[3929] in Kerberos
Re: Kerberized keyserv daemon for Secure NFS, anyone?
daemon@ATHENA.MIT.EDU (John Brezak)
Tue Sep 27 09:23:43 1994
To: Ted Lemon <mellon@ipd.wellsfargo.com>
Cc: kerberos@MIT.EDU, rick@snowhite.cis.uoguelph.ca
In-Reply-To: Your message of "Mon, 26 Sep 1994 17:04:35 PDT."
<199409270004.RAA24293@rurapenthe.ipd.wellsfargo.com>
Date: Tue, 27 Sep 1994 09:16:12 -0400
From: John Brezak <brezak@apollo.hp.com>
>
> I've been looking into the possibility of making Secure NFS use
> Kerberos instead of an RSA/DES combination. It seems to me that one
> could write a replacement keyserv daemon from which the kernel could
> get its session keys, but which would actually arrive at the shared
> Secure RPC session key using Kerberos instead of Diffie-Hellman.
>
> Before I go off and implement such a critter (I make no promises), has
> anybody else already done so, or found out that it can't be made to
> work?
>
> _MelloN_
You might look at the NFS implementation in 4.4BSD-Lite. You might look at
these papers that describe the implementation.
"The 4.4BSD NFS Implementation", Rick Macklem, University of Guelph, BSD 4.4
SMM.
"Not Quite NFS, Soft Cache Consistency for NFS", Rick Macklem, 1194 Winter
USENIX.
This implementation uses Kerberos4 (mount_nfs -kerb) for authentication. It
probably can be changed to use Kerberos5 too.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak UUCP: uunet!apollo.hp!brezak
Hewlett Packard/Apollo Internet: brezak@ch.hp.com
300 Apollo Drive Phone: (508) 436-4915
Chelmsford, Massachusetts Fax: (508) 436-5140
