X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C7399C.B82747AE@onstor-exch02.onstor.net>; Tue, 16 Jan 2007 10:32:47 -0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C7399C.B82747AE"
Content-class: urn:content-classes:message
Subject: RE: Kerberos functional spec
Date: Tue, 16 Jan 2007 10:32:46 -0800
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E021855A2@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E0209181D@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Kerberos functional spec
thread-index: Acc168TKVL4+EE/8QdSEzxjEIj0VzAC7bJ+AAAkoRNA=
From: "Mary Li" <mary.li@onstor.com>
To: "Jonathan Goldick" <jonathan.goldick@onstor.com>,
	"Brian DeForest" <brian.deforest@onstor.com>,
	"dl-Design Review" <dl-designreview@onstor.com>
Cc: "Narayan Venkat" <narayan.venkat@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7399C.B82747AE
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

1.	Question about "2.3 Unmet Requirements", if we don't' support
Kerberos authentication for accessing files over cifs in the first
release, Can customer use the application that requires Kerberos
authentication only (no negotiation to NTLM)?
2.	Do we support single sign-on? For example, if there are 3 Onstor
virtual servers sharing the same KDC, user authenticated vsvr1 , does
user still  need to type in password and user id for accessing vsvr2 and
vsvr3 from the same client. Single sign-on is the major advantage for
using Kerberos authentication.
3.	Do we support cifs session setup with "user@realm" format? For
example "user1@matrix.lab"

2.3	 Unmet Requirements
The following requirements are at risk for the initial CIFS release due
to time-to-market considerations.

*	REQUIREMENT: Provide Kerberos v5 based authentication for
clients accessing files over CIFS

Note:  This capability must be delivered without the usage of Samba
libraries.  We need to purge Samba libraries post haste


_____________________________________________
From: Brian DeForest=20
Sent: Thursday, January 11, 2007 5:49 PM
To: dl-Design Review
Cc: Narayan Venkat
Subject: Kerberos functional spec

 << File: KerberosFuncSpec.doc >>=20

------_=_NextPart_001_01C7399C.B82747AE
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>RE: Kerberos functional spec</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">Question about</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">2.3 Unmet Requirements</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">, if we</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">don&#8217;t&#8217;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">support</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Kerberos</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> =
authentication for accessing files over cifs</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"> in the first release</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">,</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Can</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">customer</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> use the =
application that requires Kerberos authentication =
only</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> (no negotiation to =
NTLM)</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Do we =
support single sign-on?</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">For =
example, if there are 3 Onstor</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">virtual servers</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial"> sharing the same KDC, user =
authen</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">ticated =
vsvr1 , does user still&nbsp; need to type in password and user id for =
accessing vsvr2 and vsvr3</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">from =
the</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">same client. Single sign-on is the major =
advantage for using</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">Kerberos</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> =
authentication.</FONT></SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial">Do we =
support</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> =
cifs</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> session setup =
with</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">user@realm</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">&#8221;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Arial"> format? =
For example</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"> <FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">&#8220;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#0000FF" SIZE=3D2 =
FACE=3D"Arial">user1@matrix.lab</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Arial">&#8221;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN>
</P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"></SPAN><A NAME=3D""><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Arial">2.3&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN></A><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us">&nbsp;<FONT =
FACE=3D"Arial"></FONT></SPAN><SPAN LANG=3D"en-us"> <FONT =
FACE=3D"Arial">Unmet</FONT> <FONT =
FACE=3D"Arial">Requirements</FONT></SPAN></B></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us">The following requirements =
are<B><U> at risk</U></B> for the initial CIFS release due to =
time-to-market considerations.</SPAN></P>

<P><SPAN LANG=3D"en-us"><FONT FACE=3D"Symbol">&#183;<FONT =
FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
REQUIREMENT: Provide Kerberos v5 based authentication for clients =
accessing files over CIFS<BR>
<BR>
Note:&nbsp; This capability must be delivered without the usage of Samba =
libraries.&nbsp; We need to purge Samba libraries post haste</SPAN></P>
<BR>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">_____________________________________________<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">From:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Brian DeForest<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Sent:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Thursday, January 11, 2007 5:49 PM<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">To:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> dl-Design Review<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Cc:</FONT></SPAN></B><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma"> Narayan Venkat<BR>
</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B></B></SPAN><B><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject:</FONT></SPAN></B><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma"> Kerberos functional =
spec</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P ALIGN=3DLEFT><SPAN LANG=3D"en-us">&nbsp;&lt;&lt; File: =
KerberosFuncSpec.doc &gt;&gt;</SPAN><SPAN LANG=3D"en-us"> </SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01C7399C.B82747AE--
