Hi Chris, ----- "Christopher R. Hertel" <crh@xxxxxxxxxx> wrote: > Matt: > > Thanks for the pointers. I'm currently knee-deep in traditional > Kerberos authentication code and trying to crack the FreeIPA PAM > API. > > I'm a community-oriented developer. Any deeper dive you can > provide would be encouraging. :) > > Chris -)----- The two efforts I am aware of are rxgk (OpenAFS) and RPCSEC_GSSv3 (NFSv4). The older of the two efforts I believe is rxgk, and had dual goals of addressing the AFS "cache poisoning" problem, and secondarily introducing support for separately managed (file) servers. I believe RPCSEC_GSSv3 was initially conceived (by Nico Williams) as a means of addressing the NFSv4 equivalent of the cache poisoning problem, but the current work on it (by Andy Adamson) is as a dependency of NFSv4.2 server-side copy. (Apologies to the participants if I am mis-reporting any of the history.) The IETF discussion of these efforts is on Kitten and NFSv4. There's interesting recent discussion on the Kitten WG alias. Pointers: http://www.ietf.org/internet-drafts/draft-wilkinson-afs3-rxgk-afs-06.txt https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpcsec-gssv3 -- Matt Benjamin CohortFS, LLC. 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://cohortfs.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309 -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
