[6841] in Kerberos
Install problems...help?\
daemon@ATHENA.MIT.EDU (Trever Furnish)
Wed Mar 6 20:59:38 1996
From: Trever Furnish <tfurnish@ind.net>
To: kerberos@MIT.EDU (Kerberos Mailing List)
Date: Wed, 6 Mar 96 20:45:26 EST
Hi. I'm sorry if some of (or all of) these questions seem too basic for this
list or are inappropriate in some other way, but I don't know where else to
turn. So...
We're currently running a kerberos v4 server on a sparc 2 with a xyplex
maxserver 1620 as the sole client. We've already been hacked several times
by several users apparently using the v4 randomness bug. I tried to install
the patch with the source we've got for v4, but it turns out the source files
are incomplete. :( Therefore, I see our options as either installing the
current v4 and doing the patch or installing v5beta5 and doing it's patch.
(I haven't spoken with xyplex yet to see if we can upgrade our xyplex's v4
client to v5, so I'm assuming for the moment it's not applicable. Let me know
if you know otherwise.)
Is V5 Beta 5 stable enough to be reliable? Or should I stick with V4 and a
patch? Also, I've downloaded the src for v5, but each config and make sequence
takes over an hour on the sparc 2, and so far the only one that didn't die
in the middle of the make was the plain v5 config with no options, which is
to say without the v4 compatibility we'd need for the xyplex. I would post the
typescripts of the config/make sessions that didn't work, but each is nearly a
thousand lines long...
I realize I'm not giving a lot of what may be vital info, but based on this
what would you do? Would you attempt to upgrade the xyplex to v5 and use
plain v5 or keep working on v5 with v4 compatibility or attempt to build a
new v4 server from scratch? Normally I'd have more info before I tried to
get help from a list like this one, but at over an hour for each attempt,
trial and error has become very expensive timewise. :(
Any help is, of course, greatly appreciated, and if there's more info in
particular you think I should send, please let me know. Unfortunately,
someone else set kerberos up at this site, and we haven't touched it since,
and 'fixing it with the patch' has been my first experience with it beyond
typing in my username. :(
--
Trever Furnish, Talk: tfurnish@jefferson.ind.net _ _
trever@ind.net, WWW: http://dialin.ind.net/~tfurnish `v`
School:317.278.6330 Work:317.263.8999 Home:812.873.6867 FAX:317.263.8831 \_/
INDnet NOC There is no knowledge that is not power. U
