[OpenAFS] rx + k5 + !des = rxk5

Marcus Watts mdw@umich.edu
Thu, 19 May 2005 17:03:39 -0400

I've been waiting for quite a while for a replacment for rxkad that
would do kerberos 5 and strong crypto.  Various people have been hard
at work on this, and I've heard great things about their plans.
However, I have an immediate need and there is no currently available
solution.  I don't want to cast any stones here, and I'm not blaming
anybody.  But, like, I need this, badly.  Like yesterday.

So, in the interest of promoting faster progress on this,
I wrote a small experiment:


It's nothing much, it doesn't solve many of the problems that people
have been hard at work on.  In fact, I would describe this as heavily
experimental code that, until this morning, fairly bristled with
debugging statements and absolute gore.  But, it incorporates
everything I heard other people talk about that I thought was important
and could make work in RX.  I may even have gotten some of those ideas
wrong.  But, well, I think this works.  It does interesting stuff.  I
believe that places *all of us* ahead of where we were.

I know some people are disgruntled.  This does not need to be an
either/or type of contest.  There is plenty of room here for sharing
ideas, concepts, perhaps even code here.  I look forward to any
constructive criticism or critiques I can get from others.  Since I
have a very immmediate need separate from AFS, any help you can give me
will be appreciated.  But, you don't have to help me, you can help
yourself.  I intend that by placing this code out in the public with
the simplest copyright I could, I have made it as easy as possible for
others to steal any ideas, concepts, or code.  I hope it is as
important to you as it is to me, that openafs have a secure rpc
mechanism in which we can all have confidence.

				-Marcus Watts
				UM ITCS Umich Systems Group