On Thu, 31 Jul 2014, Brandon Allbery wrote:
For what it's worth, I am seeing more people move to (or start with) NFSv4 and then run into the restrictions imposed by rpc.gssd and become frustrated. This seems to be educational as to why OpenAFS uses tokens.
I find it interesting that we are all phrasing this in terms of a comparison to rpc.gssd ... which is a linux-specific piece of functionality. Yes, Solaris and BSD have gssd, but they're different implementations. To me, this represents a big dificulty for a project as cross-platform as OpenAFS; it would probably require dedicated effort per-platform, so we would likely end up in a fragmented state for some (long) period of time. Then again, I guess we're already fragmented for other things (i.e., PAGs), so maybe that's not so bad. I don't know how many sites there are that require cross-platform feature parity, these days.
The improvements to the KEYRING: cache type that went into MIT krb5 1.12 help rpc.gssd out quite a bit, giving it a much better idea of what krb5 credentials are tied to which user sessions/processes/etc., but that is, of course, linux-specific.
It's also worth mentioning that our life in this space will get harder when rxgk comes into play.
-Ben _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
