On Wednesday, December 28, 2005 01:44:26 PM -0500 Jeffrey Altman <[EMAIL PROTECTED]> wrote:
A good solution for this would be to provide a new RPC that can be sent to any AFS service that requires authentication that would return a list of local authentication domains: * Kerberos 4: KERBEROS.REALM * Kerberos 5: KERBEROS.REALM * Kerberos 5: ANOTHER.REALM etc. Then aklog could obtain the list of AFSDB records and query the servers directly.
No, that would be a horrible solution. It's terribly insecure, and introduces Kerberos-specific behavior at a time when we're trying to move forward with a mechanism-independent security class. Really, Jeff, you should know better.
-- Jeff _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
