[OpenAFS] OpenAFS Project List
Douglas E. Engert
deengert@anl.gov
Wed, 14 Mar 2001 10:22:49 -0600
David Thompson wrote:
>
> > |------------------+--------------+---------------+----------------------|
> > | Project | Status | Priority | Contact Points |
> > | Description | | | |
> > |------------------+--------------+---------------+----------------------|
> > | Kerberos v. 5 | In progress | N/A | Ken Hornstein, Doug |
> > | | | | Englert |
>
> I had hoped this referred to the native k5 support outlined at the last
> Decorum. Does anyone (besides us) still believe that would be a valuable
> enhancement?
Yes, we believe it. Just don't have the time to implement anything.
A first step in this would be to allow the token to be based on a K5 ticket
rather then a K4 ticket. It is interesting to note that the DFS-AFS translator
was allowing this. The dauth/dlog.c does some minimal decrypting and parsing
of the K5 ticket, to get the session key which it assumes is des. It then adds
this to the ktc_token and does a ktc_SetToken. The question then to be
asked is can the servers other then then the translator, use these tickets?
Is the translator code available? What would it take to use other crypto
like 3des?
Has anyone been able to find the notes from the presentation?
>
> --
> Dave Thompson <thomas@cs.wisc.edu>
>
> Associate Researcher Department of Computer Science
> University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
> 1210 West Dayton Street Phone: (608)-262-1017
> Madison, WI 53706-1685 Fax: (608)-262-6626
> --
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444