Hi lxs,
On Mar 21, 2006, at 7:01 AM, Alexandra Ellwood wrote:
Apple has such a tool. It's called Keychain Access. It stores
certs, passwords, identity preferences... basically anything living
in your keychain. I can't speak for Apple (I'm not even an Apple
employee) but I'd place good money on this being where Apple would
display Kerberos and AFS credentials if they were doing the support
themselves.
That being said I've never placed high priority on Kerberos support
in Keychain Access because Mac users don't seem to want it. Mac
users want Kerberos to work without any interaction with any
tools. They want to be prompted for tickets when they need new
ones (or have them automatically acquired in the pkinit case).
Um, I'm having trouble following this argument, but I want to make
sure I understand your issue. I completely understand that AFS users
don't want to run a GUI application. But, I'm confused with how that
impacts the issue of using "Keychain Services" as the underlying API
and storage mechanism for managing AFS tickets:
http://developer.apple.com/documentation/Security/Conceptual/
Security_Overview/Security_Services/chapter_4_section_6.html
Presumably, it would be straightforward for AFS and Kerberos to use
Keychain Services and provide their own CLI interface, no? Or are
you concerned about something completely different?
-- Ernie P.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
