Robert Banz wrote: So, you're going to issue client credentials to all of your AFS clients?
That's one way to do it. Many clients already have a host keytab, used by ssh for gss ticket passing for example. Also used by nfs for exactly the same purpose we are considering. Another way to do it is to publish a server public key. I don't like this much but it would work. If you decide that authenticating the server is too hard, then you're back to where we are today. I don't see any way around that. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
