kerberos and nfs

Will Fiveash william.fiveash at
Mon Jun 3 12:14:30 EDT 2002

On Fri, May 31, 2002 at 06:25:14PM -0700, John Rudd wrote:
> Nicolas.Williams at wrote:
> > 
> > Now. Sun has an implementation of all of that based on MIT krb5 code, though you can't simply take MIT krb5 and plug it in - you must use Sun's code.
> What exactly do you mean here?  What do you mean by "you must use sun's
> code"?
> I have MIT krb5 installed on my solaris 8 hosts, and I also have Sun's
> krb5 installed on them.  I use them together freely (with 2 MIT KDC's). 
> My popper and kpopper were compiled against MIT, and my popper uses
> Sun's PAM module for KRB5 passwords authentication.  I have
> /etc/krb5/krb5.conf symlinked to /etc/krb5.conf, etc.  Everything works
> together just fine (I can MIT kinit and then Sun klist, etc.).
> Where are these things not interchangable, and what code of Sun's must I
> use for Secure NFS?

Solaris Secure NFS uses a kernel module that handles some of the
Kerberos protocol.  There's also a gssd daemon in user space that
interacts with the Solaris Kerberos mech lib on behalf of NFS.  It
would be difficult to replace Solaris Kerberos with MIT Kerberos and
still have Secure NFS function properly.  Why do you want to replace
the Solaris Kerberos?

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the Kerberos mailing list