[942] in Kerberos
NFS mods
daemon@ATHENA.MIT.EDU (Greg Wohletz)
Thu May 10 21:20:37 1990
To: kerberos@MIT.EDU
Date: Wed, 09 May 90 15:00:02 -0700
From: Greg Wohletz <greg%duke.cs.unlv.edu@RELAY.CS.NET>
I've been struggling with the kerberos NFS mods for the last few days,
I got it sort of working, but have a few questions (since there is
basically no documentation) as well as some comments:
I'm not sure I understand how the credentials database used by
rpc.mountd works. What I currently have in the credentials database
is a list of users and their respective uid/gid. This appears to
work, I think that the names in the database are kerberos names, and
the uid/gid are the proper values to map that user to on the
fileserver? Is this correct?
As far as I can tell, the rpc.mountd maintains the kernel uid maps
itself, and there is no need to set them up with nfsc, is that
correct?
Running ``nfsid bb'' (bb is a fileserver) appears to work, however I'm
not sure I know the proper way to delete the mapping when a user logs
out. Essentially could someone explain the differences between
-unmap, -purge, and -purgeuser to me.
Would it be appropriate for the login process to run nfsid for the
user? (since home directories are on fileservers it can't very well go
in .login...)
Now a few comments:
In contrast to the basic kerberos package the NFS mods not very well
documented. While I realize that this is free software, there could
at least be a entry in the README file explaining the credentials
database, especially since rpc.mountd fails silently when it isn't
there. Once I figured out that it needed to be there and that mkcred
created it one needs to figure out the syntax of the input to mkcred.
Two or three lines in a README could have greatly reduced my pain and
suffering.
The file rpc.mountd.c.diff is actually the entire rpc.mountd.c, was
this intentional?
Now some random information for anyone interested:
I appear to have gotten this stuff working with Ultrix 3.1. There are
various differences between the Ultrix kernel and the SunOS kernel
that the diffs were made from, so I had to do the patching by hand,
and make a few changes to the code. If anyone is interested I'd be
happy to supply an alternate set of diffs.
If anyone has gotten this stuff working on a sun3 running 3.X could
you contact me about the possibility of getting the modified versions
of nfs_server.o, nfs_subr.o, init_sysent.o, and syscalls.o? (I only
have source to sunos 4.0.3, and we have one sun3 that for various
reasons still runs 3.4).
I've got plans to do the following little projects, if anyone has
already done them or has comments on how they would do them I'd be
glad to here them:
Modify our pop clients/servers to use kerberos (I think this one
should be fairly trivial)
Modify xdm and the X server to use kerberos. (I'm not sure about this
one, but I hope it will be fairly painless)
Implement a login server that machines can due mutual authentication
with in order to be able to use the kerebros password for login
authentication. (I think this should just be a variation of the
simple server example).
I guess thats all for now.
--Greg
