[5737] in Kerberos
Re: login.krb5 on Solaris 2.4
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sat Aug 19 04:18:56 1995
To: ramus@nersc.gov (Joe Ramus)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "Fri, 18 Aug 1995 16:24:59 PDT."
<9508182324.AA19872@windsail.nersc.gov>
Date: Sat, 19 Aug 1995 04:06:45 EDT
From: Sam Hartman <hartmans@MIT.EDU>
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Joe" == Joe Ramus <ramus@nersc.gov> writes:
Joe> Perhaps we have some configuration setup wrong on our Solaris
Joe> 2.4 build for Kerberos 5.5. We are able to use the K5.5
Joe> telnet & telnetd to do an authenticated login. But we note
Joe> some problems with the environment.
Question: when you use rlogin to the same machine (either
encrypted or just authenticated), does the utmpx entry get created
properly? It looks as if telnetd is creating the wrong entry, but
this really doesn't surprise me at all. (See below--we do actually
plan on fixing this)
Joe> data.
Joe> %% logname .telnet
Joe> When we build and install, we create the files
Joe> /krb5/sbin/telnetd /krb5/sbin/login.krb5
Joe> I find that telnetd is using /krb5/sbin/login.krb5 instead of
Joe> /bin/login.
Joe> Questions:
Joe> 1. Should we use /bin/login or login.krb5 ?
Yes, you should probably use one of these. Kerberos compiles
default to login.krb5, which really doesn't do much that is
particularly useful besides provide a uniform interface for bypassing
password authentication. If you can (using the appropriate defines,
available both in rlogind and telnetd) use the system-supplied rlogin,
you may be somewhat happier with the result, for the time being.
Work needs to be done on login.krb5 so that it handles
environment variables better (this bites especially under AIX where
ODMDIR is not set) but causes problems under other operating systems.
Also, it would be nice if login.krb5 (as login.krb under v4) actually
got you tickets if you gave it a password. In short, login.krb5
doesn't do what it should right now.
Joe> 2. If login.krb5 is the correct choice, can we set some
Joe> #defines in order to get the the proper updating of
Joe> /var/adm/wtmpx and the correct environment settings.
The utmp and pty handling in beta6 for telnetd, rlogind and
login.krb5 has been combined into one library, borrowing code mostly
from rlogind (with a lot of hacking to the pty code), but the utmp
handling code was taken almost directly from logutil.c with a few
interface modifications. If the utmp, utmpx, wtmpx, or wtmp handling
in rlogind and login.krb5 (but decidedly *not* telnetd) fails, or if
the combination of rlogind plus your system login does strange things
to utmp, we would like to know about it as it's likely the problem
isn't fixed in our sources.
This, especially, is an area where we want to avoid operating
system dependencies if at all possible. Currently, there are no
dependencies in the utmp code on symbols like sun or _AIX; instead we
depend on the existance of utmpx handling functions, the existances of
ut->ut_pid, etc, etc.
I.E. It would be useful if problem reports in this area could
include both a poartable way of distinguishing your system's behavior
from others, as well as an explanation of what your system normally
does and how our code breaks. I realize that while identifying the
nature of the problem, who may not initially have answers to all
these; but we will eventually have to answer these questions in order
to fix the problem.
Joe> ----------------------------------------------------------------
Joe> | Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
Joe> ----------------------------------------------------------------
- --Sam
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMDWbfEJYVPVo3rXRAQHkCQf/XHo+mcuvj8Ci8jGCGmheNu4eaXcASbo+
g5j0uHVw8wbeDJS2L1lfio1PFa3dxHKtwNhCiBakgmq4NDTkcC3edAJLWXSWvepN
PpkKbbh0CiZVAo2k9rFmMTkC74/C/YBWWC1+iMmuFDg0nOispefm4CGDiYpC1lQJ
e+xs81NGYooc9jShxPMb7Jox8wmQ2K6pE962YZEhqfNXSgBgHsLtOjOO5PMpx45b
/r1531Z4wjl+lQM8qzQ7xU1TCPV8udnwzNrd6S/Bb25rV8PlkJll8qiBeW39OVlX
v7zy6KGWKbipLPZ6gDpMmEVvvsmvz8DpwyHFR7ubOcbYzRst2UxncQ==
=UX8T
-----END PGP SIGNATURE-----
