[3927] in Kerberos
Re: Kerberized keyserv daemon for Secure NFS, anyone?
daemon@ATHENA.MIT.EDU (Shawn Mamros)
Tue Sep 27 09:20:45 1994
Date: Tue, 27 Sep 94 09:15:02 EDT
To: mellon@ipd.wellsfargo.com
Cc: kerberos@MIT.EDU
From: mamros@ftp.com (Shawn Mamros)
Reply-To: mamros@ftp.com
mellon@ipd.wellsfargo.com (Ted Lemon) writes:
>I've been looking into the possibility of making Secure NFS use
>Kerberos instead of an RSA/DES combination. It seems to me that one
>could write a replacement keyserv daemon from which the kernel could
>get its session keys, but which would actually arrive at the shared
>Secure RPC session key using Kerberos instead of Diffie-Hellman.
>
>Before I go off and implement such a critter (I make no promises), has
>anybody else already done so, or found out that it can't be made to
>work?
Sun's already done something along those lines. There's a specification
for an AUTH_KERB4 authentication flavor (as well as AUTH_DH, aka AUTH_DES)
in an Internet Draft, draft-ietf-oncrpc-auth-00.txt. Solaris 2.x includes
a daemon named kerbd, which I believe functions for AUTH_KERB4 as keyserv
does for AUTH_DH, as well as kinit/klist/kdestroy. Note that this is all
based on Kerberos V4 - don't know if Sun is considering an AUTH_KERB5.
-Shawn Mamros
E-mail to: mamros@ftp.com
