Long key secure RPC&NFS is available

A.N.Kuznetsov (inr-linux-kernel@ms2.inr.ac.ru)
Fri, 22 Mar 1996 17:40:04 +0300 (MSK)


Hello!

I finished secure RPC package using arbitrary size keys.
This version should be really secure.

I have Linux version (tested for almost 2 weeks)
and Solaris 2.3 version (tested for 3 days).
It should work for Solaris > 2.3, but I am not sure.
I believe Linux version can be painlessly compiled
for SunOS 4.x.x.

How to get it?

I am somewhat offended by absence of any feedback to
my secure RPC NFS, so that:

1. ftp.inr.ac.ru:/secure_nfs.tar.gz contains kernel patches
(they should fit to any kernel 1.3.71 - 1.3.77)
and upgrades for mount, nfsd, amd.

secure_rpc directory contains not secure 192-bit version
of secure RPC utilities. Do not use it!
Do not use NATIVE Sun secure RPC too! It is not
only not secure, it may be major security hole.
I suspect, that any curious person can easily crack Sun style
publickey database and evaluate all user's passwords.

2. To get long key secure RPC package, please, send your requests
for Linux and/or Solaris versions to me.

They are not free 8)8) I will require any feedback 8)8)

More seriously, this package cannot be fully compatible with
standard Sun secure RPC. I believe, that all clients (f.e. NFS)
and major servers (f.e. NFSD) are compatible. But all the tools:
keyserv, keylogin, chkey, newkey (and login, passwd, yppasswd, if they
are aware of secure RPC) should be replaced on ALL your network.
So that I am obliged to provide wide compatibility, and
I'd like that you help me.

I expect that somebody will help to test it:

a) for solaris2.x. I do not use NIS+ on my Sparc with
Solaris-2.3, I use plain YP, so that I am sure that
it works only when publickey database is served by YP.

b) I do not use NYS package on my Linux hosts and I do not
know how this package will interfere with NYS.

c) It is interesting, whether this package will work for SunOS4.x.x

d) And for another platforms?

Alexey Kuznetsov.
kuznet@ms2.inr.ac.ru