[14647] in Kerberos
Re: Kerberized NFS Linux client?
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Jul 10 15:04:17 2001
Message-Id: <200107101859.f6AIxbn07983@ginger.cmf.nrl.navy.mil>
To: rk21@gre.ac.uk
cc: kerberos@MIT.EDU
In-reply-to: Your message of "Tue, 10 Jul 2001 17:23:43 BST."
<Pine.GSO.3.92.1010710171117.4108A-100000@whack>
Date: Tue, 10 Jul 2001 14:59:35 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>Does anyone know if there is a Kerberized NFS client available for Linux
>which would enable this to work?
>
>Alternatively, would a possible/better solution be to install MIT Kerberos
>5 in preference to SEAM on the Solaris server?
Unfortunately, installing MIT Kerberos 5 on the Solaris server won't help
you in this case.
A few things need to happen to make this work:
- You need to get a standardized RPCSEC_GSS implementation. The one that
comes with MIT Kerberos is _not_ such a thing. I believe Sun has a
reference implementation that could be used, but I forget where that's
located.
- You'd need to port that to work with a freely available GSSAPI implementation
(such as Heimdal or MIT Kerberos) and to your target OS. Probably not
a lot of work.
- You'd need to modify the NFS client on the Linux box to _use_ this
RPCSEC_GSS implementation. If it all happens in the kernel, you'll
either need to cram all of Kerberos 5/GSSAPI into the kernel, or
create a callout interface (which is how Sun's implementation works,
IIRC).
- You'll need to create some way to make the user client credentials
available to the NFS client implementation.
None of this is _hard_ (for some definition of hard), but it's still
a significant amount of work.
--Ken
