RE: [nfsv4] AUTH_GSS for Callbacks

From: wurzl, mario (wurzl_mario@emc.com)
Date: 10/30/03-04:41:37 PM Z

• Next message: Mike Eisler: "RE: [nfsv4] more on gss authentication for callback"
• Previous message: Sergey Klyushin: "[nfsv4] Named attributes"
• Maybe in reply to: rick@snowhite.cis.uoguelph.ca: "[nfsv4] AUTH_GSS for Callbacks"
• Next in thread: Mike Eisler: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Reply: Mike Eisler: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Reply: Nicolas Williams: "Re: [nfsv4] AUTH_GSS for Callbacks"

Message-ID: <FA2F59D0E55B4B4892EA076FF8704F55055449CD@srgraham.eng.emc.com>
From: "wurzl, mario" <wurzl_mario@emc.com>
Subject: RE: [nfsv4] AUTH_GSS for Callbacks 
Date: Thu, 30 Oct 2003 17:41:37 -0500

As protocol designers and implementers it is our duty to make a product to
easy to use as possible.
IT managers and administrators already complain about the complexities in
deploying and managing information systems, and the tendency is "again"
towards thin clients, but this time not because of the cost of the clients
as it has been in the past, but because of the cost in setting up and
managing these clients.
Introducing a new protocol that increases client administration costs, is
probably the most effective way to discourage deployment, and send the
protocol to the same basket with other great but unmanageable ideas, like
OSI.

Mario

> -----Original Message-----
> From: Kevin Coffman [mailto:kwc@citi.umich.edu] 
> Sent: Thursday, October 30, 2003 09:15
> To: Mike Eisler
> Cc: wurzl, mario; nfsv4@ietf.org; Kevin Coffman
> Subject: Re: [nfsv4] AUTH_GSS for Callbacks 
> 
> 
> 
> > I'm having some trouble understanding this oft repeated system 
> > administrator's environment, since he seems to be interested in 
> > security. How does each client get an IP address assigned 
> to it? Since 
> > we reject a manual process for several thousand clients, we 
> are left 
> > with DHCP or something like it. How does the client then get its OS 
> > installed for first time? Some kind of automatic network 
> installation/ 
> > boot, such as JumpStart.
> 
> In our environment there isn't one "he" who is "the" system 
> administrator.  I've been asked by the help desk people, 
> "When are we going to get rid of this Kerberos thing that 
> causes so many problems?"
> 
> The people offering the service, NFSv4 for instance, may be 
> concerned about security, but the users just see it as a nuisance.
> 
> I guess that is our job: to try to make it secure and less of 
> a "nuisance".
> 
> K.C.
> 
> 

_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

• Next message: Mike Eisler: "RE: [nfsv4] more on gss authentication for callback"
• Previous message: Sergey Klyushin: "[nfsv4] Named attributes"
• Maybe in reply to: rick@snowhite.cis.uoguelph.ca: "[nfsv4] AUTH_GSS for Callbacks"
• Next in thread: Mike Eisler: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Reply: Mike Eisler: "Re: [nfsv4] AUTH_GSS for Callbacks"
• Reply: Nicolas Williams: "Re: [nfsv4] AUTH_GSS for Callbacks"

This archive was generated by hypermail 2.1.2 : 03/04/05-02:12:52 AM Z CST