[5987] in Kerberos
Re: Kerberos 5b5 and Solaris2.4
daemon@ATHENA.MIT.EDU (Soonam Kahng)
Thu Oct 12 18:26:45 1995
From: soonam@isse.gmu.edu (Soonam Kahng)
To: kerberos@MIT.EDU
Date: Thu, 12 Oct 1995 18:16:01 -0400 (EDT)
In-Reply-To: <9510112047.AA06069@isse.gmu.edu> from "Soonam Kahng" at Oct 11, 95 04:47:49 pm
>
> Hello again;
>
> I am sorry for so many questions on this mail list.
> But I really can not install Kerberos 5b5 at Solaris2.4
>
Thank you everyone who sent me the reply.
Finally I installed and it works well. here is my summary and I hope
this helps who will install kerberos with Solaris2.4
## How to install Kerberos 5b5 with Solaris2.4 ##
Problems and error messages
1.kcmd: krb5_sname_to_principal failed: Bad nameset passed to query routine
rsh: kcmd to host list failed - Unknown code ____ 255
2."/sclient: Bad nameset passed to query routine while creating server
name for <my server>" ..
3. tty is not set properly
4. some error messages while compileing and installing
What I did.
1. I installed "dejagnu" first. (available from prep.ai.mit.edu /pub/gnu)
I strongly recommand to install this. This program tests your kerberos
automatically without installing.
2. get patch file from ANL.(ftp://achilles.ctd.anl.gov/pub/kerberos.v5/)
I got k55.cdiff.951008 and patched.
3. I patched recvauth.c file with the patch I got on mail list.
(Thank you Sam Hartman <hartmans@MIT.EDU> )
I appended the patch at end of this mail.
4. Make few links at source directory.
cd <project_root> which is parent directory of "src/"
ln -s src/configure
cd src/appl
ln -s ../include
ln -s ../lib
ln -s ../util
ln -s ../config
4.1 In my case I replaced "bind" with "bind-4.9.3" what I got from
ftp://ftp.cic.net/pub/Software/unix/DNS/
but I am not sure about this. You may be able to install and run
kerbros without this step.
5. Do "src/configure --with-cc=gcc --with-ccopts=-i"
6. make
7. make check ( at this time if you installed "dejagnu" it runs serveral
test routines. Cool! and lot of saveing time)
8. From Step 7. You would get error messages from "resolv" check.
You have to change "/etc/hosts" and "/etc/nsswitch.conf" files.
You have to write "full qulified domain host name FIRST in "hosts"
table. remove "nis or nisplus entries from /etc/nsswitch.conf.
<my /etc/hosts>
127.0.0.1 localhost
129.174.144.20 list.gmu.edu list loghost
<my /etc/nsswitch.conf>
#hosts: nisplus files dns [NOTFOUND=return]
hosts: files dns [NOTFOUND=return]
If you didn't kerberos doesn't work and get error message 1 and 2
But in my case I have replace "bind and other files" I didn't get
error messages. (it makes the problem worse in my case :)
Also, you can check src/tests/dejagnu/krb.log and figure out
what is going on. There should not any "FAIL" message. "UNTESTED"
is OK.
9. Install your compiled kerberos. You may get some error messages
if you didn't make link (Step 3)
10. Create configure file (/etc/krb5.conf) and modify "/etc/inetd.conf"
and "/etc/services". for detail please see Lenny's web page (Thank you!)
http://ubvms.cc.buffalo.edu/ftp/kerberos_5/install_info/install_notes.txt
11. When you modify "/etc/services" file, don't forget to comment out
kerberos there. Solaris2.4 has kerberos clients.
12. I recommand you to test kerberos by putting everything
(KDC,server,clients) on one machine, first.
if it works, you have almost done 90 %.
13. Install clients to remote hosts and set server configuration at
server machine.
If you have error at this step. Please check /etc/host and
/etc/nsswitch.conf.
I spent so much time at this step.
FULL qulified domain host name must be first entry in /etc/host
run DNS instead of NIS or NIS+ for resolving host name.
put "search <your realm> " at your "resolv.conf" file.
14. Thank you again all people on net who helped to solve my trouble
and authors of kerbors web pages.
<Soonam>
soonam@isse.gmu.edu
--------------cut-----------------cut-------------------------------
RCS file: /mit/krb5/.cvsroot/src/lib/krb5/krb/recvauth.c,v
retrieving revision 5.23
retrieving revision 5.24
diff -c -5 -r5.23 -r5.24
*** recvauth.c 1995/06/12 21:41:23 5.23
--- recvauth.c 1995/07/02 23:22:04 5.24
***************
*** 186,195 ****
--- 186,200 ----
const char *message;
memset((char *)&error, 0, sizeof(error));
krb5_us_timeofday(context, &error.stime, &error.susec);
error.server = server;
+
+
+
+
+
error.error = problem - ERROR_TABLE_BASE_krb5;
if (error.error > 127)
error.error = KRB_ERR_GENERIC;
message = error_message(problem);
error.text.length = strlen(message) + 1;
***************
*** 206,226 ****
} else {
outbuf.length = 0;
outbuf.data = 0;
}
! if (!problem) {
! retval = krb5_write_message(context, fd, &outbuf);
! if (outbuf.data)
! krb5_xfree(outbuf.data);
! if (retval)
! goto cleanup;
! } else {
/* We sent back an error, we need cleanup then return */
retval = problem;
goto cleanup;
}
/* Here lies the mutual authentication stuff... */
if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
return(retval);
--- 211,229 ----
} else {
outbuf.length = 0;
outbuf.data = 0;
}
! retval = krb5_write_message(context, fd, &outbuf);
! if (outbuf.data) {
! krb5_xfree(outbuf.data);
/* We sent back an error, we need cleanup then return */
retval = problem;
goto cleanup;
}
+ if (retval)
+ goto cleanup;
/* Here lies the mutual authentication stuff... */
if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
return(retval);
