X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C739A0.69672CAA@onstor-exch02.onstor.net>; Tue, 16 Jan 2007 10:59:12 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C739A0.69672CAA"
Content-class: urn:content-classes:message
Subject: RE: Kerberos functional spec
Date: Tue, 16 Jan 2007 10:59:12 -0800
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E021855E9@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E021855A2@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Kerberos functional spec
thread-index: Acc168TKVL4+EE/8QdSEzxjEIj0VzAC7bJ+AAAkoRNAAKC+LwA==
References: <BB375AF679D4A34E9CA8DFA650E2B04E0209181D@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E021855A2@onstor-exch02.onstor.net>
From: "Ron Bhanukitsiri" <ronb@onstor.com>
To: "Mary Li" <mary.li@onstor.com>,
	"Jonathan Goldick" <jonathan.goldick@onstor.com>,
	"Brian DeForest" <brian.deforest@onstor.com>,
	"dl-Design Review" <dl-designreview@onstor.com>
Cc: "Narayan Venkat" <narayan.venkat@onstor.com>,
	"Ron Bhanukitsiri" <ronb@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C739A0.69672CAA
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks Mary for your feedback.  My response below in brown.

Ron B[ee]

_____________________________________________
From: Mary Li=20
Sent: Tuesday, January 16, 2007 10:33 AM
To: Jonathan Goldick; Brian DeForest; dl-Design Review
Cc: Narayan Venkat
Subject: RE: Kerberos functional spec

1.	Question about "2.3 Unmet Requirements", if we don't' support
Kerberos authentication for accessing files over cifs in the first
release, Can customer use the application that requires Kerberos
authentication only (no negotiation to NTLM)?

RB> I don't quite understand your question.  We don't support Kerberos
application in a generic sense.
If the Windows (or Samba) client is joined to the Windows Active
Directory domain (i.e. Kerberos), then
ONstor will tell the client we support Kerberos and if the client is
Kerberos capable (i.e. W2K, W2K3, WXP, Samba 3-x client configured to
use kerberos),
then the user will be authenticated via Kerberos.  However, if the
client doesn't support Kerberos for some
reason (eg. not joined to the domain), we must support NTLM for backward
compatibility and the user
will obviously be challenge for the password.  Otherwise, the user on a
client not joined to the domain will
be denied service even if he/she has the right credential :-).

2.	Do we support single sign-on? For example, if there are 3 Onstor
virtual servers sharing the same KDC, user authenticated vsvr1 , does
user still  need to type in password and user id for accessing vsvr2 and
vsvr3 from the same client. Single sign-on is the major advantage for
using Kerberos authentication.

RB> Ah "single sign-on" is such a popular terms these days and
encompasses many aspects.
Our product will focus on the file service aspect of single sign-on.
What this means is that in
your scenario, if vsrv1 and vsr2 and vsr3 are all joined to the same
Windows Active Directory
Domain, then the user will not need to type in the password or the user
id.

3.	Do we support cifs session setup with "user@realm" format? For
example user1@matrix.lab
=09
RB> Realm is a Kerberos terminology.  So in the Windows and Kerberos
world, realm and fully
qualified DNS Domain name is synonymous.  The user@realm is called
Kerberos principal and
for this particular case, it's a fancy name for a user :-).  However, a
Kerberos principal does not
need to be a user (eg. vsrvr1@matrix.lab is the principal name for a
server).

2.3	 Unmet Requirements
The following requirements are at risk for the initial CIFS release due
to time-to-market considerations.

*	REQUIREMENT: Provide Kerberos v5 based authentication for
clients accessing files over CIFS

Note:  This capability must be delivered without the usage of Samba
libraries.  We need to purge Samba libraries post haste


_____________________________________________
From: Brian DeForest=20
Sent: Thursday, January 11, 2007 5:49 PM
To: dl-Design Review
Cc: Narayan Venkat
Subject: Kerberos functional spec

