---------- Forwarded Message ---------- Subject: Re: spkm3, pku2u question Date: Friday 03 January 2014, 18:08:53 From: Andy Adamson <[email protected]> To: "lux-integ" <[email protected]> CC: NFS list <[email protected]>
On Fri, Jan 3, 2014 at 10:43 AM, lux-integ <[email protected]> wrote: > Greetings > > I have been scanning the Internet to find out if spkm3 has been removed from > nfs4 and whether its proported replacement pku2u is available. I get > conflicting reports as te the demise of spkm3 and most of my endeavours for > pku2u seem to suggest it is available now only as a binary release for > microsoft windows. > > > I would be grateful for some advice regarding > > --a) spkm3 status in current releases of linux kernel and nfs-utils etc. ( > i.e. is it or is it not there and working?) SPKM3 failed to make it through the IETF - the draft I was working on expired in 2005. It has therefore been removed from the upstream kernel, nfs-utils etc, although some definitions remain. > --b) wheher an 'open-source' pku2u for linux is availablea as replacement for > spkm3 and if so where to find it. AFAIK there is no open source pku2u. PKU2U is a good idea as it uses the Kerberos protocol with different payloads so kernel Kerberos implementations would not need to change. If I remember correctly the job WRT MIT Kerberos would be to refactor the KDC code into library calls so that a PKU2U server could instantiate a KDC of one entry for itself backed by an X.509 cert - but it's been a long time since I reviewed it. -->Andy > > yours soncerely ################# I forwarded the email above to show the brief discussion on the nfs4 mailing list last saturday. QUESTIONS I would be grateful if someone on list could elucidate:- --1-. Is there an open source pku2u effort as part of mit-kerberos/pkinit ? --2 If there is no-opensource pku2u to speak of, could using pkinit substitute for the promises of pku2u? sincerely luxInteg ----------------------------------------- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
