rpcsec_gss and Kerberos 5
wyllys.ingersoll at sun.com
Mon Oct 14 10:28:00 EDT 2002
I just would like to say THANK YOU. This has been a point
of confusion for our customers for a long time and we are glad
to see that you have a solution for the open source community.
Kevin Coffman wrote:
> I just wanted to give you an update on this.
> I've finally got a Linux version of the kadmin/kadmind which works
> using our rpcsec_gss code. These pgms also interoperate with the Sun
> SEAM kadmin/kadmind. My next step is to compile this on Windows, which
> I don't forsee being a big deal. At that point, I'd like to talk more
> about how you'd like to see the code.
>>On 23 May 2002 18:45:00 -0400, Ken Raeburn wrote:
>>We've already got other code with the "include this notice in
>>supporting docs" type license, so this would probably be fine. We'd
>>also talked to Sun a while back about their implementation, but their
>>license adds some new restrictions we don't currently have, which
>>could be problematic for (for example) Linux distributions, and we
>>haven't talked to them much about trying to resolve the problem. (The
>>blame for that belong on our end -- we don't have a clear notion of
>>just what restrictions are acceptable and what are not, and in order
>>to do that, we need to get some discussion going with those people and
>>companies using the MIT distribution. This question is also holding
>>back our move to a newer Sleepycat database package.)
>>So I think we'd definitely like to take a closer look at your code.
>>Have you had anyone try to build it on Windows?
>>Kadmin incompatibility we can probably cope with. Around MIT, at
>>least, it's not a big deal; only a relatively few people can run
>>kadmin, and we can easily tell them "get the executables from over
>>here from now on". At other sites, it may not be as easy, but kadmin
>>should still be available to relatively few people.
>>The other big proposal in the Kerberos admin space is LDAP. While
>>it's attractive in some ways, I don't think we'll be anywhere near
>>ready for that leap for our next release. And even if and when we do
>>make that change, that doesn't necessarily mean ditching the RPC-based
>>kadmin protocol at the same time.
>>In other words, I don't know if an RPCSEC_GSS implementation will be
>>our long-term solution, but I am inclined to think we do want it in
>>the short term.
More information about the krbdev