On Sunday, October 23, 2005 09:53:37 PM -0700 Adam Megacz <[EMAIL PROTECTED]> wrote:
Just checking if I understand this correctly... the "prdb extensions" described here: http://www.afsig.se/snipsnap/space/prdb+extensions amount to a generalization of pts that would let it do what gssklogd currently does, right? And, if I'm not mistaken, the new API calls serve a function similar to gssklogd's "gssklog-map" file, right?
These extensions serve a similar purpose, but in a somewhat different way. Because the fileserver constructs a client's PTS name from its Kerberos principal name, only a limited set of mappings are possible. The new architecture moves the responsiblity for mapping credentials onto PTS entries to a central location (the ptserver), allowing both mechanical name transformations and specific, individual mappings. Jeff noted a variety of benefits of this model, but with something of an emphasis on auditing and the needs of certain agencies and companies. It's worth noting that while these extensions would be useful to those users, they are not the only reason to have them. In my (admittedly biased) opinion, the proposed changes result in a much cleaner design, improved flexibility, and (eventually) eliminate the need for external tools like gssklog. -- Jeff _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
