[945] in arla-drinkers
Re: Arla and Heimdal?
daemon@ATHENA.MIT.EDU (Brian May)
Wed Jul 7 16:35:16 1999
From owner-arla-drinkers@stacken.kth.se Wed Jul 07 20:35:15 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 15798 invoked from network); 7 Jul 1999 20:35:15 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 7 Jul 1999 20:35:15 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id WAA28514
for arla-drinkers-list; Wed, 7 Jul 1999 22:29:00 +0200 (MET DST)
Received: from assaris.sics.se (assaris.sics.se [193.10.66.108])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id WAA28509
for <arla-drinkers@stacken.kth.se>; Wed, 7 Jul 1999 22:28:55 +0200 (MET DST)
Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.7.3) id WAA20251; Wed, 7 Jul 1999 22:29:25 +0200 (CEST)
Date: Wed, 7 Jul 1999 09:04:25 +1000
From: Brian May <bam@snoopy.apana.org.au>
To: Assar Westerlund <assar@sics.se>
Cc: heimdal-discuss@sics.se, arla-drinkers@stacken.kth.se
Subject: Re: Arla and Heimdal?
Message-ID: <19990707090425.B15483@snoopy.apana.org.au>
Reply-To: bam@snoopy.apana.org.au
References: <19990706191125.C6681@snoopy.apana.org.au> <5liu7yyp1z.fsf@assaris.sics.se>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=RASg3xLB4tUQ4RcS; micalg=pgp-md5;
protocol="application/pgp-signature"
X-Mailer: Mutt 0.95.3i
In-Reply-To: <5liu7yyp1z.fsf@assaris.sics.se>; from Assar Westerlund on Tue, Jul 06, 1999 at 01:51:04PM +0200
Lines: 81
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
--RASg3xLB4tUQ4RcS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Thanks for your reply.
Note to arla-drinkers: please CC all replies to me - I am not subscribed
to your mailing list
On Tue, Jul 06, 1999 at 01:51:04PM +0200, Assar Westerlund wrote:
> Brian May <bam@snoopy.apana.org.au> writes:
> > I was interested if there was a free implementation of AFS, so I wrote
> > a message in comp.protocols.kerberos. Somebody suggested Arla is just
> > this, so I did a web search for Arla, and found free source code for a
> > free implementation of AFS (I can't remember off hand if this was both
> > server and client, I assume so).
>=20
> Well, the client is quite a lot more stable and more functional that
> the server, currently.
How much/what work is still required on the server?
> > I was wondering if there are any long-term plans to upgrade this from
> > Kerberos4kth to Kerberos 5? How different is the kerberos 5 API to
> > the kerberos 4 API?
>=20
> You can use heimdal with Arla (and AFS in general), but you still need
> a krb4 package and build heimdal with krb4 compatibility. Being able
> to have a krb5-only AFS is almost possible but requires being able to
> have krb5 support in the rxkad module (the authentication system used
> by the RPC system used by AFS) and our copy has hooks for that. If
> you want to talk to Transarc servers, however, you still krb4 or being
> able to replace the rxkad library used by the servers.
I am not particularly interested in backword compatability myself. I
am more interested in Arla as a free, secure, filesystem with Keberos
support. I personally wouldn't mind if compatability was broken with
Transarc servers, especially if it meant better functionality. However,
I don't have any Transarc servers anyway ;-), so my be biased.
Are there any standards (proposed or otherwise) that define AFS? eg
any RFCs?
Does heimdal come with krb4 compatability? This is one aspect I wasn't
too sure of, I think configure might have turned in off by default (I
will have to check this).
So, for krb5 support, I guess the only think required is to write
code for the hooks in the rxkad module...
> The other thing that's interesting is to make use of some of the new
> stuff in krb5 (particularly 3DES encryption instead of the fcrypt used
> by rxkad now), but that would require some hacking in rxkad. Transarc
> plans to support Kerberos 5 in some future release and we've been
> talking some with the person who was doing that work at Transarc so
> that we would end up with compatible stuff. But he has apparently
> left Transarc and it's seems a little uncertain what will happen with
> that.
:-(
--=20
Brian May <bam@snoopy.apana.org.au>
--RASg3xLB4tUQ4RcS
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQCVAwUBN4KLdnWqsJ5Z7zO9AQE1YwP/d5aGUyjttRvawrF6yLA0GwflYLP5QblU
AL9VBewkvmY2PlIEkZ0/iTohnawH1BVDynZ56xx9cfBIwlvTrA2ooNfsM3Pyp77S
IqWmJk2ZcCt5zHDTmn3XcNqgNRciSOl4JeuDFJ64353CSw4X40VCwlBfFw34Q+1v
1VyB7BH8ITM=
=Ftaa
-----END PGP SIGNATURE-----
--RASg3xLB4tUQ4RcS--