, but if that's what
we've got, it's what we've got.