[994] in Kerberos_V5_Development
Re: removing user-user authentication from rcp client
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Feb 5 19:14:31 1996
To: "Donald T. Davis" <don@cam.ov.com>
Cc: don@cam.ov.com, krbdev@MIT.EDU, swick@x.org,
hartmans@MIT.EDU (Sam Hartman)
Date: Mon, 05 Feb 1996 19:14:19 EST
From: Marc Horowitz <marc@MIT.EDU>
Hi, Don. Hi, Ralph.
I think that the model of users sharing files directly, w/o a
filesystem, is not a common one. I don't know of many people who push
files between local disks when both are sufficiently "available" that
u2u would work. It's much more common to export one of the disks (NFS
being another, separate problem), or to use email to share stuff if a
common filesystem is inconvenient. In 1988, you didn't have PGP to
protect email.
That said, I agree that u2u should be an option, but for different
reasons. rcp and X should use gssapi (you knew I was going to say
that :-). With a u2u gssapi mechanism, you could easily support both
modes, for those times when it is useful. Future software could
provide tgt/keytab krb5, u2u, or both, whichever is appropriate for
the application, with practically no extra effort.
This does require that someone spec out and implement a krb5 u2u
gssapi mechanism, but that's a mere matter of code. No, I'm not
volunteering.
Marc
