[441] in Zephyr_Comments
Re: class/instance mechanism
jfc@ATHENA.MIT.EDU (jfc@ATHENA.MIT.EDU)
Sun May 20 17:35:46 1990
I've been thinking about how to handle multi-realm database lookups (i.e.
server location, kerberos realm), and though I would like this to be done by
the hostmanager I think much of the work is best done through the local
zserver. Flushing of stale subscriptions when a hostmanger starts on reboot
can't be done to foreign realms, and it should be considered hard to discover
the zephyr server at a foreign realm (this information should be assumed to
change too much to be handled like we do kerberos, with per client
configuration files [editorial aside: I think /etc/krb.* are a BIG mistake]).
We've been assuming kerberos version 5 for the zephyr redesign; this makes it
possible for the server to translate the authenticator in the zephyr message
to the foreign kerberos realm (the client doesn't need to get tickets for any
but the local realm).
