On 9/27/07, John Hascall <[EMAIL PROTECTED]> wrote: > > > > > > We aren't going to break existing deployments of AFS. > > > > So all future releases of OpenAFS forever will support rxkad > > > and K4/DES-based tokens? And there will be no way for a cell > > > to turn that off? Really? > > > You have the source. You can always patch it. So that's obviously false. > > Well, that's a tautology isn't it. You can always say "we aren't going > to break it, you can always patch it yourself".
We aren't going to break it is not you aren't going to break it. I can't stop you from shooting yourself in the foot, but I'm not interested in helping. I've made that point in those words before. You have a point, but I don't think it's the point you've been presenting. > But there's literally no one with AFS deployed now whose clients are ready > > for this transition. > > Today isn't the point. Presumably, someday people *will* start to > transition. And, barring a worldwide flag-day, cells *will* make > the transition at different times. Somebody *will* be the first > one to delete their "afs" principal. Yup. And then old clients get unauth access only. Previously in this discussion it was said you need to upgrade all > your servers before you start upgrading your clients. So if, (on > that day that some other cell deletes "afs"), you haven't progressed > far enough in your transition to where you can upgrade your clients, > it sounds to me like you are in trouble. Only if you want authenticated access.
