[OpenAFS] Separating AFS tokens generation from Authenticatio n

Derek Atkins warlord at mit.edu
Wed Oct 10 21:20:41 CEST 2001


"Douglas E. Engert" <deengert at anl.gov> writes:

> Another nice idea, but then you get into what DFS had to do, in effect
> getting a separate ticket for each server. This required a TGT. 
> 
> The beauty of AFS today, is its simplicity. A token per cell. 

It's a trade-off.  The question is, how highly distributed do we want
to be able to be?  It would be nice if the 'openafs.org' cell (for one
example, central.org is another) could have servers located all around
the world.  It would also be nice if physical access to any server
would not give you full access to the cell.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available





More information about the Arla-drinkers mailing list