[OpenAFS-devel] rx + kerberos5 + !des

Love lha@stacken.kth.se
Tue, 17 May 2005 12:58:55 +0200


--=-=-=


Marcus Watts <mdw@umich.edu> writes:

> Do you have any idea of a timeframe here?  As best I can tell, Love has
> been working on rx+k5+gssapi since 2003?...

May is for heimdal 0.7, June for rxgk.

> There is a version of rxgk
> in openafs, but it doesn't look very complete.  The latest arla release
> just has an empty directory for rxgk.

The code is sitting on branch.

> Once he has something that works, seems to me there's still going to be
> lots of work to integrate this into openafs.  Just for starters, I
> expect he'll be working with heimdal+arla.

I except it to work independant of heimdal and arla.

> Arla is of course a userspace implementation; the openafs cache manager
> runs in kernel mode and doesn't have the userland environment that the
> existing gssapi libraries (or kerberos) expect.  Are there plans to change
> the openafs cache manager to run in userland, or is the plan to run some
> sort of userland proxy that will run the gssapi and kerberos code?  If the
> latter, how tightly integrated will those calls be with the rx protocol,
> and how many up/down calls will be needed?  In either case, how will these
> things get to the ticket file or kernel token?

The initial code will work like.

> For what it's worth, I'm going to continue to plug away at what I've
> got.  I've got both "safe" (checksum) and "private" (encrypted) modes
> working.  I'll probably be ready to make a snapshot of this available
> soon, if anybody's interested.

The crypto layer as it self is itself, but need to have clear version too.

Love


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (NetBSD)

iQEVAwUAQonOcdo1gLFKFEjAAQL16wf/bkKbvJJcZIw9sB/UQOP8SiJQrp7/PSrp
W/3l95xZCStiOjuOY4IIQHrQ3JCOozQJw6jg84XY0lgKRDwPh33lb+U/K1r4XpKe
ljAoV5Bj79jyzAYPwCMXkZ7aU9pNYZ1zaeIBFGs0+AOXKsNXvqo5ttuwiLg5JC/P
L9d8BxVWodCtVFMmNzR31i/XN0pz1oXzQmrqvXOh1YU/KZBI0ty9T7a1L23YWZJn
hTmM88y+51cssb8GadI/LBt697RgU9QD/+PHcz7N8ljFZJnK2p5hEOVllTU3IUFw
Nx9wwvtHG22/e01scXF8mvyG4Ri79/X1g16EhJDZtkJJLy9idzLsfg==
=E0Zy
-----END PGP SIGNATURE-----
--=-=-=--