There exist a bunch of forwarding mechanisms for tickets and tokens which all have different problems, some have bad security, some have no security, some depend on the IP addr some on the endianess of the computers involved, just to mention some.
Not passing the tokens is better than passing them with some kind of encryption over whatever channel. As there nowadays exist krb5 enabled r* utilities which can be configured to forward tickets and get tokens from that tickets, I suggest scrapping all odd ticket or token passing mechanisms, including the r* stuff currently distributed with openafs. OK, I like to paint things black and white. Harald. _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
