[AFS3-std] New version of rxgk draft

[Jeffrey Hutzelman]

On Sat, 2011-12-10 at 13:28 +0000, Simon Wilkinson wrote:
> On 8 Dec 2011, at 23:55, Russ Allbery wrote:
> > There's no way to convey the minor GSS-API status back to the client?
> > With Kerberos GSS-API negotiations, that often contains very useful
> > information; the major status is usually basically useless.
> 
> That's correct, there's currently no way of returning minor status
>  information. This is where it gets interesting, as there's no
>  guarantee that minor status be portable between arbitrary GSSAPI
>  implementations (so you can't feed one implementation's minor_status
>  into another implementation's display_error and get the right
>  results). Whilst RFC4121 specifies a standard set of textual
>  identifiers for Kerberos minor_status, it doesn't specify numeric
>  identifiers.

While that's all true, in practice it turns out to be very useful for
troubleshooting to return this information, even though the values are
not standardized.


> > expiration in the RXGK_ClientInfo struct doesn't use the time format
> > defined elsewhere as the rxgk time format?  
> 
> That's an oversight - fixed to use rxgkTime
> > 
> > In 8.3, what's the rx epoch?  Is that an rx concept that we're just using
> > under the assumption that readers are already familiar with rx?
> 
> Yes. Sadly there isn't a good reference document describing RX

Yup.  As you note, Kolya wrote one at one point, which is certainly not
perfect but is considerably better than anything else we have available.
I'd be very interested in seeing a volunteer to pick that up, sand off
the rough spots, and get it published.  Updates to reflect changes we've
made in the last 10 years would be useful, but could also be done as a
separate version.


-- Jeff