I personally have no problem with integrating Kerberos into Keychain
Access, especially if there is an integrated way to show AFS tokens
as well. Sounds like a good idea.
However I put out a list of 6 things that we need for AFS on the Mac
and the GUI's were the last item. We seem to be stuck between 1 and 2.
On Mar 21, 2006, at 9:12 AM, Ernest Prabhakar wrote:
Hi lxs,
On Mar 21, 2006, at 7:01 AM, Alexandra Ellwood wrote:
Apple has such a tool. It's called Keychain Access. It stores
certs, passwords, identity preferences... basically anything
living in your keychain. I can't speak for Apple (I'm not even an
Apple employee) but I'd place good money on this being where Apple
would display Kerberos and AFS credentials if they were doing the
support themselves.
That being said I've never placed high priority on Kerberos
support in Keychain Access because Mac users don't seem to want
it. Mac users want Kerberos to work without any interaction with
any tools. They want to be prompted for tickets when they need
new ones (or have them automatically acquired in the pkinit case).
Um, I'm having trouble following this argument, but I want to make
sure I understand your issue. I completely understand that AFS
users don't want to run a GUI application. But, I'm confused with
how that impacts the issue of using "Keychain Services" as the
underlying API and storage mechanism for managing AFS tickets:
http://developer.apple.com/documentation/Security/Conceptual/
Security_Overview/Security_Services/chapter_4_section_6.html
Presumably, it would be straightforward for AFS and Kerberos to use
Keychain Services and provide their own CLI interface, no? Or are
you concerned about something completely different?
-- Ernie P.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
