[OpenAFS] Re: Authentication without aklog

Andrew Deason adeason@sinenomine.net
Thu, 31 Jul 2014 19:46:19 -0500


On Thu, 31 Jul 2014 19:00:00 -0400 (EDT)
Benjamin Kaduk <kaduk@MIT.EDU> wrote:

> I find it interesting that we are all phrasing this in terms of a
> comparison to rpc.gssd ... which is a linux-specific piece of
> functionality.  Yes, Solaris and BSD have gssd, but they're different
> implementations.

That's just because I referred to it as rpc.gssd, which is what I've
heard others refer to it as. Just like 'aklog' can refer to things that
are not actually aklog in this thread, the same goes for rpc.gssd. I'm
not aware of a general name to refer to that piece of functionality, so
I just picked an implementation name that people have likely heard of
and know what it means.

> To me, this represents a big dificulty for a project as cross-platform
> as OpenAFS; it would probably require dedicated effort per-platform,
> so we would likely end up in a fragmented state for some (long) period
> of time.

Any discussion about implementation (which seems premature to me)
belongs in -devel and not here. But I also would not expect this to work
flawlessly even within a single platform (that's the "downside" of "the
rpc.gssd approach"), so not working on different platforms I don't find
very concerning.

> Then again, I guess we're already fragmented for other things (i.e.,
> PAGs), so maybe that's not so bad.  I don't know how many sites there
> are that require cross-platform feature parity, these days.

PAGs are "fragmented" only on OS X; unless you just mean in the
technical details of how they are implemented, but I don't see how
that's relevant. 

-- 
Andrew Deason
adeason@sinenomine.net