(Illustration by Gaich Muramatsu)
Hi all, reading openafs-devel list, they suffer from the same problems as Coda does with unsure server identities during anonymous access and with mixing cached data obtained under different security contexts. (http://lists.openafs.org/pipermail/openafs-devel/2007-March/015073.html) Note that the first problem has been solved for Coda long ago with the modular clog, where the user has a possibility to fetch an "anonymous" token over a ssl connection (transparently for the user) thus verifying the corresponding servers' identity. (The openafs approach is going to be similar, though the currently proposed one implies client host administration depending on the cells (realms) to be used, which contradicts globality) The "lack of cache isolation" is a problem which Coda apparently inherited from AFS. We should get rid of it. Cheers, RuneReceived on 2007-03-23 09:26:34