Date: Mon, 30 Jan 1995 13:36:24 -0500 From: Garrett Wollman <wollman@halloran-eldar.lcs.mit.edu> To: Doug Rabson <dfr@render.com> Cc: hackers@FreeBSD.org Subject: NFS with kerberos authentication Message-ID: <9501301836.AA16079@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.BSF.3.91.950130161202.27708D-100000@minnow.render.com> References: <Pine.BSF.3.91.950130161202.27708D-100000@minnow.render.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 30 Jan 1995 16:27:29 +0000 (GMT), Doug Rabson <dfr@render.com> said: > 2. Mount_nfs has no way of determining the correct ticket file to use > since it cannot examine the KRBTKFILE environment variable of the process > which initiated the authentication request. It's not clear that it /should/ do so... > I 'solved' it by leaving the uids alone and constructing the name of the > ticket file in the same way as src/usr.bin/login/klogin.c. This only > works for ordinary instances and fails for root instances since they > generally override the name of the default ticket file with the KRBTKFILE > variable. root instances are not intended to be network superusers. > I think that what is really needed is for the process which is > authenticating to register the name of its ticket file and for this name > to be sent to mount_nfs to use for the authentication. At MIT, a user-level daemon is used to directly pass the authentication from the user program to the server, with no modification of the NFS client or server code. (At LCS this program is called `fsauth'.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9501301836.AA16079>