X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C739A2.9DB936CC@onstor-exch02.onstor.net>; Tue, 16 Jan 2007 11:14:59 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C739A2.9DB936CC"
Content-class: urn:content-classes:message
Subject: RE: Kerberos functional spec
Date: Tue, 16 Jan 2007 11:14:59 -0800
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E02185614@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E021855E9@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Kerberos functional spec
thread-index: Acc168TKVL4+EE/8QdSEzxjEIj0VzAC7bJ+AAAkoRNAAKC+LwAAAjitw
From: "Mary Li" <mary.li@onstor.com>
To: "Ron Bhanukitsiri" <ronb@onstor.com>,
	"Jonathan Goldick" <jonathan.goldick@onstor.com>,
	"Brian DeForest" <brian.deforest@onstor.com>,
	"dl-Design Review" <dl-designreview@onstor.com>
Cc: "Narayan Venkat" <narayan.venkat@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C739A2.9DB936CC
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks. See my inline reply.

_____________________________________________
From: Ron Bhanukitsiri=20
Sent: Tuesday, January 16, 2007 10:59 AM
To: Mary Li; Jonathan Goldick; Brian DeForest; dl-Design Review
Cc: Narayan Venkat; Ron Bhanukitsiri
Subject: RE: Kerberos functional spec

Thanks Mary for your feedback.  My response below in brown.

Ron B[ee]

_____________________________________________
From: Mary Li=20
Sent: Tuesday, January 16, 2007 10:33 AM
To: Jonathan Goldick; Brian DeForest; dl-Design Review
Cc: Narayan Venkat
Subject: RE: Kerberos functional spec

1.	Question about "2.3 Unmet Requirements", if we don't' support
Kerberos authentication for accessing files over cifs in the first
release, Can customer use the application that requires Kerberos
authentication only (no negotiation to NTLM)?

RB> I don't quite understand your question.  We don't support Kerberos
application in a generic sense.
If the Windows (or Samba) client is joined to the Windows Active
Directory domain (i.e. Kerberos), then
ONstor will tell the client we support Kerberos and if the client is
Kerberos capable (i.e. W2K, W2K3, WXP, Samba 3-x client configured to
use kerberos),
then the user will be authenticated via Kerberos.  However, if the
client doesn't support Kerberos for some
reason (eg. not joined to the domain), we must support NTLM for backward
compatibility and the user
will obviously be challenge for the password.  Otherwise, the user on a
client not joined to the domain will
be denied service even if he/she has the right credential :-).
[Mary] Some application (Like IIS 6.00) can be configured to take
Kerberos authentication only, even client is ok to negotiate down to
NTLM. If we don't support kerberso  auth for accessing files over cifs,
is there any potential issue here? Could you explain more about "not
supporting Keberos authentication for accessing files over cifs "?

2.	Do we support single sign-on? For example, if there are 3 Onstor
virtual servers sharing the same KDC, user authenticated vsvr1 , does
user still  need to type in password and user id for accessing vsvr2 and
vsvr3 from the same client. Single sign-on is the major advantage for
using Kerberos authentication.

RB> Ah "single sign-on" is such a popular terms these days and
encompasses many aspects.
Our product will focus on the file service aspect of single sign-on.
What this means is that in
your scenario, if vsrv1 and vsr2 and vsr3 are all joined to the same
Windows Active Directory
Domain, then the user will not need to type in the password or the user
id.

3.	Do we support cifs session setup with "user@realm" format? For
example user1@matrix.lab

RB> Realm is a Kerberos terminology.  So in the Windows and Kerberos
world, realm and fully
qualified DNS Domain name is synonymous.  The user@realm is called
Kerberos principal and
for this particular case, it's a fancy name for a user :-).  However, a
Kerberos principal does not
need to be a user (eg. vsrvr1@matrix.lab is the principal name for a
server).
[Mary]  This is great news.  Just lbe aware that all authentication
related components need to support this format. For example Idmapping
for multiprotocol.

2.3	 Unmet Requirements
The following requirements are at risk for the initial CIFS release due
to time-to-market considerations.

*	REQUIREMENT: Provide Kerberos v5 based authentication for
clients accessing files over CIFS

Note:  This capability must be delivered without the usage of Samba
libraries.  We need to purge Samba libraries post haste


_____________________________________________
From: Brian DeForest=20
Sent: Thursday, January 11, 2007 5:49 PM
To: dl-Design Review
Cc: Narayan Venkat
Subject: Kerberos functional spec

