On Thu, 31 Jul 2014 16:39:53 -0400 Dave Botsch <bot...@cnf.cornell.edu> wrote:
> On Linux, we use krb5-auth-dialog with its aklog plugin. > Krb5-auth-dialog auto renews tickets and tokens, which is really nice > (no need to run a separate krenew). > > On Mac (and replaced with krb5-auth-dialog for Linux), we use my now > quite old AFSTokens application as an all-in-one app. Like I said, it's > quite old and the code needs some updating, but it's there. And it works > with cross-realm principals! So, do I take this to mean, "these solutions work well enough for us, so I don't really care"? :) But even this seems like a good example of why some people are frustrated or annoyed by all of this. Every single authentication framework thing needs to have its own AFS plugin, or AFS tool, or whatever; you just listed two different ones for two different platforms. Wouldn't it be nice if everyone just needed a "krb5 plugin/tool/etc" instead of an krb5 and an AFS part? If that were true, it would make AFS seem more like a normal (sane) piece of software, and not its own weird special case. I think that previously I thought that approach was impossible or impractical, but more recently I've been thinking that that may not be the case. -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info