Hello,

it is a request for a feature.

(well, the "right" behaviour would be to fix it myself, as OSS works,
but it not feasible for the moment)

With a hope that somebody does it before I manage to:

Background:

 - a (rather big and growing) collection of software placed on Coda
 - a wish to be sure a client is not running code from a faked server
 - a coming necessity to serve unauthenticated users

Current solution:
 - acls forcing all processes on the clients to be authenticated - to
   be able to read the binaries

Limitation:
 - no access for accounts not present in the Coda cell user database
or if we'd relax the acls
 - no spoof protection for such "foreign" accounts

It would be a very nice feature to be able to use some kind of Coda
servers' certificate to acquire Coda tokens.

Then anonymous users could safely run program from Coda.
(Such "users" set would also include "root"-s on client machines, that
otherwise have to be given separate accounts like host/<fqdn> in coda
user db, so we do now and so dce/dfs does.)

I know, certificate administration is a complicated issue in itself, but
it feels better than the necessity to maintain a separate account for
each, even casual, host and user.

A model like ssh's one, when a server presents its public key and a
client (clog program) has an option of remembering it for the future,
looks like a suitable approach, when a user can potentially compare the
fingerprint to a web page or alike.

Of course, real security and encryption for Coda RPCs is still to be done,
but the above feature does not have to wait for it.

My 2c and thanks for the great software,
--
Ivan