Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"You tweachewous miscweant!" -- Elmer Fudd

devel / comp.protocols.kerberos / Re: Kerberos Server Implementation

SubjectAuthor
o Re: Kerberos Server ImplementationRuss Allbery

1
Re: Kerberos Server Implementation

<mailman.10.1642792804.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=198&group=comp.protocols.kerberos#198

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: eag...@eyrie.org (Russ Allbery)
Newsgroups: comp.protocols.kerberos
Subject: Re: Kerberos Server Implementation
Date: Fri, 21 Jan 2022 11:19:16 -0800
Organization: The Eyrie
Lines: 26
Message-ID: <mailman.10.1642792804.8148.kerberos@mit.edu>
References: <A5A013CF-A713-4512-971C-70FF5A2FDEF6@amazon.com>
<CAOdMLc04SLQ8zMKKqTCYEeBJK31CcfZ4Kp31TNLmfA8gtAiMDw@mail.gmail.com>
<7E724A28-77D8-4ED9-A84F-F537B122FF63@cs.rutgers.edu>
<87czkkvqvf.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="30850"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cc: Chris Hecker <checker@d6.com>, "Gupta, Divyansh" <guptadiv@amazon.com>,
"kerberos@mit.edu" <kerberos@mit.edu>
To: Charles Hedrick <hedrick@rutgers.edu>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=XXcXfGUP3chvQJ79aQOy+9oNS/HM47UvGUXTc5wHzesoBeQqgNPz5ywAFE4p5xNtTHh6E6mpxX204UYw/VjHLY4kq4Mf5+LgghCglWv7dK79Re64ajX5rFBRRrP7T0j2qKvzPNZjl0gzcxUmA4yb7R4obQYGMfdnjbf12ydhMty5GQEVApZ1Ofw5XSyDOm2o9K63MxuLXt0bWFuZdQcnAkzc5ZodQWA4JpTUSf49jH3/2NlQsVmCh3le9+9Q7teGUcN7sbWifmBAi8U7GTBrwcDktsqIb3iBfHR04PMroy3PnejY1M2B5pajYaRW3rb6nTTszwgVi9BfycXDSlRR5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=JqcyTfQ5Jp4BvJ2rxZhrUCwgG2LKPDcY1xQ6oe5xEq8=;
b=flrUXTNtQqEKgpynal7GbRD2lOwwbTJMI6hwmutefq0B/KfGXmJzaNOFTk9Ca0tFbYoD2jnfJtPVMWMErdFdvVuaxZHBG+XnAxlueCYhRRe7aGC+1B16sgEVcRX93WGqNUufp+7HCm0xFbkhBu+OI/qgnUHcFO4/uh0Mc7+z6DZrwJkcl6CP8rpMECbH2qtfJrncxtYBQKELVVgRF+7JdNderVNSkvLf1vRf9D2lawWzpLDjIKYvepA8XZ0404x5hfvgwmJFt/d0obWgUN1HhNIjHKJsuc2Fo4NC7NUiCyBxE1E0bJgyylwoiPJQzRtA0E+khLDqVyFbhSsTVhFccg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=JqcyTfQ5Jp4BvJ2rxZhrUCwgG2LKPDcY1xQ6oe5xEq8=;
b=jsfd9/1JcTHxgMV5U22DarWNMeNnpVhVsiIT6MG5CdmrQj66V/DcabCfxPj1Ly1yUd78YwYnYk0R8bvBCZjI4tWo+C7iv3OznpLI4GFMUPZqlGP6wDh5GbXToGbdaxuZRSNauDbQiTqTMfY3P+5PKZfkFY6VfBYb1gtMQtyo+HA=
Authentication-Results: spf=pass (sender IP is 166.84.7.159)
smtp.mailfrom=eyrie.org; dkim=none (message not signed)
header.d=none;dmarc=bestguesspass action=none header.from=eyrie.org;
Received-SPF: Pass (protection.outlook.com: domain of eyrie.org designates
166.84.7.159 as permitted sender) receiver=protection.outlook.com;
client-ip=166.84.7.159; helo=haven.eyrie.org;
In-Reply-To: <7E724A28-77D8-4ED9-A84F-F537B122FF63@cs.rutgers.edu> (Charles
Hedrick's message of "Fri, 21 Jan 2022 18:40:18 +0000")
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c9c40a59-c6d3-4ede-76e8-08d9dd12ec77
