Portability, RPC and kerberos v5?

Kevin Coffman kwc at citi.umich.edu
Fri Oct 8 10:07:21 EDT 2004

> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
> Of Wyllys Ingersoll
> Sent: Friday, October 08, 2004 9:34 AM
> To: Rob J Meijer
> Cc: kerberos at mit.edu
> Subject: Re: Portability, RPC and kerberos v5?
> Rob J Meijer wrote:
> >I'm currently working on the design of an authorisation system. For
> authentication, making use of kerberos v5
> >seems the most suitable. I need the processes make authenticated RPC
> requests to a set of authorisation and
> >capability broking servers. The problem I am having is that my 2 main
> specs seem to give me a bit
> >of a problem to combine:
> >
> >* I need to use portable IPC/RPC (Solaris,Linux,*BSD,AIX,True64,OS-
> X,Win2000)
> >* I need to use Kerberos v5 authentication.
> >
> >I've seen that the Kerberos v4 authentication is seeminly quite wide
> spread in all Sun-RPC implementations,
> >
> >
> Kerberos V4 never worked correctly in any Solaris releases as far as I
> know.  Its not available after Solaris 7.
> Solaris 8, 9, (and 10) only support Kerberos V5.   The secure RPC
> protocol used in Solaris is "RPCSEC-GSS"
> and the security mechanism is Kerberos V5.
> >and on my solaris system there apears to be some aditional authentication
> define that seems to give a hook
> >to something called GSS, where in the header files there seems to be
> reference to kerberos v5, but as this
> >define does not seem to be pressent in the rpc header files on either
> FreeBSD or Linux, I think this might
> >not be quite portable.
> >
> >
> RPCSEC_GSS is an open standard, anyone can implement it if they want
> to.  I believe the team at
> University of Michigan implemented RPCSEC_GSS for Linux but its not yet
> part of any standard
> Linux distros.

Rob, our rpcsec_gss code is currently part of our "experimental" patches for
linux nfs-utils-1.0.6
fs-utils-1.0.6-04-add_gssd.dif specifically.) This code (perhaps with slight
modification) has been used for our *BSD ports as well.  Note that although
this is all considered "experimental" at this time, the rpc code has been
tested against Solaris rpcsec_gss using Kerberos 5.  AFAIK, this code has
not been used on Windows.  Hummingbird has an NFSv4 client (which requires
rpcsec_gss), but I don't know if their rpc code can be accessed directly.

More information about the Kerberos mailing list