On 3 Mar 2010, at 18:28, Russ Allbery wrote:
Simon Wilkinson <[email protected]> writes:
It might be, but I think documenting multiple ways of doing things is
likely to be confusing to a novice user. We should pick one mechanism
and stick to it, and aklog is probably the best one to choose. In
addition, klog.krb5 won't be applicable to rxgk, but aklog is.
Why wouldn't klog.krb5 be applicable to rxgk, at least in the abstract
(doing the work is another matter)? It's just the combination of a
kinit
and aklog without storing the credentials in the file system. It
should
be usable with any Kerberos-based authentication mechanism.
Because rxgk doesn't care what GSSAPI mechanism is being used to get
the initial credentials. The tools that AFS provides assume that a set
of credentials are available (from Kerberos, from GSI, from a local
smart card ...), and simply does GSSAPI calls from then on.
Building specific Kerberos knowledge into rxgk is a non-goal - one of
the primary aims of rxgk is to build an rx security layer which is
mechanism independent.
Cheers,
Simon.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
