[1528] in Kerberos
Re: Doc on Kerberized NFS
daemon@ATHENA.MIT.EDU (Mark Stein)
Tue Aug 20 17:08:23 1991
Date: Tue, 20 Aug 91 13:29:36 PDT
From: Mark.Stein@Eng.Sun.COM (Mark Stein)
To: kerberos@ATHENA.MIT.EDU, rick@snowhite.cis.uoguelph.ca
> Is there any detailed documentation on the Kerberos NFS mods that goes
> beyond the Appendix of the Usenix paper? I am looking at Kerberizing
> NFS for 4.3BSD Reno and need to know what the exact server system call
> arguments and semantics are, plus details on the mount RPC changes.
A couple of points I'd like to make:
1) The MIT implementation of "kerberized NFS" incorporates additions
to the mount protocol (100005) that are local in scope to Athena.
These additions are not part of the published mount protocol
specification, and therefore pose potential interoperability
problems. If you intend to implement this scheme for wide
distribution, I would encourage you to use a different RPC program
number for the KUID procedures. The server support can still be
wrapped into rpc.mountd if desired. Send email to rpc@sun.com to
obtain unique RPC numbers.
2) Sun has developed an RPC authentication flavor (AUTH_KERB, similar to
AUTH_DES) which uses kerberos tickets instead of public keys in the
authentication handshake, and the NFS implementation has been
taught to use this new flavor. Kerberos support for NFS will be
available in Sun's next major software release (please don't ask me
when that will be). We hope to have specifications and RPC library
implementation of AUTH_KERB available soon.
--Mark
