On Mon, 8 Nov 2004, Mike Burns wrote:
- Native Kerberos 5 and support for multiple strong (better than single DES) encryption types. I've used the migration toolkit patch to get K5 support, but would rather not have to do that each time we upgrade to a new version of OpenAFS.
Jeffrey Altman already informed me that this will be worked on at the AFS Hackathon next month and make it into OpenAFS 2.0, but that it would not be stable enough for the 1.4 release. There may not be anything more to add to this.. Is there a projected timeframe for the release of 1.4 and 2.0?
1.4 was supposed to be out "already" but there are a few more bugs to worry about. 2.0, well, most likely "when Kerberos 5 is stable enough", since that's the intended 2.0 feature.
- A secure RPC / packet privacy. This should be solved by above, right? We'd like to enforce packet privacy for secure file service on the file server side like in DCE/DFS and not rely on the client admin to remember to enable it.
well, we'd need some switch to enable/force it, there's a little bit of work to do for it, but it's mostly free once you have the above.
- AFS/NFS translator for any one of Solaris, AIX or Linux. I tried it on Solaris 9 and encountered knfs issues as per bugid 1480. Does it work well on any of these three platforms now?
cs.cmu.edu is using it on solaris 9, but perhaps not with authentication. linux and aix aren't supported now; i only ported to solaris (the ibm translator was not provided)
- UBIK best host algorithm rather than lowest IP#.
easy to write one, harder to come up with a way to distribute it generally
- File level ACLs.
unlikely.
- Volume names longer than 22/31 characters.
planned.
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
