[OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #81 - 1 msg

Thomas Vincent shetomv@pacbell.net
Tue, 21 Jan 2003 09:14:24 -0800 (PST)


My original question to MIT/Apple was if the Kerberos
layer that MIT had developed was good for the GUI and
CLI layer. The answer to that was yes. 
One of the people I asked answered "Kerberoses
interaction with the security server is up for
debate." To me that meant that they are still hashing
out the different ways Kerberos interacts with the
security server. Now, that being said. Kerberos works
in login window, and at the command line login. So in
reality it is first class citizen. I haven't worked at
Apple in a couple of years, so my pulse on the subject
is a little stale. 
The bottom line is that Apple has several very large
higher education customers (UMICH, Stanford, MIT, CMU)
that use Keberos and are heavily committed to it. I
can't see Apple not giving Kerberos its just dues. 
--- Ragnar Sundblad <ragge@nada.kth.se> wrote:
> 
> --On den 18 januari 2003 22:23 -0800 Thomas Vincent
> <shetomv@pacbell.net> 
> wrote:
> 
> > I asked the MIT team that does Apple Kerberos,
> about
> > Kerberoses interaction with Mac OS X. They
> responded
> > that the Apple Kerberos implimentation interacted
> fine
> > with the CLI and login window. That being said its
> > interaction with security server is up for debate.
> 
> Sorry, I don't get it: debate within what forum?
> Within
> apple between the system designers?
> Isn't it clear that Kerberos should be a first class
> authentication system and should be intergrated as
> such?
> I can imagine there are some technicalities that has
> to be
> solved, but are there any other problems?
> 
> I believe you, Thomas, has some contacts within
> apple.
> Can you ask them what the problem really is, and if
> there
> are any questions, open up a discussion with us, the
> users
> of their code?
> 
> Is is surely good and fine to think things trough so
> that they
> get integrated well, but what the heck, they have
> been talking
> about, designing and hacking on the kerberos
> implementation and
> the Security Service things in parallel for over two
> years now,
> how can integrating them be a problem? I guess that
> was a
> rhetorical question. I don't want to be mean, but we
> must be
> able to get a better answer than what they have
> given us.
> 
> /ragge
> 
> 
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin