Gary Winiger wrote: >>> GSSAPI/Kerberos are network authentication protocols what we want here >>> is access to an encryption key. > > Perhaps the point Roland is making is like Apple Key Chain > to have the lofi encryption key available if something like > Kerberos or rpcsec_gss is used as the account authority.
Apple Key Chain is nothing like Kerberos or GSSAPI. We have a keychain in Solaris from GNOME already. The hint in this case that there are follow on projects was a hint that I'm looking at this type of integration. I don't believe we need to provide that for this project to be complete. As it stands this project alone does not allow end users to mount file with lofi and have file system available, since the lofi mapping requires privileges normal users don't have. >> iSCSI is another story. Perhaps Roland was thinking of iSCSI? > > Would that be to unlock a keystore on the machine when logging in > that feeds the key to a crypto iSCSI protocol? iSCSI just needs some security, handwaving and saying that IPsec will solve it all doesn't cut it for many people (me included!). -- Darren J Moffat
