From: Ben Kaduk Date: Mon, 9 Dec 2013 04:29:18 +0000 (-0500) Subject: Add epoch/cid to RXGKTodo X-Git-Url: https://git.openafs.org/?p=openafs-wiki.git;a=commitdiff_plain;h=12762a3d10d14f9128135972c1e7edf55ebdeef5;hp=2882e12d6b3d32bf9d6afa391fbeb7466fe444f0 Add epoch/cid to RXGKTodo --- diff --git a/RXGKToDo.mdwn b/RXGKToDo.mdwn index 8ea62b1..c9d2d25 100644 --- a/RXGKToDo.mdwn +++ b/RXGKToDo.mdwn @@ -15,4 +15,5 @@ If you wish to work on any of these items, please note your interest by adding y * Review the existing rxgk code that kaduk will be posting to gerrit * Review the existing pthread-bos code on gerrit -- bos is a nice simple standalone protocol to play with rxgk-ifying, but it is only possible for the pthreaded version. * Decide whether the bosserver should use an ephemeral token-encrypting key. There are no long-lived connections to the bosserver and this would save on the hassle of putting another key on disk, but it makes localauth more complicated. Absent a scheme to print initiator credentials from given acceptor credentials (could be done for krb5 with a sort of kimpersonate), we probably have to do a real GSS negotiation, which depends on the network and everything being configured properly. +* Move rx epoch and cid generation into the core rx code (out of rxkad). This will require some thought to seed the rfc3961 crypto random generator in the kernel on platforms which do not already implement in-kernel randomness (maybe just HPUX or something like that?). An attempt at this is at https://github.com/kaduk/openafs/commits/epoch but that branch has been overtaken by events in terms of rfc3961 support, I (kaduk) believe.