On Friday, February 16, 2007 06:32:45 AM -0500 Marcus Watts <[EMAIL PROTECTED]> wrote:
The intention is that the "generic" token interface be capable of being augmented with with future token types (such as rxgk) in the future. The assumption is that in a given realm, all db & file servers be capable of dealing with the same credential type, and that is the responsibility of aklog/klog, with input from the user & from the kdc, to get the appropriate credential. The "capability" call is intended to return information on cm capabilities. For now it only supports rxk5 encryption types. In the future, it might also return information on other things, or have a companion pioctl to allow setting things. This might be used to get/set locking behavior or fs setcrypt.
We bashed out a lot of the details of what the new interfaces will look like and what the fallback and transition mechanisms need to be at the rxgk hackathon last month. Details, including the specifications for the new VIOCGETTOK2 and VIOCSETTOK2 pioctls, can be found at
<http://www.afsig.se/afsig/space/rxgk-client-integration> -- Jeff _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
