[14647] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberized NFS Linux client?

daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Jul 10 15:04:17 2001

Message-Id: <200107101859.f6AIxbn07983@ginger.cmf.nrl.navy.mil>
To: rk21@gre.ac.uk
cc: kerberos@MIT.EDU
In-reply-to: Your message of "Tue, 10 Jul 2001 17:23:43 BST."
             <Pine.GSO.3.92.1010710171117.4108A-100000@whack> 
Date: Tue, 10 Jul 2001 14:59:35 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

>Does anyone know if there is a Kerberized NFS client available for Linux
>which would enable this to work?
>
>Alternatively, would a possible/better solution be to install MIT Kerberos
>5 in preference to SEAM on the Solaris server?

Unfortunately, installing MIT Kerberos 5 on the Solaris server won't help
you in this case.

A few things need to happen to make this work:

- You need to get a standardized RPCSEC_GSS implementation.  The one that
  comes with MIT Kerberos is _not_ such a thing.  I believe Sun has a
  reference implementation that could be used, but I forget where that's
  located.

- You'd need to port that to work with a freely available GSSAPI implementation
  (such as Heimdal or MIT Kerberos) and to your target OS.  Probably not
  a lot of work.

- You'd need to modify the NFS client on the Linux box to _use_ this
  RPCSEC_GSS implementation.  If it all happens in the kernel, you'll
  either need to cram all of Kerberos 5/GSSAPI into the kernel, or
  create a callout interface (which is how Sun's implementation works,
  IIRC).

- You'll need to create some way to make the user client credentials
  available to the NFS client implementation.

None of this is _hard_ (for some definition of hard), but it's still
a significant amount of work.

--Ken

home help back first fref pref prev next nref lref last post