From owner-freebsd-security@FreeBSD.ORG Mon Jun 7 14:37:09 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8C7391065674; Mon, 7 Jun 2010 14:37:09 +0000 (UTC) (envelope-from dfr@rabson.org) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 2F89B8FC08; Mon, 7 Jun 2010 14:37:08 +0000 (UTC) Received: by gwj20 with SMTP id 20so516535gwj.13 for ; Mon, 07 Jun 2010 07:37:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.234.3 with SMTP id ka3mr2282584qcb.261.1275920127521; Mon, 07 Jun 2010 07:15:27 -0700 (PDT) Received: by 10.220.200.72 with HTTP; Mon, 7 Jun 2010 07:15:27 -0700 (PDT) In-Reply-To: References: <19467.61790.690469.182207@hergotha.csail.mit.edu> Date: Mon, 7 Jun 2010 15:15:27 +0100 Message-ID: From: Doug Rabson To: Jos Backus X-Mailman-Approved-At: Mon, 07 Jun 2010 15:35:35 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: bf1783@gmail.com, freebsd-security@freebsd.org, freebsd-current@freebsd.org, Garrett Wollman Subject: Re: Our aging base system heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jun 2010 14:37:09 -0000 On 6 June 2010 21:09, Jos Backus wrote: > Any chance the kadmin protocol will ever be standardized? > > My understanding is that the MIT kadmin protocol is based GSS-API authenticated RPC which FreeBSD didn't support until recently. I added working RPCSEC_GSS to our userland RPC library in 2008 and it should be available in FreeBSD 8.x and later. In theory, if MIT actually document their protocol, it should be reasonably straightforward to support it. I doubt if I will be able to do the work either for this or for upgrading heimdal.