Kerberos functionality?

Kerberos functionality?

[John Twilley]

I know that APOP's being added eventually to ways-to-read-mail.

WIll Kerberos ever be added?  I know there was discussion of something
like this in the past, but I don't know the end result.

Jack.

Re: Kerberos functionality?

[Rich Pieri]

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "JT" == John Twilley <jmt@NDA.COM> writes:

JT> WIll Kerberos ever be added?

If you are using a Kerberized movemail program, you have it.  If you are
not, you should.  Implementing Kerberos authentication in Emacs-Lisp is
probably unfeasable, and is a project I have no intention of tackling.

This is why, when I finally get around to rewriting the relevant section
of nnmail.el, I will be leaving in the capability of using an external
mail program.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBMuZ5oJ6VRH7BJMxHAQFJlgP/dmSNwSblULEdgF291uxmMY1RGG/NJxOO
JN3a+CwZh6HbAqtAq0rqeSoo+dd/ZlsyBsi7IvRkGR2SF1G8QZHlgR6taGo7gevn
9Gzj3cJAjqxCGx35LeGtTny/Cp251bvOxSyEijQPULKZdVMWgn9w1gCxpr8NXZw7
677oXTuYgAY=
=fkb4
-----END PGP SIGNATURE-----
-- 
Rich Pieri <rich.pieri@prescienttech.com> | Caution: Happy Fun Ball may
Prescient Technologies, Inc.              | suddenly accelerate to dangerous
A Stone & Webster Company                 | speeds.
I speak for myself, not PTI or SWEC       | 

Re: Kerberos functionality?

[Michael Welsh Duggan]

Rich Pieri <rich.pieri@PrescientTech.com> writes:

> If you are using a Kerberized movemail program, you have it.  If you are
> not, you should.  Implementing Kerberos authentication in Emacs-Lisp is
> probably unfeasable, and is a project I have no intention of tackling.

Actually, high on my wish list is Kerberos for emacs, in the c-code,
with some functions to access it.  (Maybe integrated into
open-network-stream.)

-- 
Michael Duggan
(md5i@schenley.com)

Re: Kerberos functionality?

[William M. Perry]

Michael Welsh Duggan writes:
>Rich Pieri <rich.pieri@PrescientTech.com> writes:
>
>> If you are using a Kerberized movemail program, you have it.  If you are
>> not, you should.  Implementing Kerberos authentication in Emacs-Lisp is
>> probably unfeasable, and is a project I have no intention of tackling.
>
>Actually, high on my wish list is Kerberos for emacs, in the c-code,
>with some functions to access it.  (Maybe integrated into
>open-network-stream.)

  This wouldn't be too hard.  I've had patches to do this for SSL in Emacs
for about a year now (using SSLeay of course), but haven't distributed them
for fear of jailtime. :)  I'll have to whip them into shape next time I
have some spare time.

-Bill p.

Re: Kerberos functionality?

[Ken Raeburn]

Rich Pieri <rich.pieri@PrescientTech.com> writes:

> >>>>> "JT" == John Twilley <jmt@NDA.COM> writes:
> 
> JT> WIll Kerberos ever be added?
> 
> If you are using a Kerberized movemail program, you have it.  If you are
> not, you should.  Implementing Kerberos authentication in Emacs-Lisp is
> probably unfeasable, and is a project I have no intention of tackling.

Probably not even possible, unless/until emacs gives you some way of
extracting both IP addresses of a net connection.

Re: Kerberos functionality?

[Ken Raeburn]

"Michael Welsh Duggan" <md5i@schenley.com> writes:

> Actually, high on my wish list is Kerberos for emacs, in the c-code,
> with some functions to access it.  (Maybe integrated into
> open-network-stream.)

Go for it!  But put plenty of thought into how interrupts should be
dealt with, blocking network i/o, that sort of thing.

I don't think integrating into open-network-stream is the best way,
though a lisp function that calls open-network-stream and then calls
krb-sendauth on the subprocess object would be very useful.

Of course, that still doesn't get us encryption....

Re: Kerberos functionality?

[William M. Perry]

Ken Raeburn writes:
>"Michael Welsh Duggan" <md5i@schenley.com> writes:
>
>> Actually, high on my wish list is Kerberos for emacs, in the c-code,
>> with some functions to access it.  (Maybe integrated into
>> open-network-stream.)
>
>Go for it!  But put plenty of thought into how interrupts should be
>dealt with, blocking network i/o, that sort of thing.
>
>I don't think integrating into open-network-stream is the best way,
>though a lisp function that calls open-network-stream and then calls
>krb-sendauth on the subprocess object would be very useful.
>
>Of course, that still doesn't get us encryption....

  the way I implemented SSL was you used a normal open-network-stream to
connecto to a host.  Then there was a secondary call
'ssl-initialize-connection' that did all the SSL handshaking, etc, and
marked the process as 'sslified'.  Then the read/write routines for
processes were modified to check the sslified bit, and use SSLread/SSLwrite
if it was set.

  This turned out to be a great way to do it, because you could do all
sorts of things before the SSL connection was established - netscape-style
SSL proxying negotiation (which happens in the clear), still being able to
use telnet in a subprocess or the 'tcp' package from the old GNUS to get
outside your firewall, traversing a socks firewall, etc.

  It has been a _long_ time since I really looked at kerberos, but I'm sure
something similar could be done.  The real bitch was writing RSA
certificate manipulation functions that could be exported to the lisp
level.  Bleah.

-Bill P.