[6891] in Kerberos
V4, V5b4, or V5b5: Recommendations?
daemon@ATHENA.MIT.EDU (Trever Furnish)
Thu Mar 14 17:34:34 1996
From: Trever Furnish <tfurnish@ind.net>
To: kerberos@MIT.EDU (Kerberos Mailing List)
Date: Thu, 14 Mar 96 17:10:48 EST
Hi,
I'm still in the "just starting" phase of my experience with kerberos, but I
need to make a decision regarding which version of kerberos to install.
Here's the situation. We run one kerberos 4 client, a xyplex server, with
one master v4 server. The source used for the current v4 server is older than
the current, final v4 release, and it's not all there. (I didn't install it. -
I'm cleaning up after the person who did. :( ) We've been hacked several
times by someone apparently using the randomness bug in v4, but when I
attempted to install the patch for v4, it failed because not all the source is
there.
So now, I see our options as: 1) install the final release of kerberos V4 and
apply the randomness patch, 2) install one of the V5 betas in V4 compatibility
mode, or 3) install one of the V5 betas in V5 mode and upgrade the Xyplex
client to an OS that supports both V5 and V4.
So far, I've downloaded V4 and V5b5. With several different attempts at
compiling the V5b5 server, I've only been able to get V5 without v4
compatibility to build. Each build attempt takes over an hour, so trial and
error is very time consuming.
Whatever I install is most likely going to need to remain in place for at the
very least 6 months because of staffing problems. Therefore, I want something
that I can install and ignore for six months, not install, then replace to fix
problems two weeks from now.
At the moment, I'm leaning towards upgrading the Xyplex and installing V5b5,
but I've noticed several posts about problems with it, including the
"gss leak" problem recently posted about on SunOS 4.1.4 (which is what I'm
running), and I'm worried that the beta's might be too buggy to use.
So, what would you recommend? The platform for the server is a Sparc 2 running
SunOS 4.1.4 #1. Are the V5 betas stable enough to rely upon for several
months? Which one's better? Should I just stick with V4?
Your comments and suggestions are greatly appreciated.
Sincerely,
Trever
--
Trever Furnish, Talk: tfurnish@jefferson.ind.net _ _
trever@ind.net, WWW: http://dialin.ind.net/~tfurnish `v`
School:317.278.6330 Work:317.263.8999 Home:812.873.6867 FAX:317.263.8831 \_/
INDnet NOC There is no knowledge that is not power. U
