[OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #85 - 1 msg

Sly Upah supah@iastate.edu
Wed, 22 Jan 2003 11:19:06 CST


Then I would very much like to see Kerberos on OS X handle
expired passwords. As far as I can tell, it doesn't currently.

>Message: 1
>Date: Tue, 21 Jan 2003 09:14:24 -0800 (PST)
>From: Thomas Vincent <shetomv@pacbell.net>
>Subject: Re: [OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #81 - 1 msg
>To: Ragnar Sundblad <ragge@nada.kth.se>, port-darwin@openafs.org
>Cc: Thomas Vincent <shetomv@pacbell.net>
>
>My original question to MIT/Apple was if the Kerberos
>layer that MIT had developed was good for the GUI and
>CLI layer. The answer to that was yes. 
>One of the people I asked answered "Kerberoses
>interaction with the security server is up for
>debate." To me that meant that they are still hashing
>out the different ways Kerberos interacts with the
>security server. Now, that being said. Kerberos works
>in login window, and at the command line login. So in
>reality it is first class citizen. I haven't worked at
>Apple in a couple of years, so my pulse on the subject
>is a little stale. 
>The bottom line is that Apple has several very large
>higher education customers (UMICH, Stanford, MIT, CMU)
>that use Keberos and are heavily committed to it. I
>can't see Apple not giving Kerberos its just dues. 
>--- Ragnar Sundblad <ragge@nada.kth.se> wrote:
>> 
>> --On den 18 januari 2003 22:23 -0800 Thomas Vincent
>> <shetomv@pacbell.net> 
>> wrote:
>> 
>> > I asked the MIT team that does Apple Kerberos,
>> about
>> > Kerberoses interaction with Mac OS X. They
>> responded
>> > that the Apple Kerberos implimentation interacted
>> fine
>> > with the CLI and login window. That being said its
>> > interaction with security server is up for debate.
>> 
>> Sorry, I don't get it: debate within what forum?
>> Within
>> apple between the system designers?
>> Isn't it clear that Kerberos should be a first class
>> authentication system and should be intergrated as
>> such?
>> I can imagine there are some technicalities that has
>> to be
>> solved, but are there any other problems?
>> 
>> I believe you, Thomas, has some contacts within
>> apple.
>> Can you ask them what the problem really is, and if
>> there
>> are any questions, open up a discussion with us, the
>> users
>> of their code?
>> 
>> Is is surely good and fine to think things trough so
>> that they
>> get integrated well, but what the heck, they have
>> been talking
>> about, designing and hacking on the kerberos
>> implementation and
>> the Security Service things in parallel for over two
>> years now,
>> how can integrating them be a problem? I guess that
>> was a
>> rhetorical question. I don't want to be mean, but we
>> must be
>> able to get a better answer than what they have
>> given us.
>> 
>> /ragge