--On Tuesday, January 15, 2008 10:46:55 PM -0500 Derrick Brashear
<[EMAIL PROTECTED]> wrote:
On Jan 6, 2008 2:08 PM, Adam Megacz <[EMAIL PROTECTED]> wrote:
Jim Rees <[EMAIL PROTECTED]> writes:
> Please test this code. Even if you don't plan to use any of the rxk5
> features, please build it and report back here.
I had heard rumors that rxk5 might (eventually) include support for
using a different KeyFile on each fileserver. Is this functionality
on the branch by any chance?
rxgk was going to. rxk5, news to me.
At the rxgk hackathon last year, we discussed and in some cases designed
the mechanisms that would be necessary to make this happen, as well as to
handle secure negotiation of security classes in a mixed-mode cell. The
solutions we came up with were not specific to rxgk, but also have largely
not been implemented. Note that supporting separate service keys for each
server is _very_ complex; it not only requires the cache manager to
discover the correct service principals and maintain separate sets of
tickets for each server, but also for a variety of administrative tools to
handle using different tickets to talk to different servers, as when you
use 'vos' to perform an operation that requires both updating the VLDB and
performing volume operations on one or more servers. It also makes volume
moves and releases considerably more complex. And that's just the start.
So, don't go looking for this functionality any time soon. It's harder
than it looks, and not real high on most people's priority lists.
-- Jeff
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
