gssklog would only solve part of the problem. The AFS admins still get
involved, deciding what GSS to use, and with a X509, what certificates
what CAs are trusted. In any case the AFS admins need to define the
mapping from the PKI to the AFS usernames.
How paranoid are your AFS admins?
Derek
Sounds like you want gssklog, where you can convert any GSS credential
(i.e., X.509 and/or some new PGP-based GSS mech) to obtain AFS tokens.
-derek
Sergio Gelato [EMAIL PROTECTED] writes:
* Adam Megacz [2005-03-19 00:42:44 -0800]:
My only gripe with Kerberos is that two non-admin users can't
My only gripe with Kerberos is that two non-admin users can't set up a
trust/permissions relationship without involving their kerberos admins
(ie adding principals), or having a kerberos server in the first
place. Sometimes the former just isn't possible (paranoid sysadmins
won't create
* Adam Megacz [2005-03-19 00:42:44 -0800]:
My only gripe with Kerberos is that two non-admin users can't set up a
trust/permissions relationship without involving their kerberos admins
(ie adding principals), or having a kerberos server in the first
place. Sometimes the former just isn't