[6392] in Kerberos
Re: Service tickets for K4 login with K5 server
daemon@ATHENA.MIT.EDU (Paul Pomes)
Thu Dec 21 10:18:56 1995
To: kerberos@MIT.EDU
Date: 21 Dec 1995 14:32:41 GMT
From: P-Pomes@Qualcomm.com (Paul Pomes)
frnkzk@ (Kevin Kane) writes:
>I am using a K4-based login program, but have a K5 KDC. I cannot do a
>root login from the console, so I am guessing that something is wrong
>with service tickets (much like ksu will not work if there is no host
>ticket in /etc/v5srvtab). But I can't seem to find where to put this
>stuff. I've tried using v5 and v4 srvtabs, but no dice. Can anyone
>tell me what ticket I need to make in the principal database, whether
>to extract it as v5 or v4, and where to put it? Many thanks.
I tried posting this yesterday, but our server was full....
I recently completed my struggle getting our v4 clients working again under
V5 beta 5. First I had to fix kdb5_edit.c to write a unsigned char for
the kvno value in extract_v4_srvtab() instead of a int. After that I re-
extracted the srvtab files. All was still not well. Any service key updated
with ksrvutil from the CNS distribution had very large key version numbers
as shown by the kdb5_edit show command. These service entries had to be
deleted and re-created to get the key version number to a sane value.
Moral: fix kdb5_edit, don't use ksrvutil.
/pbp
====
*** kdb5_edit.c 1995/12/05 21:14:24 1.2
--- kdb5_edit.c 1995/12/20 14:48:47
***************
*** 765,770 ****
--- 765,772 ----
return;
}
for (i = 2; i < argc; i++) {
+ unsigned char kvno;
+
/* iterate over the names */
pname = malloc(strlen(argv[1])+strlen(argv[i])+strlen(cur_realm)+3);
if (!pname) {
***************
*** 823,829 ****
fwrite(argv[i], strlen(argv[i]) + 1, 1, fout); /* p.name */
fwrite(argv[1], strlen(argv[1]) + 1, 1, fout); /* p.instance */
fwrite(cur_realm, strlen(cur_realm) + 1, 1, fout); /* p.realm */
! fwrite((char *)&dbentry.kvno, sizeof(dbentry.kvno), 1, fout);
fwrite((char *)key.contents, 8, 1, fout);
printf("'%s' added to V4 srvtab '%s'\n", pname, ktname);
memset((char *)key.contents, 0, key.length);
--- 825,832 ----
fwrite(argv[i], strlen(argv[i]) + 1, 1, fout); /* p.name */
fwrite(argv[1], strlen(argv[1]) + 1, 1, fout); /* p.instance */
fwrite(cur_realm, strlen(cur_realm) + 1, 1, fout); /* p.realm */
! kvno = (unsigned char) dbentry.kvno;
! fwrite((char *)&kvno, sizeof(kvno), 1, fout);
fwrite((char *)key.contents, 8, 1, fout);
printf("'%s' added to V4 srvtab '%s'\n", pname, ktname);
memset((char *)key.contents, 0, key.length);
--
Ever been sued for patent infringement?
You will!
And the company that will stick it to you?
RSA. -- Hal Finney <hfinney@shell.portal.com>
