Arla and Heimdal?
Brian May
bam at snoopy.apana.org.au
Wed Jul 7 22:29:00 CEST 1999
Thanks for your reply.
Note to arla-drinkers: please CC all replies to me - I am not subscribed
to your mailing list
On Tue, Jul 06, 1999 at 01:51:04PM +0200, Assar Westerlund wrote:
> Brian May <bam at snoopy.apana.org.au> writes:
> > I was interested if there was a free implementation of AFS, so I wrote
> > a message in comp.protocols.kerberos. Somebody suggested Arla is just
> > this, so I did a web search for Arla, and found free source code for a
> > free implementation of AFS (I can't remember off hand if this was both
> > server and client, I assume so).
>
> Well, the client is quite a lot more stable and more functional that
> the server, currently.
How much/what work is still required on the server?
> > I was wondering if there are any long-term plans to upgrade this from
> > Kerberos4kth to Kerberos 5? How different is the kerberos 5 API to
> > the kerberos 4 API?
>
> You can use heimdal with Arla (and AFS in general), but you still need
> a krb4 package and build heimdal with krb4 compatibility. Being able
> to have a krb5-only AFS is almost possible but requires being able to
> have krb5 support in the rxkad module (the authentication system used
> by the RPC system used by AFS) and our copy has hooks for that. If
> you want to talk to Transarc servers, however, you still krb4 or being
> able to replace the rxkad library used by the servers.
I am not particularly interested in backword compatability myself. I
am more interested in Arla as a free, secure, filesystem with Keberos
support. I personally wouldn't mind if compatability was broken with
Transarc servers, especially if it meant better functionality. However,
I don't have any Transarc servers anyway ;-), so my be biased.
Are there any standards (proposed or otherwise) that define AFS? eg
any RFCs?
Does heimdal come with krb4 compatability? This is one aspect I wasn't
too sure of, I think configure might have turned in off by default (I
will have to check this).
So, for krb5 support, I guess the only think required is to write
code for the hooks in the rxkad module...
> The other thing that's interesting is to make use of some of the new
> stuff in krb5 (particularly 3DES encryption instead of the fcrypt used
> by rxkad now), but that would require some hacking in rxkad. Transarc
> plans to support Kerberos 5 in some future release and we've been
> talking some with the person who was doing that work at Transarc so
> that we would end up with compatible stuff. But he has apparently
> left Transarc and it's seems a little uncertain what will happen with
> that.
:-(
--
Brian May <bam at snoopy.apana.org.au>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00000.pgp
Type: application/octet-stream
Size: 349 bytes
Desc: "PGP signature"
Url : http://lists.stacken.kth.se/pipermail/arla-drinkers/attachments/00000000/5c110c36/pgp00000.obj
More information about the Arla-drinkers
mailing list