On Mon, 04 Aug 2014 15:21:36 -0500 Douglas E Engert <deeng...@gmail.com> wrote:
> User's have to "login" to other "network file systems" like DropBox, > Box, or other Cloud systems. The issue of having to login twice, is a > trust issue. Users live with it every day, on the Web. Users of all other kerberized services do not need to "login" to every service they use. If everything is configured properly to use kerberos, I don't need to separately login to the ldap server, to ssh, to kerberized nfs, or even to a website using spnego. I just use the relevant service after I have acquired kerberos tickets. Of course, most of those are userspace programs where this is much easier, but I see no reason for the user experience to be different for a non-userspace application if there are no technical obstacles making it impossible. (And imo, NFS has shown it's not impossible.) I can only imagine if I wanted to use 5 different kerberized services on the same box, and they all worked like AFS. Running aklog, nfsklog, sshklog, ldapklog, httpklog... it would be a nightmare. aklog has the ability to authenticate to multiple cells (which would help for dfs, and could probably help for nfs if it needed it, etc) but it would have to have knowledge of every single system to be convenient. -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info