Coda File System

Re: Kerb5 Howto? (Re: Coda and Kerberos)

From: Peter J Braam <braam_at_cs.cmu.edu>
Date: Wed, 27 Jan 1999 10:10:06 -0500
There are two parts to this story:

1. setting up a Kerberos 5 server - I found this hard.
2. setting up our stuff - this should become a short section in the Coda
HOWTO. 

Volunteers? 

Peter 




At 11:58 PM 1/22/99 -0600, you wrote:
>> > Hi folks,
>> >
>> > I'd like to get an idea of who is using KerberosIV and KerberosV support
>> > in Coda.
>> 
>> Me, for one. And it's very important. Now that I've got Doug Engert's
>> sslk5 working properly, we have a straight path from
>> 
>> Smartcard->PKI->Kerberos V->distributed file system
>> 
>> without all of the gunk that goes with a DCE arrangement, and (reasonably)
>> cross platform from Win95, WinNT to Unix (well, Linux right now), but
>> I might get round to looking at HP-UX some time next millenium.
>> 
>> > mapping issue (how to map Kerberos identities to Coda identities),
>> > authorization issues, not to mention ease of use issues (such as: we
>> > always use this command line flag, why isn't it the default, or that the
>> > automatic invocation of kinit is a pain, etc).  Kerberos support is
>> > important to us in that it allows easy integration with existing
>> > distributed systems and a single-login.  Because of existing setups here
>> > at CMU, we have tested K4 support more extensively than K5; as such K5
>> > comments would be particularly welcome :).
>> 
>> When I get some time, I'll get back to hacking on it. The
>> biggest changes are the ones that you suggested about mapping
>> Kerberos principals onto Coda ids. At the moment, I'm using a
>> grungy pattern match to do the work, but would like a bit more
>> flexibility than that gives me.
>
>Can I get an idea what needs to be done to make this work? I'm trying to
>set up Coda with Kerberos V authentication exclusively. Documentation on
>this is spotty to nonexistant to say the least.
>
>
>--------------------------------------------------------------------------
>| Troy Benjegerdes    |       troy_at_microux.com     |    hozer_at_drgw.net   |
>|    Unix is user friendly... You just have to be friendly to it first.  |
>| This message composed with 100% free software.    http://www.gnu.org   |
>--------------------------------------------------------------------------
Received on 1999-01-27 10:14:11