RPC feature in MIT kerberos

Nicolas Williams Nicolas.Williams at sun.com
Mon Jan 8 12:47:57 EST 2007

On Mon, Jan 08, 2007 at 02:13:29PM +0530, Vipin Rathor wrote:
> 1. To what I understand is that MIT kadmin interface was not compatible with
> SUN Solaris 10 KDC/kadmind. So having this feature one can use MIT kadmin to
> create principals/policy against MIT Solaris 10 KDC/kadmind. Is my
> understanding correct ?

Yes.  And vice versa: Solaris kadmin clients can talk to MIT kadmind now

> 2. Was this the sole purpose of implementing the "RPCSEC_GSS authentication
> flavor to the RPC" feature ?

That and standards compliance.

> 3. Guess it might be something to do with open NFS V4, Is it ? I am no NFS
> V4 geek, so can anyone update me on this.
>  As an MIT Kerberos user I'll always want to know the real motive behind
> this feature.

I can't speak for MIT, but I don't see the connection to NFSv4, other
than standards compliance (RPCSEC_GSS is a Standards Track Internet
protocol, whereas AUTH_GSSAPI is not).

Interop for kadmin was certainly important to Sun, and I'm sure so it
was for MIT.  So now Solaris users can do more with the stock krb5 than
before MIT added RPCSEC_GSS support, which means fewer users for MIT to
support directly.


More information about the krbdev mailing list