[OpenAFS-port-darwin] Re: port-darwin digest, Vol 1 #85 - 1 msg

Thomas Vincent shetomv@pacbell.net
Wed, 22 Jan 2003 09:42:38 -0800 (PST)


Isn't that more of a issue with the Kerberos server
software?
--- Sly Upah <supah@iastate.edu> wrote:
> Then I would very much like to see Kerberos on OS X
> handle
> expired passwords. As far as I can tell, it doesn't
> currently.
> 
> >Message: 1
> >Date: Tue, 21 Jan 2003 09:14:24 -0800 (PST)
> >From: Thomas Vincent <shetomv@pacbell.net>
> >Subject: Re: [OpenAFS-port-darwin] Re: port-darwin
> digest, Vol 1 #81 - 1 msg
> >To: Ragnar Sundblad <ragge@nada.kth.se>,
> port-darwin@openafs.org
> >Cc: Thomas Vincent <shetomv@pacbell.net>
> >
> >My original question to MIT/Apple was if the
> Kerberos
> >layer that MIT had developed was good for the GUI
> and
> >CLI layer. The answer to that was yes. 
> >One of the people I asked answered "Kerberoses
> >interaction with the security server is up for
> >debate." To me that meant that they are still
> hashing
> >out the different ways Kerberos interacts with the
> >security server. Now, that being said. Kerberos
> works
> >in login window, and at the command line login. So
> in
> >reality it is first class citizen. I haven't worked
> at
> >Apple in a couple of years, so my pulse on the
> subject
> >is a little stale. 
> >The bottom line is that Apple has several very
> large
> >higher education customers (UMICH, Stanford, MIT,
> CMU)
> >that use Keberos and are heavily committed to it. I
> >can't see Apple not giving Kerberos its just dues. 
> >--- Ragnar Sundblad <ragge@nada.kth.se> wrote:
> >> 
> >> --On den 18 januari 2003 22:23 -0800 Thomas
> Vincent
> >> <shetomv@pacbell.net> 
> >> wrote:
> >> 
> >> > I asked the MIT team that does Apple Kerberos,
> >> about
> >> > Kerberoses interaction with Mac OS X. They
> >> responded
> >> > that the Apple Kerberos implimentation
> interacted
> >> fine
> >> > with the CLI and login window. That being said
> its
> >> > interaction with security server is up for
> debate.
> >> 
> >> Sorry, I don't get it: debate within what forum?
> >> Within
> >> apple between the system designers?
> >> Isn't it clear that Kerberos should be a first
> class
> >> authentication system and should be intergrated
> as
> >> such?
> >> I can imagine there are some technicalities that
> has
> >> to be
> >> solved, but are there any other problems?
> >> 
> >> I believe you, Thomas, has some contacts within
> >> apple.
> >> Can you ask them what the problem really is, and
> if
> >> there
> >> are any questions, open up a discussion with us,
> the
> >> users
> >> of their code?
> >> 
> >> Is is surely good and fine to think things trough
> so
> >> that they
> >> get integrated well, but what the heck, they have
> >> been talking
> >> about, designing and hacking on the kerberos
> >> implementation and
> >> the Security Service things in parallel for over
> two
> >> years now,
> >> how can integrating them be a problem? I guess
> that
> >> was a
> >> rhetorical question. I don't want to be mean, but
> we
> >> must be
> >> able to get a better answer than what they have
> >> given us.
> >> 
> >> /ragge
> 
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin