[OpenAFS] rx + k5 + !des = rxk5

Marcus Watts mdw@umich.edu
Wed, 13 Jul 2005 04:49:20 -0400


I've updated rxk5
	http://www.umich.edu/~mdw/rxk5-15.tgz
	/afs/umich.edu/user/m/d/mdw/Public/html/rxk5-15.tgz

This version should be a lot more real.  It includes several
features requested at the AFS workshop:

/1/ configure
	Now mere mortals can hope to build this code.
/2/ compile_et.pl
	This will compile error tables for any of the
	3 major flavors of libcom_err that exist.
	The default is the same style that openafs uses,
	which is probably the only one that rxk5 needs.
/3/ at request of Love, added "rxk5_clear".  The default
	is to disable this code (it's really quite insecure).
	Adding this support meant introducing an incompatible
	wire level change to the protocol.
/4/ at request of MIT, replaced krb5_decrypt_tkt_part and
	associated logic with a placeholder function.  That means
	that, for now at least, rxk5 will not work with mit.
	Eventually there may be a real call in MIT k5 to do this.
/5/ Fixed des-cbc-crc.  Turns out that rounds plaintext
	messages up to a size that is 4 mod 8.  Funky.
/6/ improved pthreads locking.  Some of the k5 crypto calls
	allocate random numbers, and there does not appear to
	be any locking on the global data structures used here.
/7/ incomplete openssl support.  "k5crypto.c" does not yet
	work with the rest of rxk5, but does use openssl crypto support
	to do checksum and encryption just like kerberos, and should
	do almost exactly the functionality that the openafs cache
	manager needs.  Anybody wanting to use rxk5 in a unix or linux
	kernel will want to have a look at this.
/8/ numerous other improvements, improved error handling & recovery,
	better test logic, &etc

				-Marcus Watts
				UM ITCS Umich Systems Group