rpcsec_gss and Kerberos 5
Rainer Orth
ro at TechFak.Uni-Bielefeld.DE
Thu May 23 19:34:00 EDT 2002
Ken Raeburn <raeburn at mit.edu> writes:
> Kadmin incompatibility we can probably cope with. Around MIT, at
> least, it's not a big deal; only a relatively few people can run
> kadmin, and we can easily tell them "get the executables from over
> here from now on". At other sites, it may not be as easy, but kadmin
> should still be available to relatively few people.
Indeed. Besides, switching to RPCSEC_GSS instead of AUTH_GSSAPI would give
interoperability with Sun's SEAM kadmind which used RPCSEC_GSS from the
start.
Sun's TI-RPC implementation even allows for the registration of additional
authentication flavors via svc_auth_reg(3NSL) (something older TS-RPC based
implementations don't support), so it might even be possible to support
both flavors in a single kadmind (at least on Solaris systems).
Rainer
More information about the krbdev
mailing list