Jeffrey Altman <[EMAIL PROTECTED]> writes: > Granted these models are currently not distributed such that you could > download an implementation from MIT or KTH but that is because there > has not been appropriate demand for such functionality and the current > Kerberos implementors do not have the resources to develop and test > functionality that is not of immediate use to current large scale > users. However, this functionality is on the drawing board for future > IETF standardization and implementation provided the necessary resources > can be acquired to complete the work.
I really think it's more of a political issue than anything else; I doubt they'd ever accept anything involving public key crypto as an "official, standard, core" part of Kerberos. And I can't say I disagree with them. I'm willing to contribute substantial developer-hours to realizing the goal of easy, administrator-intervention-free cross-realm and non-realm authentication. And I'm very flexible in terms of taking direction from people who've been around OpenAFS longer than I have on how this ought to be achieved. But if changing the "upstream" Kerberos just to improve AFS is a prerequesite, I think this might be a bigger task than I want to take on (or have the motivation to see through). - a _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
