[637] in Kerberos
release 1.0: random comments and questions
daemon@TELECOM.MIT.EDU (Paul M. Aoki)
Mon Jan 30 13:57:11 1989
From: aoki%faerie.Berkeley.EDU@BERKELEY.EDU (Paul M. Aoki)
To: kerberos@ATHENA.MIT.EDU
People,
I unpacked the distribution on Wednesday night and, mere hours later,
realm POSTGRES.BERKELEY.EDU was up and running, served by
faerie.Berkeley.EDU (Sun 3, SunOS 3.5). I have a few random notes and
questions based on my experiences from the last few days:
0. Is there a SOP for arranging for interrealm authentication with
ATHENA.MIT.EDU? I am told you can do it by pestering the right
people in E40, but ..
1. The following should be added to the top of slave/kprop.c for the
benefit of us poor sods still running 4.2 variants:
> #ifndef MAXHOSTNAMELEN
> #define MAXHOSTNAMELEN 64
> #endif
I mention this only because this was the *only* code I had to
change in the entire system. *Super* job!
2. It should be mentioned in the installation instructions that
"rcmd.host" is what you need to tell the server about to run the
r-commands. I figured it out from the error messages and source ..
I think that's the sole gap in what is otherwise a totally
idiot-proof installation process.
3. I have a problem with appl/bsd/rsh. If I say:
/usr/athena/rsh faerie
nothing happens; no ticket request gets made, and eventually the
connection times out. However,
/usr/athena/rsh faerie ls
and
/usr/athena/rlogin faerie
work.
Kevin Fall kerberized the 4.4BSD r-commands and has them working on
okeeffe (the BSD development machine). However, I can't get them
to talk to my r-commands. This is really annoying considering that
the interrealm authentication to CS.BERKELEY.EDU works! It's just
the IPC gunk that's messed up. Grrrr ..
Anyway, if anyone else has run into the above problems (esp. Sun
users) I'd appreciate hearing from you.
4. Oh, yes, and there's a serious problem in kinit.c. Line 104 should
be:
> printf(KRB_BANNER, buf);
and include/krb.h should contain:
> #define KRB_BANNER "Local \"MIT Project Athena\" wanna-bes (%s)\n"
or somesuch .. since the other site-dependent stuff is in krb.h ..
:-) :-)
5. Speaking of kinit .. how do *you* prevent fake-o kinit/login
programs? Since the source is out there, it's easy to recompile
with a des_read_pw_string() that logs what it reads.
6. There appear to be places (e.g., the handling of realm names) where
use of strcasecmp() would be useful. Put less tactfully: having
case-sensitive realm names seems silly.
The mailing list has been awfully quiet these last few days. Is
*everyone* busy playing with their new toy?
----------------
Paul M. Aoki
CS Division, Dept. of EECS // UCB // Berkeley, CA 94720 (415) 642-1863
aoki@postgres.Berkeley.EDU ...!ucbvax!aoki