[6188] in Kerberos
Re: K5 recvauth
daemon@ATHENA.MIT.EDU (Howard Chu)
Thu Nov 9 04:22:19 1995
From: hyc@locus.com (Howard Chu)
To: Sam Hartman <hartmans@MIT.EDU>
Cc: "Theodore Ts'o" <tytso@MIT.EDU>, kerberos@MIT.EDU
In-Reply-To: (Your message of Wed, 08 Nov 95 18:10:23 EST.)
<199511082310.SAA15150@tertius.mit.edu>
Date: Wed, 08 Nov 95 22:54:43 -0800
Howard> I understand that use of sendauth/recvauth is not
Howard> encouraged, but in this case I have no choice - the
Howard> Kerberized POP servers of the world already use
Howard> recvauth. Whether or not I use sendauth is irrelevant -
Howard> the K5 recvauth demands that my client send the correct
Howard> application-version string, or else it disallows my
Howard> authentication attempt.
This is currently true. The correct solution is to rewrite kpopd to
use GSSAPI.
--Sam
Ok. I was looking for a drop-in solution on the client side that wouldn't
require me to think about the server side at all, but clearly this isn't
possible. Since it seems to mean we will have to ship pop server code as
well as a pop client, we may as well do it right.
I have totally ignored the GSSAPI code up till now. There's no way I have
time to get up to speed on it in time for this initial release, but we'll
plan for it in an update, especially since DCE 1.1 appears to support it.
If it makes sense to try, I'll also look at a K4 version as well, so we can
continue to keep our AFS support uniform with DCE.
Howard Chu Principal Member of Technical Staff
hyc@locus.com Locus Computing Corporation
