OK, GSSAPI-ized, but that doesn't pronounce very well.... I've uploaded a new minicpan devel.tgz which includes the GSSAPI tarball, and also binary tarballs of the usr-efs-devel.tgz file for all 4 of the supported platforms. The efs_virtual_machine script automates the Kerberos setup completely, and I am confident that if you rebuild your test.efs from scratch, and your VMs from scratch, you'll get a fully working Kerberos-enabled test environment.
This is a HUGE milestone. I thought this would take a lot longer to get working, but it's been 2 weeks, start to finish. I decided not to make the use of GSSAPI optional. You *must* build the module since the code requires it, but you don't necessarily have to configure your EFS environment to use GSSAPI authentication. There's almost certainly some work to do with respect to how the configuration is managed, but basic authentication works. Since we don't have anyone banging on our door wanting to bootstrap anything (I haven't heard from ANY of our early adopters in many weeks), I am debating what to do next. NFSv4 is very, very tempting since I've read a lot about it in the last week or so, and it looks relatively straight forward. We also need to think about backporting the GSSAPI support into EFS 2, as well (which really won't be that hard; to code OR to deploy). Regardless of where we go next, we can now say with confidence that EFS has very robust and secure authentication. If we start using NFSv4, we'll be able to say that about the underlying filesystem, too.
_______________________________________________ EFS-dev mailing list [email protected] http://mailman.openefs.org/mailman/listinfo/efs-dev
