On Fri, 2014-08-01 at 17:35 -0500, Troy Benjegerdes wrote: > So why don't we use the kernel keyring on Linux, and the built-in OS support > on both MacOS and Windows for Kerberos to grab the key that matches the > default realm? If you have weird situations, or where administrators feel > they must stick with 'legacy' behavior, then make a 'disable_request_key()' > option to the cache manager.
Because, while they're no doubt the most common OSes in your privileged experience, they are not necessarily the most common OSes that are used with AFS. In particular, I support a decent number of customers that use Solaris heavily; where is your "oh just use the OS keyring abstraction" there? Or should they dump AFS because they are not on the OSes that you know from your privileged view are the only ones that matter? -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix openafs kerberos infrastructure xmonad http://sinenomine.net