(Illustration by Gaich Muramatsu)
On Tue, 2004-02-17 at 18:05, Greg Troxel wrote: > I have been working on adding GSS-API authentication to auth2 and clog - > it uses GSS-API to authenticate and then wrap the coda tokens for the > client who can unwrap them and use them. I haven't looked at what venus > does with those tokens (in fact I don't really have a clue) but at least > the authentication part is basically there. > > The critical part is the authentication of the actual RPC2 messages. > Getting tokens delivered more securely is a helpful step, but it > doesn't directly address the biggest problem. There is already > kerberos support for auth2, I think, and I thought it used krb5 to > obtain tokens - how is what you are doing different from that? But I > haven't paid too much attention since the tokens pare still then used > in an insecure manner. > Its basically no different from "native" kerberos5 support - except it uses GSS-API which allows for other authentication mechanisms. I did this work so I could use GSI(Grid Security Infrastructure) as the underlying authentication method. -MReceived on 2004-02-17 12:46:29