[torquedev] GSSAPI

Åke Sandgren ake.sandgren at hpc2n.umu.se
Sat Feb 17 01:36:07 MST 2007


On Fri, 2007-02-16 at 23:36 +0100, Sergio Gelato wrote:
> * Åke Sandgren [2007-02-15 22:29:12 +0100]:
> > On Thu, 2007-02-15 at 13:57 -0700, Garrick Staples wrote:
> > > How do people feel about the gssapi support?  Is it ready for trunk?
> > 
> > If you don't mind too much we would like to look it over again and talk
> > to some kerberos gurus first.
> > The last time i looked it didn't give me the "fuzzy warm feeling".
> 
> I'm afraid I have to second that. (And no, I don't call myself a
> Kerberos guru either.)
> 
> I've only just started looking at the implementation, but what little
> I've seen has convinced me that more work is desirable.
> 
> My main gripe so far is that the implementation doesn't apply any
> message integrity checks to the client-server connection. I don't
> think it would be a good idea to release a version without MIC support.

Yes, this is also our main problem with this.
To get this into shape one would perhaps have to rewrite the server-mom
communication interface altogether.
I would also like to see client-server authentication and of course
server-scheduler.

-- 
Ake Sandgren, HPC2N, Umea University, S-90187 Umea, Sweden
Internet: ake at hpc2n.umu.se   Phone: +46 90 7866134 Fax: +46 90 7866126
Mobile: +46 70 7716134 WWW: http://www.hpc2n.umu.se



More information about the torquedev mailing list