Portability, RPC and kerberos v5?
kwc at citi.umich.edu
Fri Oct 8 10:07:21 EDT 2004
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
> Of Wyllys Ingersoll
> Sent: Friday, October 08, 2004 9:34 AM
> To: Rob J Meijer
> Cc: kerberos at mit.edu
> Subject: Re: Portability, RPC and kerberos v5?
> Rob J Meijer wrote:
> >I'm currently working on the design of an authorisation system. For
> authentication, making use of kerberos v5
> >seems the most suitable. I need the processes make authenticated RPC
> requests to a set of authorisation and
> >capability broking servers. The problem I am having is that my 2 main
> specs seem to give me a bit
> >of a problem to combine:
> >* I need to use portable IPC/RPC (Solaris,Linux,*BSD,AIX,True64,OS-
> >* I need to use Kerberos v5 authentication.
> >I've seen that the Kerberos v4 authentication is seeminly quite wide
> spread in all Sun-RPC implementations,
> Kerberos V4 never worked correctly in any Solaris releases as far as I
> know. Its not available after Solaris 7.
> Solaris 8, 9, (and 10) only support Kerberos V5. The secure RPC
> protocol used in Solaris is "RPCSEC-GSS"
> and the security mechanism is Kerberos V5.
> >and on my solaris system there apears to be some aditional authentication
> define that seems to give a hook
> >to something called GSS, where in the header files there seems to be
> reference to kerberos v5, but as this
> >define does not seem to be pressent in the rpc header files on either
> FreeBSD or Linux, I think this might
> >not be quite portable.
> RPCSEC_GSS is an open standard, anyone can implement it if they want
> to. I believe the team at
> University of Michigan implemented RPCSEC_GSS for Linux but its not yet
> part of any standard
> Linux distros.
Rob, our rpcsec_gss code is currently part of our "experimental" patches for
fs-utils-1.0.6-04-add_gssd.dif specifically.) This code (perhaps with slight
modification) has been used for our *BSD ports as well. Note that although
this is all considered "experimental" at this time, the rpc code has been
tested against Solaris rpcsec_gss using Kerberos 5. AFAIK, this code has
not been used on Windows. Hummingbird has an NFSv4 client (which requires
rpcsec_gss), but I don't know if their rpc code can be accessed directly.
More information about the Kerberos