IANA GSSAPI name registry out of date

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

IANA GSSAPI name registry out of date

hartmans


Hi.  a vendor was asking about the gss service name registry and I took a look at http://www.iana.org/assignments/gssapi-service-names 

I think we could do some work updating this registry.

Errors I noticed;

1)  rcmd is v4

2) Missing  HTTP, cifs, ldap, probably many others.

I'd appreciate it if someone could prepare a set of updates to the
registry.  I'd be happy to review them and to send them to IANA.


--Sam


Reply | Threaded
Open this post in threaded view
|

Re: IANA GSSAPI name registry out of date

Henry B. Hotz

On Jun 30, 2005, at 9:44 AM, [hidden email] wrote:

> Hi.  a vendor was asking about the gss service name registry and I  
> took a look at http://www.iana.org/assignments/gssapi-service-names
>
> I think we could do some work updating this registry.
>
> Errors I noticed;
>
> 1)  rcmd is v4
>
> 2) Missing  HTTP, cifs, ldap, probably many others.

There was a thread around February 15, 2004 on this subject.

> Service names needing a machine instance:
>
> HTTP
> acap
> afpserver
> beep
> cifs
> cvs
> darkstar (JPL specific)
> daemon
> discuss
> ftp
> host = rcmd in K4
> hprop
> imap
> kca_service
> kprop
> ldap
> lpr
> lsf
> mupdate
> nfs
> nntp
> oracle
> pbs
> pcimac ?
> pcisrv ?
> pop
> postgres
> rootd
> smtp
> xmpp
>
> Service names needing something else for the instance:
>
> AuthServer
> M
> krbtgt
> afs
> kadmin
> zephyr
> changepw (I gather the Sun version uses a machine instance?)
> default
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[hidden email], or [hidden email]

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: IANA GSSAPI name registry out of date

Jeffrey Hutzelman


On Thursday, June 30, 2005 01:20:42 PM -0700 "Henry B. Hotz"
<[hidden email]> wrote:

>
> On Jun 30, 2005, at 9:44 AM, [hidden email] wrote:
>
>> Hi.  a vendor was asking about the gss service name registry and I
>> took a look at http://www.iana.org/assignments/gssapi-service-names
>>
>> I think we could do some work updating this registry.
>>
>> Errors I noticed;
>>
>> 1)  rcmd is v4
>>
>> 2) Missing  HTTP, cifs, ldap, probably many others.
>
> There was a thread around February 15, 2004 on this subject.

Hm.  At first glance, I thought this was overbroad, as the registry in
question is intended for GSSAPI service names.  However, the description
associated with that registry also makes specific mention of SASL and
Kerberos, and there is considerable value in avoiding any collisions in
these spaces.


So yes, assuming the registration policy permits it, I believe it would be
a good idea to register there any known Kerberos service names which are
not in general use.


On a similar note, I would argue that the registration of the 'rcmd'
service name is appropriate, though an update to the description indicating
it is normally used only with Kerberos V4 would be useful.  I would not be
surprised to see interop problems arising from the reuse of 'rcmd' to refer
to a different service.

-- Jeff
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: IANA GSSAPI name registry out of date

Russ Allbery
Jeffrey Hutzelman <[hidden email]> writes:

> Hm.  At first glance, I thought this was overbroad, as the registry in
> question is intended for GSSAPI service names.  However, the description
> associated with that registry also makes specific mention of SASL and
> Kerberos, and there is considerable value in avoiding any collisions in
> these spaces.

> So yes, assuming the registration policy permits it, I believe it would
> be a good idea to register there any known Kerberos service names which
> are not in general use.

A glance at the referenced web page didn't reveal an update procedure.
Does anyone know the procedure for registering new entries?  I should
probably register ident and webauth.

--
Russ Allbery ([hidden email])             <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: IANA GSSAPI name registry out of date

Nicolas Williams
On Thu, Jun 30, 2005 at 02:17:26PM -0700, Russ Allbery wrote:

> Jeffrey Hutzelman <[hidden email]> writes:
>
> > Hm.  At first glance, I thought this was overbroad, as the registry in
> > question is intended for GSSAPI service names.  However, the description
> > associated with that registry also makes specific mention of SASL and
> > Kerberos, and there is considerable value in avoiding any collisions in
> > these spaces.
>
> > So yes, assuming the registration policy permits it, I believe it would
> > be a good idea to register there any known Kerberos service names which
> > are not in general use.
>
> A glance at the referenced web page didn't reveal an update procedure.
> Does anyone know the procedure for registering new entries?  I should
> probably register ident and webauth.

Just send IANA e-mail.
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: IANA GSSAPI name registry out of date

Henry B. Hotz
In reply to this post by Jeffrey Hutzelman

On Jun 30, 2005, at 2:00 PM, Jeffrey Hutzelman wrote:

> On Thursday, June 30, 2005 01:20:42 PM -0700 "Henry B. Hotz"  
> <[hidden email]> wrote:
>
>> There was a thread around February 15, 2004 on this subject.
>
> Hm.  At first glance, I thought this was overbroad, as the registry in  
> question is intended for GSSAPI service names.  However, the  
> description associated with that registry also makes specific mention  
> of SASL and Kerberos, and there is considerable value in avoiding any  
> collisions in these spaces.

Agreed.  Also there is the possibility that e.g. PostgreSQL (postgres)  
might be upgraded from bare Kerb 5 to gssapi and would expect to keep  
the same service principal.

> So yes, assuming the registration policy permits it, I believe it  
> would be a good idea to register there any known Kerberos service  
> names which are not in general use.

Seems like we really want a generic registry, not just a gssapi one.  I  
would argue for a new registry if the current one won't stretch.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[hidden email], or [hidden email]

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev