I'd suggest getting some documentation on the internals of AD and Kerberos so this project can move forward. Can anyone suggest some good books for this (and maybe for the SCSI protocol too -- separate issue entirely though)?
The Kerberos protocol is well documented; in fact, it is an Internet standards-track specification. For the current specification, see draft-ietf-krb-wg-kerberos-clarifications-07.txt, RFC3961, and RFC3962.
This is a bit off-topic, but the SCSI protocol is also fairly well documented; it is an IEEE standard. For an overview of the SCSI-3 architecture and links to the drafts describing its architecture, transports, and command sets, see <http://www.t10.org/scsi-3.htm>
It should be noted that AD is not just a Kerberos server; it's also an LDAP server. The LDAP protocol is also an Internet standards-track protocol, which is the subject of ongoing work in the ldapbis working group. See http://www.ietf.org/html.charters/ldapbis-charter.html
Unfortunately, the problem is that AD is more than just LDAP and Kerberos; it requires specific extensions, some of which are poorly-documented, if at all. As Jeff has noted, it is certainly possible to build a replacement for AD; in fact, there are a couple such projects which have already been mentioned in this thread.
However, such an effort is out of scope for the OpenAFS project. OpenAFS is not an authentication service or a directory service, which are the things AD does, and so it is not a replacement for AD. AFS is a distributed network filesystem, and it fills that role extremely well -- so well, in fact, that I have yet to see its equal. However, it is not a complete distributed computing infrastructure, and does not purport to be. No amount of asking "how can I have users log in to my windows box without having local accounts or a directory service" will change the fact that a directory service is an essential component in any such system, and that service is simply not what AFS does.
If you are interested in work toward providing distributed computing infrastructure based on Kerberos and LDAP, I suggest you check out work like XAD (<http://www.padl.com/Products/XAD.html>) and the Hurderos project (<http://www.hurderos.org/>).
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
_______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
