Jeffrey Hutzelman <[email protected]> writes: > Simon Wilkinson <[email protected]> wrote:
>> *) It isn't particularly extensible, because we have no change >> control over GSSAPI. What happens if (unlikely) a Kerberos 4 GSSAPI >> mechanism is standardised? > Unlikely, and growing more so by the moment. But if it happened, we'd > have to decide whether it's more important for GSS-krb4 to match > existing krb4 auth names in the PRDB, or for nothing to have to know > about the correspondence. >> What happens if we add an explicit X509 mechanism? > Don't do that. I might be missing some context here, but that makes me very nervous. I think it's extremely likely that we're going to have sites who want to use an X.509 mechanism for authentication that is not mediated by Kerberos. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
