Hello Greg,

On Thu, Sep 16, 2004 at 06:50:21PM -0400, Greg Troxel wrote:
> I meant something that doesn't exist: using gss-wrap for the actual
> data authentication/confidentiality, and not getting coda tokens at
> all.  I am pretty sure that the current gssapi support is to use
> gss-api to get tokens, which are then used to do xor within rpc2.

Yes, it is. My experience says that gssapi is rather inflexible
and if we would try to replace tokens with pure gssapi, we inevitably
get a hard dependency on a certain gssapi backend.

Would all the users be happy with that (the only, for interoperability)
backend? I doubt as myself I would be really unhappy :)
We should not tie together authentication methods and transport, which
"total gssapification" would.

As a real life example, I have 3 (three) databases available via different
protocols, which I could / would like to use for authenticating my Coda users.
Currently I am using 2. It would not be possible with "gssapi only",
unless somebody implements gssapi over Coda tokens :)

Xor should be eliminated, but not by relying on a technology which
has its arbitrary limits.

=========== the gory details... :

Coda is yet the only filesystem which is truly global.

As the result of the globality, I can directly run my environment,
develop programs, watch movies, play games, on any computer in the world
running Linux or FreeBSD on Intel. Will be able on Darwin on ppc an so on,
as soon as I setup it.

Independently of the "root" user policies about which versions of software are
in /usr and /usr/local or what is the contents of /etc.
All I need is Coda and the right to start processes on that host.

I really _do_ the above.

You can not accomplish that with any other filesystem.
Not with a gssapi-wrapped transport either.
As soon as each realm would use its own gssapi backend,
we would definitely lose.

As soon as we'd choose an only backend, we lose in a different way,
not being able to use Coda with the existing user databases.

Are you going to convince 15000 users at a university to have one more
password, if the university happens to run something else than Coda's
gssapi backend as its user database?

I wouldn't :)

My best regards,
--
Ivan