This is an announcement of the RPCSEC GSS patch that accompanies the first public release of NFS version 4 for Linux, by the University of Michigan. This patch implements the rpcsec_gss protocol (RFC 2203) with the Kerberos V5 mechanism (RFC 1964) for the Linux kernel. This patch requires a linux crypto kernel patch. I've developed this code using the crypotapi (cryptoapi-2.4.10.diff), and uses the des-cipher module and the md5-digest module to perform the verification of the gss packets using the default Kerberos v5 algorithms. I have yet to implement data integrity/privacy. A patch for MIT Kerberos 5-1.2.3 to enable the gssapi mechinism glue layer is also included. I've hardcoded the NFSv3 client to use the code, and can pass all the connectathon tests using RPC_AUTH_GSS against the Solaris 2.8 NFSv3 server, and will be testing against NFSv4 implentations at Connectathon 2002. As is the case with our NFSv4 release, we are now hoping to involve the open-source community at large in the code development. Eventually, we hope to integrate our RPCSEC_GSS implementation into the Linux kernel proper. To download the set of patchs for the 2.4.4 kernel, please see: http://www.citi.umich.edu/projects/nfsv4/feb_2002_rel/rpcsec_patch.html Disclaimer: This is development code which is incomplete in many ways, and is not nearly to the point of being ready for the kernel. Please bear this in mind when playing with it, and have fun tearing apart our code! Cheers, Andy Adamson Center for Information Technology and Integration - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
