kerberos Vxworks

Esben Nielsen esn at cotas.dk
Tue Sep 17 06:28:01 EDT 2002 

Certainly! (This is the 2. request I get :-)
I got the Kerberos libary (version 5-1.2.5) compiled and got the sample 
server up running on vxWorks 5.4 for strongarm.  I used a Linux client and
a Linux krb, but I don't see why it couldn't be anything - even win2k.
But it crashed after 20 or so authorizations... Since then I have been 
working on other projects. I didn't look at implementing it into VxWorks 
telnetd & ftpd but was going to.

I compiled it on Linux after compiling the ccarm from Windriver to Linux. You 
will need a Unix host for configure script to work.

As Ken Raeburn mentioned, I stopped because it wasn't threadsafe and I didn't 
want to go into the details of the code at that point. IBM have made a 
threadsafe patch since I believe (?)

My general thoughts - some might object - about Keberos and realtime is that 
if you use Kerberos you probably don't have any _fast_ realtime needs. You 
might have realtime database applications but for that you can't demand 
timeouts less than 0.1-1 second on an open network anyway. Thus the Kerberos 
application would probably be better off running in "userspace" than in the 
kernel as everything does in vxWorks. Therefore I think Kerberos is better 
off on a OS which supports something like Unix processes - at least until it 
has proper thread support. Maybe vxWorks AE, which I don't know much about 
right now, can help you?

So stagegies you might choose:
1) Get my patch and the IBM patch and make it work. It can be hard to merge
two patches and you probably need to port a lot of the threading specific 
calls.
2) Get my patch, put a global Kerberos mutex around the libary and remember
to take that lock before any kerberos calls. This will probably make it work 
for you in no time but you risc long delays for everybody if just one user is 
slow.
3) Upgrade to vxWorks AE and see how that can help you creating something 
sufficient similar to Unix processes. You can probably use my patch to get it
compiled.

I will also be happy to work along on this as well but right now I am 
assigned to other tasks.

Esben Nielsen
Cotas Computer Technology A/S

On Monday 16 September 2002 11:22 pm, you wrote:
> Hi,
> I just saw an old email of yours and I'am interested in kerberos for
> Vxworks.
> any info is appreciated.
> cheers,
> Abdella

More information about the krbdev mailing list