On 3 Mar 2010, at 19:13, Russ Allbery wrote:
Er, many OpenAFS users do not have simple control over their Kerberos
configuration without duplicating it and setting environment
variables.
And for debugging purposes, it's obnoxious to have to make a
separate copy
of krb5.conf and mess around with the environment variable whose
name I
always put the wrong number of underscores in, rather than just
using a
command-line flag.
Actually, I'm not sure that GSSAPI will let us do this. A
GSS_C_NT_HOSTBASED_SERVICE is defined as being "serv...@hostname",
with no provision for specifying a realm.
We could define the acceptor identity as a GSS_KRB5_NT_PRINCIPAL_NAME,
but that completely ties us to using Kerberos as the GSSAPI mechanism.
It's not clear to me whether a name defined using one OID can be
portably used by an endpoint expecting a different OID.
S.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
