Bryan,
1. I do not disagree with your statements in this mail, except as below
(two previous mails discuss id-mapping concepts and mechanisms as
applicable to Samba and NFSv4 in ways I find confusing)
2. Traditional AFS has weaker wire security than NFSv4 with RPCSEC_GSS
integrity+privacy, actually, and that applies to today's OpenAFS 1.4
3. That is not the case with rxk5, which Marcus Watts and I have worked
on for OpenAFS
4. Rxk5 does not use GSSAPI--it uses Kerberos V directly, so even though
PKINIT gives Kerberos V some X.509 integration, that would be more
complicated for small sites to manage than LIPKEY, I would think (but I
have not tried to use LIPKEY, actually--but I am calling that out
because people are going to need it)
5. Rxk5 is not an IETF standard, and neither is Rx (but Jeff Hutzelman
and others have stated a desire to change that), nor is AFS (not that
you claimed that)
6. I think you are highly over-the-top very frequently, and that the
tit4tat-ing contributes to the effect you remarked on yesterday (of
people you think your are in agreement with, believing they are in an
argument with you)
Matt
Bryan J. Smith wrote:
Matt Benjamin <[EMAIL PROTECTED]> wrote:
[snip]
Hey man, I was all for putting AFS into Exam 302! ;->
In fact, everytime some ignorant fool starts the NFS v. SMB
discussion, I always bark back "if you _really_ want to address
security, you shouldn't be promoting SMB but seriously considering
AFS."
But I _tried_ to keep the "Samba context" here (namely Exam 302), so
that's where my point was coming from.
Thanx for your commentary. I believe you and I are in total
agreement (please point out if I mis-interpreted anything you said or
did not understand or appreciate one of your points as you intended
it).
_______________________________________________
lpi-discuss mailing list
[email protected]
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-discuss
