On Wed, 3 Mar 2010 18:36:25 +0000 Simon Wilkinson <[email protected]> wrote:
> On 3 Mar 2010, at 18:28, Russ Allbery wrote: > > > Why wouldn't klog.krb5 be applicable to rxgk, at least in the > > abstract (doing the work is another matter)? It's just the > > combination of a kinit and aklog without storing the credentials in > > the file system. It should be usable with any Kerberos-based > > authentication mechanism. > > Because rxgk doesn't care what GSSAPI mechanism is being used to get > the initial credentials. The tools that AFS provides assume that a set > of credentials are available (from Kerberos, from GSI, from a local > smart card ...), and simply does GSSAPI calls from then on. I'm not familiar with this area of the code at all, but are you saying you cannot acquire krb5 creds within an application, and (through some GSS hoops) pass it on to rxgk? That we must have a ticket cache (e.g. pointed to by KRB5CCNAME) available? I believe I am just misunderstanding you, but that is what I am hearing. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
