arla + KfM + cmu's krbafs = no joy :-(

[Aaron Rosenblum]

They are making it so you cannot authenticate against kerberos servers 
via login (period)? Or are they changing the API, requiring a re-write 
of the login plugin?  It would seem that the primary reason we have not 
been able to deploy OS 10.1 in labs here at the University of Michigan 
is that we are unable to find a way to get OS 10.1 do what was described 
below. That is, use AFS as the home directory for a network user and 
allow them to authenticate via kerberos.

Aaron

 >>(2) My ultimate hope in all of this is to:
 >>[...]
 >>Do these hopes seem to be in line with the direction of development on 
KfM with Arla >>or OpenAFS?  (I realize that the patch you describe 
below won't provide all of the >>above.)
 >
 >Our Kerberos.loginAuthenticator exists as a interim solution for sites 
which want a >single sign-on solution to Kerberos authentication.  It is 
not designed to fulfill the login >requirements of every site which uses 
Kerberos.
 >
 >More importantly, we (MIT) are not investing any effort into improving 
the existing Login >Authenticator.  Apple does not support the Login 
Authenticator API and will replace it >with an incompatible API in a 
future automatic software update.   Hint: I personally >would not set my 
site up so that it depends on a custom Login Authenticator.
 >
 >However, MIT's computing environment also makes extensive use of both 
AFS and >Kerberos.  So while I can't talk about specifics, we do have 
similar site requirements and >desire similar functionality.
 >
 >If you want to help us (and improve your chances of getting what you 
want), please >report bugs and feature requests to Apple.  Increasing 
customer demand means more >resources for us to improve Kerberos and 
Kerberos-using services.