Coda File System

Re: More bugs in krb5.c!?

From: Ivan Popov <pin_at_medic.chalmers.se>
Date: Wed, 21 Apr 2004 15:16:46 +0200
Hello Greg,

On Wed, Apr 21, 2004 at 08:35:33AM -0400, Greg Troxel wrote:
> For kerberos realm, I'd say in KRB.REALM obtained by using the normal
> kerberos config mechanisms to find the KRB.REALM which corresponds to
> the 'host' CODA.REALM.

Kerberos realm corresponding to Coda realm - how can Kerberos config
mechanism know that? You mean a separate rule in the client krb5.conf file?
For each Coda realm in the world that can be contacted from that
client (i.e. most of them :) ??

Even not mentioning that Kerberos rules to translate DNS domain names
to Kerberos realms have little ground to exist at all.
There is nothing that binds a certain host to a certain Kerberos realm.

That is an _application_/_service_ which interacts with a certain
(or several!) Kerberos realm(s), not a host...
(yes, there is a "host login" application, but that's it)

There is neither anything that binds a Coda realm to just _one_ Kerberos
realm.

Let us reduce confusion and avoid using wrong tools. If there is no hammer
at hand, let's find it, don't use an iron...

Cheers,
--
Ivan
Received on 2004-04-21 09:20:48