 << File: KerberosFuncSpec.doc >>=20

------_=_NextPart_001_01C739A2.9DB936CC
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>RE: Kerberos functional spec</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Thanks. See</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">my inline reply.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Ron Bhanukitsiri<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Tuesday, January 16, 2007 =
10:59 AM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Mary Li; Jonathan =
Goldick; Brian DeForest; dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Narayan Venkat; Ron =
Bhanukitsiri<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></B></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> RE: Kerberos functional spec</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#000080" SIZE=3D2 =
FACE=3D"Arial">Thanks Mary for your feedback.&nbsp; My response below =
in</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">brown</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#000080" =
SIZE=3D2 FACE=3D"Arial">.</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#000080" SIZE=3D2 =
FACE=3D"Arial">Ron B[ee]</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Mary Li<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Tuesday, January 16, 2007 =
10:33 AM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Jonathan Goldick; Brian =
DeForest; dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Narayan Venkat<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></B></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> RE: Kerberos functional spec</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Question about &#8220;2.3 Unmet =
Requirements&#8221;, if we don&#8217;t&#8217; support Kerberos =
authentication for accessing files over cifs in the first release, Can =
customer use the application that requires Kerberos authentication only =
(no negotiation to NTLM)?</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">RB&gt; I don&#8217;t quite understand your =
question.&nbsp; We don&#8217;t support Kerberos application in a generic =
sense.</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">If the Windows (or Samba) client is joined to the Windows =
Active Directory domain (i.e. Kerberos), then</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">ONstor will tell the client we support Kerberos and if =
the client is Kerberos capable (i.e. W2K, W2K3, WXP, Samba 3-x client =
configured to use kerberos),</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">then the user will be authenticated via Kerberos.&nbsp; =
However, if the client doesn&#8217;t support Kerberos for =
some</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">reason (eg. not joined to the domain), we must support =
NTLM for backward compatibility and the user</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">will obviously be challenge for the password.&nbsp; =
Otherwise, the user on a client not joined to the domain =
will</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">be denied service even if he/she has the right =
credential</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT FACE=3D"Wingdings" SIZE=3D2>J</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">[Mary] Some application (Like IIS 6.00</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">)</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> can be =
configured to take</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Kerberos</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> =
authentication only, even client is ok to negotiate down to =
NTLM.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">If we</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">don&#8217;t</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">support =
kerberso&nbsp; auth for accessing files over cifs,&nbsp; is there any =
potential issue here? Could you explain more about</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">not supporting Keberos authentication for =
accessing files over cifs</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Do we support single sign-on? For example, if =
there are 3 Onstor virtual servers sharing the same KDC, user =
authenticated vsvr1 , does user still&nbsp; need to type in password and =
user id for accessing vsvr2 and vsvr3 from the same client. Single =
sign-on is the major advantage for using Kerberos =
authentication.</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">RB&gt; Ah &#8220;single sign-on&#8221; is such a popular =
terms these days and encompasses many aspects.</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">Our product will focus on the file service aspect of =
single sign-on.&nbsp; What this means is that in</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">your scenario, if vsrv1 and vsr2 and vsr3 are all joined =
to the same Windows Active Directory</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">Domain, then the user will not need to type in the =
password or the user id.</FONT></SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Do we support cifs session setup with =
&#8220;user@realm&#8221; format? For example</FONT></SPAN><SPAN =
LANG=3D"en-us"> </SPAN><A HREF=3D"mailto:user1@matrix.lab"><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">user1@matrix.lab</FONT></U></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN>
</P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">RB&gt; Realm is a Kerberos terminology.&nbsp; So in the =
Windows and Kerberos world, realm and fully</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">qualified DNS Domain name is synonymous.&nbsp; The =
user@realm is called Kerberos principal and</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">for this particular case, it&#8217;s a fancy name for a =
user</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT FACE=3D"Wingdings" SIZE=3D2>J</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">.&nbsp; However, a Kerberos principal does =
not</FONT></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">need to be a user (eg.</FONT></SPAN><SPAN LANG=3D"en-us"> =
</SPAN><A HREF=3D"mailto:vsrvr1@matrix.lab"><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">vsrvr1@matrix.lab</FONT></U></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial"> is the =
principal name for a server).</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">[Mary]&nbsp; This is great news.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us">&nbsp;<FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"> Just</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">lbe aware that</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"> all authentication related =
components</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">need =
to</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">support this =
format.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> For =
example Idmapping for multiprotocol.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"></SPAN><A NAME=3D""><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Arial">2.3&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us">&nbsp;<FONT =
FACE=3D"Arial"> Unmet Requirements</FONT></SPAN></B></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us">The following requirements =
are<B><U> at risk</U></B> for the initial CIFS release due to =
time-to-market considerations.</SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
REQUIREMENT: Provide Kerberos v5 based authentication for clients =
accessing files over CIFS<BR>
<BR>
Note:&nbsp; This capability must be delivered without the usage of Samba =
libraries.&nbsp; We need to purge Samba libraries post haste</SPAN></P>
<BR>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Brian DeForest<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Thursday, January 11, 2007 5:49 PM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Narayan Venkat<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Kerberos functional =
spec</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us">&nbsp;&lt;&lt; File: =
KerberosFuncSpec.doc &gt;&gt;</SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01C739A2.9DB936CC--
