Russ Allbery <[EMAIL PROTECTED]> writes: >> Okay, you're right. There are projects out there that are working on >> solving this -- and this covers half my concern. The other half is >> users who do not belong to a realm (ie those users who are not >> affiliated with a university and don't have their own server to run a >> private KDC on).
> In order to authenticate, they have to be able to talk to some > authentication service somewhere. Hrm, but I can check a public key signature even if I'm stranded on a desert island without "live" access to the CA. I can't do kerberos authentication with a peer on a desert island -- I need "live" access to the KDC. I mean, you can self-sign a certificate and give a paper copy to somebody at a conference -- all without having to lease a server that's "always-on". I know these aren't the most realistic examples; I'm just trying to call attention to this requirement that a lot of people can't (or won't) meet. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info