Fwd: Re: spkm3, pku2u question
lux-integ
lux-integ at btconnect.com
Tue Jan 7 04:51:15 EST 2014
---------- Forwarded Message ----------
Subject: Re: spkm3, pku2u question
Date: Friday 03 January 2014, 18:08:53
From: Andy Adamson <androsadamson at gmail.com>
To: "lux-integ" <lux-integ at btconnect.com>
CC: NFS list <linux-nfs at vger.kernel.org>
On Fri, Jan 3, 2014 at 10:43 AM, lux-integ <lux-integ at btconnect.com> wrote:
> Greetings
>
> I have been scanning the Internet to find out if spkm3 has been removed from
> nfs4 and whether its proported replacement pku2u is available. I get
> conflicting reports as te the demise of spkm3 and most of my endeavours
for
> pku2u seem to suggest it is available now only as a binary release for
> microsoft windows.
>
>
> I would be grateful for some advice regarding
>
> --a) spkm3 status in current releases of linux kernel and nfs-utils etc. (
> i.e. is it or is it not there and working?)
SPKM3 failed to make it through the IETF - the draft I was working on
expired in 2005. It has therefore been removed from the upstream
kernel, nfs-utils etc, although some definitions remain.
> --b) wheher an 'open-source' pku2u for linux is availablea as replacement
for
> spkm3 and if so where to find it.
AFAIK there is no open source pku2u. PKU2U is a good idea as it uses
the Kerberos protocol with different payloads so kernel Kerberos
implementations would not need to change. If I remember correctly the
job WRT MIT Kerberos would be to refactor the KDC code into library
calls so that a PKU2U server could instantiate a KDC of one entry for
itself backed by an X.509 cert - but it's been a long time since I
reviewed it.
-->Andy
>
> yours soncerely
#################
I forwarded the email above to show the brief discussion on the nfs4 mailing
list last saturday.
QUESTIONS
I would be grateful if someone on list could elucidate:-
--1-. Is there an open source pku2u effort as part of mit-kerberos/pkinit ?
--2 If there is no-opensource pku2u to speak of, could using pkinit
substitute for the promises of pku2u?
sincerely
luxInteg
-----------------------------------------
More information about the Kerberos
mailing list