Date: Mon, 18 Sep 1995 07:30:21 +0200 From: Mark Murray <mark@grondar.za> To: Bill Paul <wpaul@freefall.freebsd.org> Cc: mark@grondar.za (Mark Murray), CVS-commiters@freefall.freebsd.org, cvs-user@freefall.freebsd.org Subject: Re: cvs commit: src/eBones/usr.sbin/kerberos kerberos.c Message-ID: <199509180530.HAA04084@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
> > > I'll gladly tar up the whole thing and give it to you, but nobody's > > > answered my questions yet: > > > > > > - Do we really want to import the GNU mp library? > > > > How big is that? > > -rw-r--r-- 1 root bin 108358 Jul 21 00:17 /usr/src/gmp-1.3.2.tar.gz > -rw-r--r-- 1 root sysman 261188 Jul 21 00:24 /usr/src/gmp-1.3.2/libgmp.a > -rw-r--r-- 1 root sysman 110280 Jul 21 00:25 /usr/src/gmp-1.3.2/libmp.a > > The libmp.a library is the part we need: it's a clone of the 'Berkeley' > libmp library. The libgmp.a library contains many other interesting > things, none of which are strictly necessary for Secure RPC. Still, if we're > going to do one, we may as wlel do both, since they're both GPL'ed. Not too bad... > > > - Do we want to import the new rpcgen? > > > > Again - how big is it? Can it replace or compliment anything? > > About the same size as as the existing rpcgen. If you reverse the > meaning of the -b flag, you could make it a drop-in replacemnt for > the old rpcgen. However, its ability to generate TI-RPC code would > be practically useless in FreeBSD, unless we suddenly grew some > STREAMS-based networking code. (One hack I had to make was to prevent > it from emitting an '#include <stropts.h>' line in backwards-compat > mode.) Yukk... > Also, I'm not sure you can totally hide Secure RPC inside the library. > Clients and servers that use RPC need to use extra functions (like > authdes_create()) that aren't present in the stock RPC implementation. > I'm not sure you could make things work with dummy functions. It might > be necessary to sprinkle #ifdefs into the code and produce two versions > of Secure RPC binaries -- one with AUTH_DES and one without. We have already done a similar thing with telnet. Telnet does not have functions in libc, but it does have its own libtelnet, which in the securedist contains crypto stuff... > One idea that had occured to me was to create a dummy libdes with > stub ebc_crypt() and cbc_crypt() functions that either didn't encrypt > anything at all, or used some other encryption besides DES that > wouldn't get us in hot water. The result would be that FreeBSD machines > could make Secure RPCs between each other, but not with other systems. > You could then install the appropriate libdes.so from the securedist > to make it work with other systems (which would mean other Solaris > systems at this point). This precedent has been set already; we have a FreeBSD-only crypt(3). > The reason I was hesitant to suggest this is because I remember reading > somewhere that code that calls encrpytion functions is every bit as > restricted as the encryption code itself. The Secure RPC stuff certainly > qualifies. Then again, Sun distributed the sources to Secure RPC > without any trouble, so I may be overreacting. > > I'd like to avoid the 'dummy libdes' idea since it would destroy > interoperability with other OSes, but we may have to deal with it. We can swing this, I think. Like I said, we already have one 'alternative' crypt(3), that breaks certain exchanges (passwds) between our systems and others. If we have a dummy DES just to make the code not puke, and then have a des library that does the proper job in securedist, one version in the US and another distributed outside, there should be no (FreeBSD) problem. I don't know much about licensing code with crypto calls. > Anyway, I'm going to see what I can do about packaging up the stuff I've > been working on so I can ship it out to you. I'm still hacking on a few > things. Let me know how toy want to transfer things (I can either > put the stuff on my FTP server or FTP it to you). Either way is fine - Either send it to ftp.grondar.za:/pub/incoming or I'll fetch it. Thanks! M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grumble.grondar.za for PGP key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509180530.HAA04084>