>I think AFS uses the correct model. Credentials are really an attribute >of the user and for the best security should be tracked by the kernel like >any other security attribute of the user (UID, GID, supplemental groups, >capabilities, etc.). But that gets into really nasty cross-platform >issues, not to mention annoying kernel licensing issues.
AFS makes this easier by not having to actually do any Kerberos on the client side, of course. I agree with you that it should be a kernel attribute ... it's just that real life gets in the way. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
