[1525] in Kerberos
Re: Doc on Kerberized NFS
daemon@ATHENA.MIT.EDU (John T Kohl)
Mon Aug 19 22:45:06 1991
Date: Mon, 19 Aug 91 21:54:14 -0400
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: rick@snowhite.cis.uoguelph.ca
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: [1524]
Regarding Kerberized NFS, I suggest you retrieve the source mods from
the archive server (send a message "index krb-nfs" to
archive-server@athena-dist.mit.edu for a listing), as they are the best
reference at the moment. Those changes are distributable, but the
source they go with (SUN NFSSRC3.x) is not.
Athena has done quite a bit more mods than what is currently "exported"
(the distribution is a bit old); inquire of info-athena@mit.edu for some
details on whether the latest stuff is available, or whether they could
describe the additions in more detail.
The current implementation uses authunix_parms allocated from the kernel
memory allocator. However, I've long thought that to be ugly, requiring
a translation into credentials (u.u_cred-type stuff) every time you need
to use them. If you implement the changes for the BSD NFS, I highly
recommend you make the map control code store the network credentials
internally with credentials allocated/freed with
crget()/crhold()/crfree(). This is a bit more work up-front at mapping
establishment time, but it pushes off some of the hassle.
[BTW, I did this conversion once upon a time when adding kerberized NFS
to the OSF/1 snapshots with early BSD NFS in them, but I seem to have
misplaced that code.]
John
