Peter J Braam wrote:
> 
> Hi Troy,
> 
> If you are in a position to maintain this that would be super.  There are a
> number of trivial bugs with the kerberos stuff that need fixing and you can
> find these on
> 
> www.coda.cs.cmu.edu/bugs.
> 
> The requirements for making crypto packages available are not very
> complicated, and perhaps you could put them up for ftp and we put a link on
> our pages.
> 
> Would it be worth to have you write a short section for the HOWTO about how
> you got this going?
> 
> If I can download the PPC rpms somewhere then we can put those on the web too.
> 

Well, the PPC RPMS right now all require kerberos and glibc-2.1. If I
get time I'll rebuild the regular CODA rpms for ppc. Can I upload them
to ftp.coda.cs.cmu somewhere?

For krb5, I'm currently trying to set up Coda for a 8-node Beowulf-type
computation cluster at work, and since we already use kerberos
authentication, I thought this would be quite handy.

I've gotten coda and krb5 to work fine at home (on my PPC boxes), but
I'm currently haveing some strange problems with kclog (On Intel RH-5.2
machines). Once I get everything working, I can upload the RPMS, spec
files, and patches if you like.

Also, can someone comment on my earlier feasability questions please? ;)

> - Peter -
> 
> At 07:40 PM 2/7/99 -0600, you wrote:
> >I have just successfully gotten Coda 5.0.1 to work with MIT Kerberos5
> >1.0.5 (after figureing out the coda server needs a Krb5 host
> >key/principal)
> >
> >I built RPMS of coda and kerberos, and included the Krb5 PAM module to
> >allow logins, etc. If anyone wants these, let me know. Q: Can I send an
> >rpm spec file outside of the US and not violate export regs?. (If not, I
> >could snail-mail a diff or the spec to someone)
> >
> >I'd like to offer to help with the KrbV and PAM modules, since I would
> >find them very usefull. ;)
> >
> >I also have a couple of feasability questions, now that I have a better
> >idea what's going on. How hard would it be to:
> >
> >1) use Kerberos as the authentication/encryption mechanism all the way
> >though Coda? (This might be a way to get around encryption export stuff,
> >since krb5 can be gotten from replay.com and there is a free krb4 clone in
> >Europe somewhere)
> >
> >2) make direct use of kerberos principals so that say, anyone with a
> >joeuser/admin principal can be a member of the System:Adminstrators group
> >while the regular joeuser principal is not. (along these lines, this would
> >allow a joeuser/cron or joeuser/daemon principal to get coda tokens for
> >cron jobs or such from a kerberos ticket the user has left for that
> >purpose, via a ticket with an extremely long lifetime)
> >This might also solve the "how do I authenticate the web server" type
> >problems. (Correct me if I'm wrong, but could having a host key/principal
> >for the webserver machine allow this?)
> >
> >3)
> >   a) automatically get coda tokens from kerberos tickets if they exist
> >       or
> >   b) use kerberos facilities to replace coda tokens (this sorta goes with
> >      (1) above)
> >
> >4) This is more of a kerberos thing, but krb5 has the DES3 code
> >   modularized, so what would it take to update the krb5 encryption code
> >   to use something like blowfish and friends?
> >
> >
> >On Sun, 7 Feb 1999, Robert Watson wrote:

-- 
Troy Benjegerdes		troybenj_at_scl.ameslab.gov
Scalable Computing Lab		   hozer_at_drgw.net