[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Arla and Heimdal?



Brian May <bam@snoopy.apana.org.au> writes:
> I was interested if there was a free implementation of AFS, so I wrote
> a message in comp.protocols.kerberos. Somebody suggested Arla is just
> this, so I did a web search for Arla, and found free source code for a
> free implementation of AFS (I can't remember off hand if this was both
> server and client, I assume so).

Well, the client is quite a lot more stable and more functional that
the server, currently.

> I was wondering if there are any long-term plans to upgrade this from
> Kerberos4kth to Kerberos 5? How different is the kerberos 5 API to
> the kerberos 4 API?

You can use heimdal with Arla (and AFS in general), but you still need
a krb4 package and build heimdal with krb4 compatibility.  Being able
to have a krb5-only AFS is almost possible but requires being able to
have krb5 support in the rxkad module (the authentication system used
by the RPC system used by AFS) and our copy has hooks for that.  If
you want to talk to Transarc servers, however, you still krb4 or being
able to replace the rxkad library used by the servers.

The other thing that's interesting is to make use of some of the new
stuff in krb5 (particularly 3DES encryption instead of the fcrypt used
by rxkad now), but that would require some hacking in rxkad.  Transarc
plans to support Kerberos 5 in some future release and we've been
talking some with the person who was doing that work at Transarc so
that we would end up with compatible stuff.  But he has apparently
left Transarc and it's seems a little uncertain what will happen with
that.

> Seeing as the domain name contain "kth.se", it is my guess that both
> projects have been carried out by the same organisation(?) so it looks
> hopeful... However, I may be mistaken.

Well, I dunno about organisations particularly much, but I think that
you'll find that I've also written some of the code in Arla. :-)

> If I get no response here, I will try and mail the arla mailing lists.
> (Right now I am downloading the mailing list archives).

I've CC:d this disucssion to arla-drinkers.

/assar