Subject: Re: US crypto export resctrictions 'unconstitutional'
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Aidan Cully <aidan@kublai.com>
List: current-users
Date: 05/07/1999 21:49:28
On Fri, May 07, 1999 at 03:28:08PM -0700, Jonathan Stone wrote:
> In message <199905071902.PAA01709@ghost.whirlpool.com>,
> Andrew Gillham writes:
> >Perry E. Metzger writes:
> >>
> >[...]
> >>
> >> 2) Domestic is worthless anyway. Who wants 1DES based Kerb IV anyway?
> >>
> >> Perry
> >
> >So why is this "broken" implementation still in the tree then?
>
> Our intree krb4 works well with both AFS and MIT v4 KDCs, Since krb5
> has v4 backward compatiblity) it works with krb , our krb4 also
> interoperates with krb5.
There are a couple of issues, IIRC.. In particular, I'm pretty sure
the domestic 'passwd' program doesn't work with krb5's kadmind4.. This
is a fairly easy fix, but I'm not too worried about getting to it since
krb5 integration shouldn't take that much more work.
> >It
> >claims to be "supported", but doesn't appear to work except with a
> >couple clients.
>
> We only have one real client in the tree, AFAIK: telnet. The
> kerberised rsh/rlogin clients were removed for reasons I didnt
> understand and which sounded more religious than technical.
I was planning on enabling krb5 rsh/rlogin, and also GSSerizing our
ftp client/server. Is this a bad idea?
> >Is anyone working on Kerberos 5 packages?
>
> There is work being done on `integrating' krb5, yes.
> I'll leave it for them to answer.
Yes, I'm working on integrating krb5.. This has gone slowly (even
_really_ slowly) for a number of different reasons, not least of which
is that changing NetBSD still makes me pretty nervous. I plan to post
a proposal here when I'm ready to start integrating.
--aidan
--
"Hey Killjoy! How's your niece who's marrying a doctor?"
"It's time to admit that man's capacity for genocide is not aberrational,
but is part of his nature!"
-- Tom the Dancing Bug's Super-Fun-Pak Comix