[OpenAFS] rx + k5 + !des = rxk5
Marcus Watts
mdw@umich.edu
Wed, 13 Jul 2005 04:49:20 -0400
I've updated rxk5
http://www.umich.edu/~mdw/rxk5-15.tgz
/afs/umich.edu/user/m/d/mdw/Public/html/rxk5-15.tgz
This version should be a lot more real. It includes several
features requested at the AFS workshop:
/1/ configure
Now mere mortals can hope to build this code.
/2/ compile_et.pl
This will compile error tables for any of the
3 major flavors of libcom_err that exist.
The default is the same style that openafs uses,
which is probably the only one that rxk5 needs.
/3/ at request of Love, added "rxk5_clear". The default
is to disable this code (it's really quite insecure).
Adding this support meant introducing an incompatible
wire level change to the protocol.
/4/ at request of MIT, replaced krb5_decrypt_tkt_part and
associated logic with a placeholder function. That means
that, for now at least, rxk5 will not work with mit.
Eventually there may be a real call in MIT k5 to do this.
/5/ Fixed des-cbc-crc. Turns out that rounds plaintext
messages up to a size that is 4 mod 8. Funky.
/6/ improved pthreads locking. Some of the k5 crypto calls
allocate random numbers, and there does not appear to
be any locking on the global data structures used here.
/7/ incomplete openssl support. "k5crypto.c" does not yet
work with the rest of rxk5, but does use openssl crypto support
to do checksum and encryption just like kerberos, and should
do almost exactly the functionality that the openafs cache
manager needs. Anybody wanting to use rxk5 in a unix or linux
kernel will want to have a look at this.
/8/ numerous other improvements, improved error handling & recovery,
better test logic, &etc
-Marcus Watts
UM ITCS Umich Systems Group