[36251] in Kerberos
Re: Feedback on KfW 4.0.1 Ticket Manager app
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Thu Jul 3 00:21:13 2014
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <53B4D97F.4060706@secure-endpoints.com>
Date: Thu, 03 Jul 2014 00:18:07 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: Dave Botsch <botsch@cnf.cornell.edu>, kerberos@mit.edu
In-Reply-To: <20140702170317.GH14020@cnf.cornell.edu>
Content-Type: multipart/mixed; boundary="===============0561388259=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============0561388259==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms090802020804040204030009"
This is a cryptographically signed message in MIME format.
--------------ms090802020804040204030009
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 7/2/2014 1:03 PM, Dave Botsch wrote:
> Also, being able to auto obtain afs tokens as a side effect of getting
> kerberos tickets would be really useful. Users have a hard time
> distinguishing Kerberos Tickets from AFS Tokens, and so users need one
> app that does both at the click of a single button.
The reason that Network Identity Manager replaced Leash32 (now Ticket
Manager) in KFW 3.x was due to the desire to support the acquisition of
AFS tokens (or other credentials like kx509 short lived certificates) as
a side effect of TGT acquisition. It is not reasonable for KFW to have
built-in AFS token support because that requires a dependency on OpenAFS
whereas OpenAFS has a dependency on KFW.
The solution was to create a credential management framework that was
credential type agnostic which relied on a combination of identity
provider dlls and credential provider dlls. These dlls can be developed
independently and combined at run-time. Thereby enabling the various
development organizations to maintain their own independent release
schedules. And providing third-parties the ability to enhance the
end-user functionality without requiring MIT or OpenAFS or OpenSSL to be
involved in the generation of new provider dlls.
Jeffrey Altman
--------------ms090802020804040204030009--
--===============0561388259==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0561388259==--
