Coda File System

Re: RFC: package checking via pkg-config

From: <u+codalist-p4pg_at_chalmers.se>
Date: Wed, 23 May 2007 16:21:44 +0200
On Wed, May 23, 2007 at 07:40:47AM -0400, Greg Troxel wrote:
> I think coda in general suffers from doing things again in its own way
> rather than leveraging standard approaches and code.  This is
> understandable given the long history and early roots.  Besides external
> crypto libraries, I think it's a bug that coda has it's own
> authentication scheme.  It's really just N-S, and Kerberos for example
> has had far more analysis.

Greg,

doing things on one's own is sometimes an important prerequisite for doing
things right.

Your particular example with Kerberos is in fact a good one - Kerberos
is a complicated set of protocols and libraries and in practice is a mess,
especially lacking globality (per-client setup being the general rule).
Coda tokens are also a lot easier to handle than Kerberos tickets,
they are well suited for their purpose.

As a bonus, Coda can use Kerberos infrastructure without being bound by it.

By the way, is there anybody outside Gothenburg using Kerberos authentication
with Coda?

Please step ahead if anybody does, otherwise let me argue that Kerberos
is not especially welcomed by Coda admins.
It would be a shame to put such a heavy dependency on Coda.

It is a strength that (say, unlike AFS) Coda does not depend on coordination
with Kerberos development, nor does it depend on the (limiting)
Kerberos infrastructure and design.
Coda is "larger" than Kerberos is suitable for.

This is a personal opinion, not intended to begin a flame war,
but to demonstrate a different point of view.

Best regards,
Rune
Received on 2007-05-23 10:22:36