X-MS-TrafficTypeDiagnostic: BN6PR01MB2419:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <BN6PR01MB24197F4A1D85C91A37304ACAA65B9@BN6PR01MB2419.prod.exchangelabs.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: MMS+nehSEyvYLiG3IfHFnWovn3w2K9sfzB8/hhxFDzDgQ3FYcFuVuplmFsjPty9Zo3J4pJsF3VHr5FiodU1+KNNLkid/akX8+FRkjYd2AORf7p+jdn4q2/ht5ZKYSZaOatsYch/6dBdIPlfSuu8FYBbhKe/38U4u/fZ33hT0nxrRUia8p42OzBrq1m5IQEr5WcCMaAv7IIsbcW8n7ML9K/a4V0NA9slizwJPnxqC4+Vj8dRZmifefhScXsOAFXZI/74EKxhJs9imKZqLm+kR/LbKCPz6JZNjYmBMdKbe+aYcpp8rSl7dt/bO/W0PVfX8VO/z1rAuetwIVU7yBSEQE+Ka1PXZ0abbiGSMb6QxOOlx3+wFir+DANURpzqTP54DT4ITiKoOgNZyVtsTZAFRtB9j45n17720U7f3vDfPeupaZGjtCEe1gHe5v4R/qEGh3UqwScTmIRXBBcJCMs/QnQvsMpuS/W1gaAkFMKRq/WVsQahELo2QnjjpT70vrFt2PMM7Uj9XscDRgE+DumWWicPvsVZ9Q1MIYRXe+NzShViPtYP7Zx0TRN4ayqoPOlUW/CmJb+zyo2okJLvg2o/qqYb9T1J3N7JUfTRZVd7AaIivO+SvW0Gxtlp6A0Yr2vSoJlOaKc5HH5reiKJEq2mUv2/3+mvNunQqbPocM9dqLP+ivgmHUlkC7LOIuVaeCOXEJa61rZ1ItZKRfI2gu6yttA==
X-Forefront-Antispam-Report: CIP:166.84.7.159; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:haven.eyrie.org; PTR:haven.eyrie.org; CAT:NONE;
SFS:(4636009)(26005)(966005)(5660300002)(6862004)(426003)(4326008)(42186006)(8676002)(36916002)(68406010)(316002)(786003)(2906002)(54906003)(70586007)(508600001)(336012)(6266002)(3480700007)(7596003)(7116003)(86362001)(356005)(7636003);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2022 19:19:19.4163 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c9c40a59-c6d3-4ede-76e8-08d9dd12ec77
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT053.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR01MB2419
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MIME-Autoconverted: from quoted-printable to 8bit by mailman.mit.edu id
20LJK4UX1095534
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <87czkkvqvf.fsf@hope.eyrie.org>
X-Mailman-Original-References: <A5A013CF-A713-4512-971C-70FF5A2FDEF6@amazon.com>
<CAOdMLc04SLQ8zMKKqTCYEeBJK31CcfZ4Kp31TNLmfA8gtAiMDw@mail.gmail.com>
<7E724A28-77D8-4ED9-A84F-F537B122FF63@cs.rutgers.edu>
 by: Russ Allbery - Fri, 21 Jan 2022 19:19 UTC

Charles Hedrick <hedrick@rutgers.edu> writes:

> This is a client-server pair designed to create home directories for
> users. When you’re using kerberized NFS the normal pam_mkhomedir won’t
> work, because it assumes that root can create directories in the file
> system. With kerberized NFS, root has no special privileges. So we have
> a pam_kmkhomedir that calls a process on the file server to do the
> creation.

> If I were doing it again, I’d probably write it using GSSAPI rather than
> a basic Kerberos client / server. Then I could write the server as a web
> service in python and use libcurl on the client side. Unfortunately it
> doesn’t seem to be practical to write a pam module in anything other
> than C, but with libcurl all the GSSAPi stuff is handled by the
> library. If the client isn’t a pam module, it’s easy enough to write a
> GSSAPI client in python. (I can give you example client-server if you
> need it.)

You may also be interested in remctl, which is designed to do this sort of
thing.

https://www.eyrie.org/~eagle/software/remctl/

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor