On Mar 21, 2006, at 11:02 AM, Alexandra Ellwood wrote:
Now Kerberos has serious problems with identity selection.
Currently applications automatically select the "default"
credentials, which results in terrible behavior when the user has
multiple identities which they want to use simultaneously. So in
the multiple-identity Kerberos case, something is going wrong
constantly, and users need to use Kerberos.app all the time. But
rather than sinking resources into Kerberos.app now, I think we'd
get a whole lot more bang for our buck if we replace the default
ccache model with something more expressive. Then users won't need
to go to Kerberos.app except when they have a real problem.
None of this solves the problem for AFS of course, I'm just
explaining why you shouldn't count on a Mac version of the Network
Identity Manager (or similar functionality in Keychain Access) any
time soon.
Well put.
I will note that AFS PAG's do provide a much better model for how to
manage credentials. It's not perfect either, but I consider it a
reasonable minimum for what Apple should provide.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
