> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Wyllys Ingersoll > Sent: Friday, October 08, 2004 9:34 AM > To: Rob J Meijer > Cc: [EMAIL PROTECTED] > Subject: Re: Portability, RPC and kerberos v5? > > Rob J Meijer wrote: > > >I'm currently working on the design of an authorisation system. For > authentication, making use of kerberos v5 > >seems the most suitable. I need the processes make authenticated RPC > requests to a set of authorisation and > >capability broking servers. The problem I am having is that my 2 main > specs seem to give me a bit > >of a problem to combine: > > > >* I need to use portable IPC/RPC (Solaris,Linux,*BSD,AIX,True64,OS- > X,Win2000) > >* I need to use Kerberos v5 authentication. > > > >I've seen that the Kerberos v4 authentication is seeminly quite wide > spread in all Sun-RPC implementations, > > > > > > Kerberos V4 never worked correctly in any Solaris releases as far as I > know. Its not available after Solaris 7. > Solaris 8, 9, (and 10) only support Kerberos V5. The secure RPC > protocol used in Solaris is "RPCSEC-GSS" > and the security mechanism is Kerberos V5. > > >and on my solaris system there apears to be some aditional authentication > define that seems to give a hook > >to something called GSS, where in the header files there seems to be > reference to kerberos v5, but as this > >define does not seem to be pressent in the rpc header files on either > FreeBSD or Linux, I think this might > >not be quite portable. > > > > > RPCSEC_GSS is an open standard, anyone can implement it if they want > to. I believe the team at > University of Michigan implemented RPCSEC_GSS for Linux but its not yet > part of any standard > Linux distros.
Rob, our rpcsec_gss code is currently part of our "experimental" patches for linux nfs-utils-1.0.6 (http://www.citi.umich.edu/projects/nfsv4/linux/nfs-utils-patches/1.0.6-19/n fs-utils-1.0.6-04-add_gssd.dif specifically.) This code (perhaps with slight modification) has been used for our *BSD ports as well. Note that although this is all considered "experimental" at this time, the rpc code has been tested against Solaris rpcsec_gss using Kerberos 5. AFAIK, this code has not been used on Windows. Hummingbird has an NFSv4 client (which requires rpcsec_gss), but I don't know if their rpc code can be accessed directly. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
