Re: New extensible GSSAPI implementation

From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 11/12/05

  • Next message: Doug Rabson: "Re: New extensible GSSAPI implementation" 
    Date: Sat, 12 Nov 2005 11:06:26 +0000 (GMT)
To: Doug Rabson <dfr@nlsystems.com>

    On Sat, 12 Nov 2005, Doug Rabson wrote:

    > For quite a while now (far too long in fact), I've been slowly working
    > on an extension framework for GSS-API. This was partly prompted by an
    > interest in NFSv4 which requires both LIPKEY [RFC2847] as well as
    > Kerberosv5 as security providers. The existing FreeBSD GSS-API library
    > comes from Heimdal and only provides Kerberosv5. It is also a necessary
    > pre-requisite for an implementation of RPCSEC_GSS which I'm not quite
    > ready to commit.

    This is great news! Have you taken a look at the Solaris inclusion of
    gssapi parts in their kernel:

       http://fxr.watson.org/fxr/source/common/gssapi/?v=OPENSOLARIS

    I assume this is associated with NFSv4 support, but haven't dug around at
    all yet other than noticing it there the other day. Most other discussion
    of GSSAPI I've seen assumes that the crypto takes place in user space, but
    having it in kernel has some significant advantages (especially if you
    have a fully preemptive kernel, which we now have).

    Robert N M Watson
    _______________________________________________
    freebsd-arch@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-arch
    To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"

  • Next message: Doug Rabson: "Re: New extensible GSSAPI implementation"