On Tue, 2004-02-17 at 18:05, Greg Troxel wrote:
>   I have been working on adding GSS-API authentication to auth2 and clog -
>   it uses GSS-API to authenticate and then wrap the coda tokens for the
>   client who can unwrap them and use them. I haven't looked at what venus
>   does with those tokens (in fact I don't really have a clue) but at least
>   the authentication part is basically there.
> 
> The critical part is the authentication of the actual RPC2 messages.
> Getting tokens delivered more securely is a helpful step, but it
> doesn't directly address the biggest problem.  There is already
> kerberos support for auth2, I think, and I thought it used krb5 to
> obtain tokens - how is what you are doing different from that?  But I
> haven't paid too much attention since the tokens pare still then used
> in an insecure manner.
> 

Its basically no different from "native" kerberos5 support - except it
uses GSS-API which allows for other authentication mechanisms. I did
this work so I could use GSI(Grid Security Infrastructure) as the
underlying authentication method.

-M