Tech Insider					   Technology and Trends

			   USENET Archives

Electronic mail:			      WorldWideWeb:	

From wesommer@ATHENA.MIT.EDU  Sat Aug  9 23:08:28 1986
To: hackers, kerberos
Subject: Sun RPC may now be kerberos authenticated...
Date: Sat, 09 Aug 86 23:04:58 -0500
From: Bill Sommerfeld < wesommer@ATHENA.MIT.EDU>

From looking at the Sun RPC documents, I got the general impression
that plugging a new type of authenticator into the library is
relatively simple.  I was right.

If you look in /@/priam/mit/w/e/wesommer/rpc/rpclib/, at
auth_krb.c, auth_krb.h, and svc_auth_krb.c, you can see what I had to

Mutual authentication is not implemented yet (although it should be
simple), and the error codes returned leave a little bit to be desired
(Kerberos has a somewhat wider variety, and information gets lost when
they get translated to the RPC codes).  It also doesn't know how to
deal with service principals other than "rcmd.< machine_name>@Athena".

I have a test program which uses this, as a "whoami" service (the
service takes a "void" parameter, and ships back three strings: the
three parts of your kerberos principal name).  I have "priam"
hardcoded into the programs (for simplicity); if the "test" program
(the daemon) is running on priam (I left it running), and you've done
a kinit and have a ticket for rcmd.priam@Athena, you're in business;
run "client", and it will tell you who you have authenticated as.

These playtoys are in rpc/westoys.

						- Bill

			   USENET Archives


The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or 

Electronic mail:			      WorldWideWeb: