> [Last paragraph of section 3] > Tokens returned from the GSSNegotiate call MUST only be used with > database servers. Tokens for fileservers MUST be obtained by calling > AFSCombineTokens before each server is contacted. > > Without context, that doesn't seem clear to me whether it means the database server processes and the fileserver process, or if it means the > actual machines.
Interpreting this as actual machines makes the most sense here. One of the purposes for all this complexity is so that fileserver machines (running bosserver, fileserver and volserver processes) can have unique keys not shared with all the other server hosts in the cell. This is somewhat simpler administratively, but also enables a cell to have servers administered by multiple groups that don't trust each other (everyone must trust the database server maintainers, but that's it)
smime.p7s
Description: S/MIME cryptographic signature
