[3515] in Kerberos
Apollo MIT Kerberos IV Questions
daemon@ATHENA.MIT.EDU (Julian Leong)
Mon Jul 4 22:14:04 1994
Date: Mon, 4 Jul 1994 18:50:34 -0700
From: Julian Leong <jules@ocf.Berkeley.EDU>
To: comp-sys-apollo@maelstrom.berkeley.edu
Cc: kerberos@MIT.EDU, security@maelstrom.berkeley.edu
I've just installed MIT Kerberos IV on an Apollo Domain/OS
machine and have a few questions general questions about
Kerberos as well as some Apollo specific ones.
() Problem with rlogin (tickets get truncated?)
I can use the kerberized rlogin client ONCE, but then any further
attempts under the same username will give me the following error:
Kerberos rlogin failed: Message integrity error (krb_rd_req)
Password:
I've traced the error message to error #41 (see table in krb.h). The
error is generated in krb_rd_req in lib/krb/rd_req.c:
if (authent->length <= 0)
return(RD_AP_MODIFIED) ;
Wait, I just tried that again. The behavior is sporadic. Sometimes
it works and sometimes it doesn't -- help? I don't know if this
behavior is identical for other principals. Actually, I'm currently
the only principal in the database.
() Apollo Domain/OS SR 10.4.0.11 (DN5500, CC 6.8/6.9)
Has anyone else managed to get MIT Kerberos IV running on an Apollo? If
so, I'd like to swap notes to make sure I didn't overlook anything while
building our version. What about Version V beta?
() Suggested method for setting up 8000 Kerberos Principals?
Our cluster has way too many users:
% wc -l /etc/passwd
7816
and the staff is completely a volunteer crew so we don't
have regular hours or the capacity of a hired crew. I don't want
to sit in front of a terminal for the next few weeks while
each of these 8000 users comes down to setup their Kerberos
password. Has anyone come up with a good system? Is there
a way to just take the encrypted /etc/passwd data and dump
it into the Kerberos database?
() Kpropd
I have a copy of Bill Bryant's "Kerberos: Operation Notes" but the
concerning the use of kpropd was not written at the time of
publication. Is there a newer version that describes this?
() Uninitialized variables
******** Line 429 of "kerberos.c":
[Warning #159] Variable "lifetime" was not initialized before this use.
******** Line 514 of "kerberos.c":
[Warning #159] Variable "kerno" was not initialized before this use.
******** Line 129 of "kpropd.c":
[Warning #159] Variable "rflag" was not initialized before this use.
During the build sequence the compiler reported the above.
messages which make me suspicious. I was just wondering if this
has caused a problem with anyone's code. I'll get around to
inspecting these code segments with time but I thought someone
may have run across this already.
() ndbm/gdbm
Has anyone modified the code to use GNU dbm instead of ndbm? At our
installation it would be nice if we could use 'cp' to backup the
database without worry about the 'sparsity' of the dbm file.
() Better Apollo Support?
I thought it might be worthwhile to change rlogind so that it checks
the properties field in the registry to see if the password override
policy is excluded -- that way you could turn off the use of '.klogin'
if you needed to. I noticed there's a function call in /lib/rgylib named
'rgy_$properties_get_info()' but I don't have documentation for it.
Another Apollo thing -- has anyone changed 'login.c' so that it supports
the '/etc/d_passwd' setup?
Thanks for your time and patience
-Julian Leong
UC Berkeley Open Computing Facility
<jules@ocf.berkeley.edu>
