Subject: Re: kerberos question
To: Ken Hornstein <firstname.lastname@example.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Date: 09/15/1998 12:25:59
>My reasoning is that it's silly to have two RPC libraries in NetBSD,
>the "regular" one and the GSS-RPC one. Even if we didn't use the GSS-RPC
>code for anything except kadmin, I think it would be worth having. But
>if it really is a case of "there be dragons", then I'll stay away :-)
There are people who don't need GSS-RPC behind their firewalls. They
don't _want_ GSS-RPC. I'd rather not pay the bloat overheads of
GSS-RPC if I can avoid it. And I really, really, really don't want
GSS-RPC in the kernel (unless it can be configured away). And I dont
see much gain in forcibly GSS-RPC-ising all of userland is, if the
kernel NFS uses old, boring unauthenticated sunrpc. Is there
something I'm missing?
Once we've got that settled, what do you propose for rpc in EXPORTABLE
binary distributions? I dont think the one-library approach is viable
there. Do you?
Last, a small point: what happens to the KRB4 "domestic" distribution?
Does it disappear with krb5? If it does, what happens to poor sods in
academic sites who're stuck in an AFS KRB4 environment which isn't
migrating to a krb5 KDC? Are there any plans to leave the KRB4
"domestic" avaiable for legacy reasons?