Robert Watson wrote:

> Hi folks,
>
> I'd like to get an idea of who is using KerberosIV and KerberosV support
> in Coda.

Me, for one. And it's very important. Now that I've got Doug Engert's
sslk5 working properly, we have a straight path from

Smartcard->PKI->Kerberos V->distributed file system

without all of the gunk that goes with a DCE arrangement, and (reasonably)
cross platform from Win95, WinNT to Unix (well, Linux right now), but
I might get round to looking at HP-UX some time next millenium.

> mapping issue (how to map Kerberos identities to Coda identities),
> authorization issues, not to mention ease of use issues (such as: we
> always use this command line flag, why isn't it the default, or that the
> automatic invocation of kinit is a pain, etc).  Kerberos support is
> important to us in that it allows easy integration with existing
> distributed systems and a single-login.  Because of existing setups here
> at CMU, we have tested K4 support more extensively than K5; as such K5
> comments would be particularly welcome :).

When I get some time, I'll get back to hacking on it. The
biggest changes are the ones that you suggested about mapping
Kerberos principals onto Coda ids. At the moment, I'm using a
grungy pattern match to do the work, but would like a bit more
flexibility than that gives me.

Cheers,

Neil