There are two Kerberos-enabled services that other platforms support, that I often wish NetBSD would too. Is anyone looking at, working on, or able to comment on the effort required for: Secure-RPC NFS in krb5i and krb5p mode, for per-user strong authentication of NFS requests, with integrity and privacy protections. SSH GSS-KEX mode, to replace the ssh known_hosts server authentication mechanism with kerberos server credentials, avoiding the distribution and key management issues of the former. In both cases, my test case is interoperability with opensolaris (and, to a lesser extent, linux) for consolidated user network credentials. Any takers or comments? -- Dan.
Attachment:
pgpuCBMgxFsuY.pgp
Description: PGP signature