rpcsec_gss and Kerberos 5

Rainer Orth ro at TechFak.Uni-Bielefeld.DE
Thu May 23 19:34:00 EDT 2002

Ken Raeburn <raeburn at mit.edu> writes:

> Kadmin incompatibility we can probably cope with.  Around MIT, at
> least, it's not a big deal; only a relatively few people can run
> kadmin, and we can easily tell them "get the executables from over
> here from now on".  At other sites, it may not be as easy, but kadmin
> should still be available to relatively few people.

Indeed.  Besides, switching to RPCSEC_GSS instead of AUTH_GSSAPI would give
interoperability with Sun's SEAM kadmind which used RPCSEC_GSS from the

Sun's TI-RPC implementation even allows for the registration of additional
authentication flavors via svc_auth_reg(3NSL) (something older TS-RPC based
implementations don't support), so it might even be possible to support
both flavors in a single kadmind (at least on Solaris systems).


More information about the krbdev mailing list