On 18 Jun 2010, at 18:49, Derrick Brashear wrote: [section 10.4] > Other commenters have come down on the side of the above as-is. I am > not wed to it. I would be happy to accommodate this as I feel simply > using GSSAPI export names globally would be more consistent.
My argument boils down to: If I am building a hypothetical AFS product which only supports GSSAPI, I'm not sure why I should be forced to have my server convert from GSSAPI to Kerberos v5 names, when I actually have no interest at all in the Kerberos v5 name. I think a better approach would be to require ptservers in cells which support multiple implementations of the same underlying security mechanism to perform the mapping. So, if you have a cell which supports both native Kerberos v5, and GSSAPI, then the ptserver should be responsible for mapping from the GSSAPI name to the Kerberos v5 one, and vice versa. Cheers, Simon _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