 << File: KerberosFuncSpec.doc >>=20

------_=_NextPart_001_01C739A0.69672CAA
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>RE: Kerberos functional spec</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#000080" SIZE=3D2 FACE=3D"Arial">Thanks Mary for your =
feedback.&nbsp; My response below in</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">brown</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#000080" =
SIZE=3D2 FACE=3D"Arial">.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#000080" SIZE=3D2 =
FACE=3D"Arial">Ron B[ee]</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Mary Li<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Tuesday, January 16, 2007 =
10:33 AM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Jonathan Goldick; Brian =
DeForest; dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Narayan Venkat<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></B></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> RE: Kerberos functional spec</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Question about &#8220;2.3 Unmet =
Requirements&#8221;, if we don&#8217;t&#8217; support Kerberos =
authentication for accessing files over cifs in the first release, Can =
customer use the application that requires Kerberos authentication only =
(no negotiation to NTLM)?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">RB&gt; I =
don</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">t quite understand your question.&nbsp; We =
don</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">t support Kerberos application in a generic =
sense.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">If the Windows (or Samba) client is joined to the Windows =
Active Directory domain (i.e. Kerberos), then</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">ONstor will tell the client we =
support Kerberos and if the client is</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">Kerberos</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial"> capable (i.e. W2K, W2K3, WXP, Samba 3-x =
client</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial"> =
configured to use kerberos</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">),</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">then the user will be =
authenticated via Kerberos.&nbsp; However, if the client =
doesn</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">t =
support</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">Kerberos</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial"> for =
some</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">reason (eg. not joined to the domain), we must support =
NTLM for backward compatibility</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial"> and</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">the user</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">will =
obviously</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">be =
challenge for the password</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">.&nbsp; Otherwise,</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">the user =
on a client not joined to the domain will</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">be denied</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">service =
even if he/she has the right credential</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT FACE=3D"Wingdings" =
SIZE=3D2>J</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Do we support single sign-on? For example, if =
there are 3 Onstor virtual servers sharing the same KDC, user =
authenticated vsvr1 , does user still&nbsp; need to type in password and =
user id for accessing vsvr2 and vsvr3 from the same client. Single =
sign-on is the major advantage for using Kerberos =
authentication.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">RB&gt; Ah</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">single sign-on</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial"> is such a popular terms these days and =
encompasses many aspects.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">Our product will focus on the file service aspect of =
single sign-on.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">&nbsp; =
What this means is that in</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">your scenario, if vsrv1 and vsr2 and vsr3 are all joined =
to the same Windows Active Directory</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">Domain, then the user will not need to type in the =
password or the user id.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Do we support cifs session setup with =
&#8220;user@realm&#8221; format? For example</FONT></SPAN><SPAN =
LANG=3D"en-us"> </SPAN><A HREF=3D"mailto:user1@matrix.lab"><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">user1@matrix.lab</FONT></U></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>
<UL DIR=3DLTR>
<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>
</UL>
<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">RB&gt; Realm is a Kerberos =
terminology.&nbsp; So in the Windows and Kerberos world, realm and =
fully</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">qualified DNS Domain name is =
synonymous.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">&nbsp; =
The user@realm is called Kerberos principal and</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">for this particular case, it</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" =
SIZE=3D2 FACE=3D"Arial">s a fancy name for a user</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT FACE=3D"Wingdings" =
SIZE=3D2>J</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial">.&nbsp; =
However, a Kerberos principal does not</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 =
FACE=3D"Arial">need to be a user (eg.</FONT></SPAN><SPAN LANG=3D"en-us"> =
</SPAN><A HREF=3D"mailto:vsrvr1@matrix.lab"><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><U><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">vsrvr1@matrix.lab</FONT></U></SPAN><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#993300" SIZE=3D2 FACE=3D"Arial"> is the =
principal name for a server).</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><A NAME=3D""><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Arial">2.3&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us">&nbsp;<FONT =
FACE=3D"Arial"> Unmet Requirements</FONT></SPAN></B></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us">The =
following requirements are<B><U> at risk</U></B> for the initial CIFS =
release due to time-to-market considerations.</SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
REQUIREMENT: Provide Kerberos v5 based authentication for clients =
accessing files over CIFS<BR>
<BR>
Note:&nbsp; This capability must be delivered without the usage of Samba =
libraries.&nbsp; We need to purge Samba libraries post haste</SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Brian DeForest<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Thursday, January 11, 2007 5:49 PM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Narayan Venkat<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Kerberos functional =
spec</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us">&nbsp;&lt;&lt; File: =
KerberosFuncSpec.doc &gt;&gt;</SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01C739A0.69672CAA--
