> What has been voiced as part of this thread by Chaz and Dave and perhaps > by Ragge (not sure yet) is that there is a desire to have an AFS > identity centric model in preference to a Kerberos v5 identity centric > model when it comes to authentication. ...
Yes, perhaps that's the best way to think about the value that afscreds currently brings: it's AFS identity-centric. Some of the "red X" comments highlight the value of this emphasis from the user's perspective. I would guess that some sites only use krb5 because they need some kind of authentication method for AFS (and, of course, krb4 is no longer a good bet). Given that: > 1. in order to perform credentials acquisition or drive mapping > the process must be unprivileged. > > 2. in order to start/stop the service or change configuration > settings it must be "run as administrator" And some of the other comments on the list, could the future of afscreds be isolated to #1 (unprivileged-type activities)? Then let the following items take care of more complex scenarios and privileged operations: > 1. A Microsoft Management Console for configuration which Brant > Gurganus worked on for GSoC but has yet to be completed. > > 2. Explorer Shell extensions to provide a tighter integration > between AFS and the user desktop experience so that drive > mapping would no longer be required. > > 3. Network Identity Manager for authentication. -Chaz _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
