Jeffrey Hutzelman wrote: > The problem, Jeff, is that you have not quite gotten over the antiquated > notion of a "site" in which a central administrator exerts complete > control over all the services and all the clients.
Jeff: I don't believe that any service provider has complete control over clients. However, I know that cell administrators want to be able to specify policy that is followed by clients. You have objected to all methods of distributing cell and realm configuration data that is the least bit insecure. The only method that is not insecure is for the user to btain that data in a trusted manner from the administrator of the cell. Adman is the administrator of his cell and until he can convince the powers that be at Berkeley to distribute configuration data for him, he will need to do so himself. The way his does that is to package the client and include the necessary configuration data. The other way he can distribute the data that I know you object to is to provide his end users an https URL that can be entered into the EXE versions of the OpenAFS.org and MIT KFW installers that will obtain configuration data from that location. I don't know where you get this idea that I believe in centralized control. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
