[1478] in Kerberos
Re: Version 5 ?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Jul 30 20:43:51 1991
Date: Tue, 30 Jul 91 20:15:26 -0400
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: rgb@hal.com
Cc: kerberos@ATHENA.MIT.EDU, rgb@hal.com
In-Reply-To: Roger Bolick's message of Tue, 30 Jul 91 09:01:44 CDT,
Reply-To: tytso@ATHENA.MIT.EDU
Date: Tue, 30 Jul 91 09:01:44 CDT
From: rgb@hal.com (Roger Bolick)
These two bug reports are among the most common bug reports to
krb5-bugs@mit.edu, so I'll respond to the kerberos mailing list:
1. undefined _set_key in appl/telnet/telnetd final link, seems
the Sun has "encrypt(), but not set_key(), this appears to be
all software, so I borrowed an old crypt.c and placed it in
libtelnet.a. Seems like this should work.
The telnet application was obtained from the latest version of telnet
Berkeley, and the set_key() function was removed from libc by Sun; this
is an issue which should probably be brought up to either Berkeley or
Sun. (I suspect Sun may have removed set_key() for export reasons, but
I'm just speculating.)
2. appl/telnet/login final link had several unresolved references,
so added -lkrb425 and -lisode and now have:
ld: Undefined symbol
_krb_get_pw_in_tkt
_dest_tkt
I don't see these anywhere. What is the problem?
The problem is that all but one of the "#ifdef AUTHENTICATE"'s turn on
code which attempts to get Kerberos V4 ticket-granting-tickets, and the
undefined symbols exist because you don't have the Kerberos V4 library.
The quick fix for now is to turn off #undef AUTHENTICATE. However, the
following code is the one section of code which needs to have
AUTHENTICATE defined if you want login to work correctly with telnet, so
you will need to delete the "pwd->pw_uid == 0 ||" line if you turn off
AUTHENTICATE.
A cleaner fix (perhaps including code to automatically get Kerberos V5
TGT's) will be in the next beta release.
/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();
passwd_req =
#ifndef AUTHENTICATE
pwd->pw_uid == 0 ||
#endif
(uid && uid != pwd->pw_uid);
}
- Ted
