In an attempt to summarize the discussion and move forward, it sounds like
we are in agreement that the bosserver should offer the RXGK_GSSNegotiate
RPC, and tokens obtained from that service should only be used with
bosservers.
I think that the most promising approach is probably to have an
afs3-bos@cell GSS identity for each machine running a bosserver, and use
that for the GSS negotiation service. Tokens thus obtained will be tied
to that particular machine's bosserver, and 'bos -localauth' will only be
able to affect the local machine upon which it is running. It does make
administering machines serving multiple cells cleaner, though, and
preservers our abstractions.
Barring objections, I'll plan to add some additional text along the lines
of "Other AFS infrastructure wishing to use rxgk (for services which are
not database or file servers, such as for system management purposes)
SHOULD offer a key negotiation service for each rxgk-using application;
tokens obtained from such a negotiation service SHOULD only be used
against that application. For services with a port assignment from IANA,
the GSS identity used for the negotiation service SHOULD us the name from
the port assignment, as <name>@<hostname>. For example, a bosserver
running on port 7007 of the machine www.example.com would use the GSS
identity [email protected].
Hmm, maybe the last sentence is not needed.
-Ben
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
