"noam rinetzky" <[EMAIL PROTECTED]> writes:
...
> I'm writing a network application in which clients and servers run inside=
> =20
> Linux Kernel. It requires authentication and message integrity. I was=20
> thinking of using Kerberos for authentication and getting the security=20
> services by using gssapi. However It looks like the implementation of gss=
> api=20
> seems to use "user-land" library and headers such as errno, malloc etc.
>
> I was wondering if anyone knows if it is possible to use gssapi inside th=
> e=20
> kernel, and what is required in order to do so.
...
I wouldn't recommend using MIT's gssapi library in the kernel.
Even more important: avoid using the MIT K5 rpc-on-gssapi stuff,
as it has design and methodology problems.
CITI at the University of Michigan has put some work into gssapi,
kerberos, and the kernel, for NFS v4 and such like. I think I'd
start by talking to them and seeing what they have. Try mailing:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
I see someone else has already posted a link pointing to their web
page on this.
Personally, I think you'd be better off avoiding the use
of gssapi unless you have some sort religious reason to use it,
or you intend to support smart cards and other things, so
can actually make use of the flexibility gssapi offers.
I think most of the reasons you might want to use gssapi are
probably also good reasons why you would want to use whatever
it is that you are doing in userland.
-Marcus Watts
UM ITCS Umich Systems Group
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
