logo_kerberos.gif

Projects/Kernel-friendly GSS subset

From K5Wiki
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


There is interest in splitting the GSS-API library to support easily building a subset for the message-protection functions (gss_wrap, gss_unwrap, etc.) for easy inclusion in operating system kernels. Main consumers would be operating system vendors who need to implement NFS or related protocols in the kernel. In practice this would entail carving out a vertical slice of the call tree, including (minimal) pieces of libkrb5 and most of libk5crypto.

Best outcome would separate these files into a subdirectory for easier porting and rearrangement into vendors' kernel source trees, but even isolating the message protection pieces into separate files would be an improvement over the current situation. (Need to investigate how badly they're interwoven currently.)

Implementation

As a starting point, the organization of uts/common/gssapi in the Solaris source code could be a guide. (see OpenSolaris OpenGrok)