Marcus Watts wrote: > Do you have any idea of a timeframe here? As best I can tell, Love has > been working on rx+k5+gssapi since 2003?... There is a version of rxgk > in openafs, but it doesn't look very complete. The latest arla release > just has an empty directory for rxgk.
There are requirements that this work be finished by Oct 1. which I cannot go into on this list. The code in openafs is not current. > Once he has something that works, seems to me there's still going to be > lots of work to integrate this into openafs. Just for starters, I > expect he'll be working with heimdal+arla. Is there a plan to move > openafs towards requiring the use of heimdal or are there plans to make > this work with mit kerberos or other kerberos implementations as well? > Arla is of course a userspace implementation; the openafs cache manager > runs in kernel mode and doesn't have the userland environment that the > existing gssapi libraries (or kerberos) expect. Are there plans to change > the openafs cache manager to run in userland, or is the plan to run some > sort of userland proxy that will run the gssapi and kerberos code? If the > latter, how tightly integrated will those calls be with the rx protocol, > and how many up/down calls will be needed? In either case, how will these > things get to the ticket file or kernel token? OpenAFS is going to require either MIT or Heimdal. We are not going to distribute krb5 implementations. My initial plan is not to change the openafs architecture and utilize the existing infrastructure of setting tokens. We will re-evaluate this as we get a better idea of how OS vendors are going to support credential caches in the kernel. > For what it's worth, I'm going to continue to plug away at what I've > got. I've got both "safe" (checksum) and "private" (encrypted) modes > working. I'll probably be ready to make a snapshot of this available > soon, if anybody's interested. > I'll read up on "kitten" as well. Is there a working implementation > of this yet? Any particular RFCs? The Kitten PRF drafts are being implemented. They are not public yet. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
