John Rudd wrote: > [EMAIL PROTECTED] wrote: > > >>Now. Sun has an implementation of all of that based on MIT krb5 code, though you >can't simply take MIT krb5 and plug it in - you must use Sun's code. > > > > What exactly do you mean here? What do you mean by "you must use sun's > code"?
I think what he means is that you cannot use MIT's KRB5 code to protect NFS shares. If you want to use NFS with Kerberos protection on the shares, you must have SEAM (Sun's Kerberos) installed. There should be no problem having both SEAM and MIT code installed on the same system (I do it myself for testing purposes) as long as you keep your config files and path names. > > I have MIT krb5 installed on my solaris 8 hosts, and I also have Sun's > krb5 installed on them. I use them together freely (with 2 MIT KDC's). > My popper and kpopper were compiled against MIT, and my popper uses > Sun's PAM module for KRB5 passwords authentication. I have > /etc/krb5/krb5.conf symlinked to /etc/krb5.conf, etc. Everything works > together just fine (I can MIT kinit and then Sun klist, etc.). > > Where are these things not interchangable, and what code of Sun's must I > use for Secure NFS? The NFS protection is occurring in-kernel using the SEAM GSSAPI mechanism for Kerberos. So, even if you have MIT Kerberos installed, it is not being used for anything NFS related. # ls /kernel/misc/kgss/gl_kmech_krb5 This is compiled and built using only the Sun code and cannot be substituted with anything else. Also, the SEAM ftp client and server will only work with the SEAM GSSAPI Kerberos v5 mechanism (and the MIT ftp client and server will only work with the MIT mech). -Wyllys ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
