[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arla and Heimdal?



Thanks for your reply.

Note to arla-drinkers: please CC all replies to me - I am not subscribed
to your mailing list

On Tue, Jul 06, 1999 at 01:51:04PM +0200, Assar Westerlund wrote:
> Brian May <bam@snoopy.apana.org.au> writes:
> > I was interested if there was a free implementation of AFS, so I wrote
> > a message in comp.protocols.kerberos. Somebody suggested Arla is just
> > this, so I did a web search for Arla, and found free source code for a
> > free implementation of AFS (I can't remember off hand if this was both
> > server and client, I assume so).
> 
> Well, the client is quite a lot more stable and more functional that
> the server, currently.

How much/what work is still required on the server?

> > I was wondering if there are any long-term plans to upgrade this from
> > Kerberos4kth to Kerberos 5? How different is the kerberos 5 API to
> > the kerberos 4 API?
> 
> You can use heimdal with Arla (and AFS in general), but you still need
> a krb4 package and build heimdal with krb4 compatibility.  Being able
> to have a krb5-only AFS is almost possible but requires being able to
> have krb5 support in the rxkad module (the authentication system used
> by the RPC system used by AFS) and our copy has hooks for that.  If
> you want to talk to Transarc servers, however, you still krb4 or being
> able to replace the rxkad library used by the servers.

I am not particularly interested in backword compatability myself. I
am more interested in Arla as a free, secure, filesystem with Keberos
support. I personally wouldn't mind if compatability was broken with
Transarc servers, especially if it meant better functionality. However,
I don't have any Transarc servers anyway ;-), so my be biased.

Are there any standards (proposed or otherwise) that define AFS? eg
any RFCs?

Does heimdal come with krb4 compatability? This is one aspect I wasn't
too sure of, I think configure might have turned in off by default (I
will have to check this).

So, for krb5 support, I guess the only think required is to write
code for the hooks in the rxkad module...

> The other thing that's interesting is to make use of some of the new
> stuff in krb5 (particularly 3DES encryption instead of the fcrypt used
> by rxkad now), but that would require some hacking in rxkad.  Transarc
> plans to support Kerberos 5 in some future release and we've been
> talking some with the person who was doing that work at Transarc so
> that we would end up with compatible stuff.  But he has apparently
> left Transarc and it's seems a little uncertain what will happen with
> that.

:-(

-- 
Brian May <bam@snoopy.apana.org.au>

PGP signature