Subject: AUTH_GSSAPI for NFS
To: None <tech-kern@netbsd.org>
From: None <rick@snowhite.cis.uoguelph.ca>
List: tech-kern
Date: 05/30/2002 11:31:37
> Just from curiosity; does your code support the AUTH_GSSAPI rpc
> credential type? That has hit the streets already (Solaris SEAM).
> It'd be cute to have for nfsv3, independently of v4.
Nope, I haven't done it yet, but it might happen by the end of the summer.
Way back when, I had KERB4 working, but the bits were stripped out to avoid
export hassles. Once you have support in the Sun RPC library, the rest is
pretty straightforward.
For KERB4, I just dropped a couple of the des routines from the Kerberos
DES library into the kernel and used those to encrypt/de-encrypt the
nickname authenticators. The actual Kerberos tickets were handled in
user-land via nfsd or mount_nfs (they porpoised out of the kernel, returning
from the nfssrc system call, did the Kerberos library calls and then called
nfssvc() again with the results).
Anyhow, wouldn't be that much work, if anyone is inclined to do it.
> PS: I'm cleaning out the garage, I could ship you a pmax
> if you have any remaining interest...
Nope. (I've actually got about a half dozen DS2100s lying about around here
and the students aren't even foolish enough to take them. I actually got
one kid interested enough to fire up a MicroVAXII last year and they
thought it was great fun until they discovered just how "unbelievably slow"
it was. I still use a 486 for testing, simply because nobody, and I mean
NOBODY else wants it for anything.)
Have fun, rick
ps: If anyone does decide to take on AUTH_GSSAPI, let me know so I don't have
to bother. NFSv4 does need it and once it works for V3, it'll work for
V4 too.