[1055] in Kerberos-V5-bugs
Re: Gripe about apparent braindamage in krb5b4.3 kdb_edit xst4
daemon@ATHENA.MIT.EDU (Jonathan Stone)
Thu Jan 26 23:58:13 1995
Date: Thu, 26 Jan 1995 20:58:04 -0800
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
To: krb5-bugs@MIT.EDU
Cc: kjd@dsg.stanford.edu, jonathan@dsg.stanford.edu
I wrote:
>The kdb5_util ``xst4'' command produces a v4 srvtab with an
>entry starting
>
> host^@pescadero.stanford.edu^@DSG.STANFORD.EDU^@
>
>(keys removed for paranoia, and ASCII NUL transposed to ^@) which
>doesn't work as I want. If, however, I manually edit that srvtab to
>instead start with
>
> rcmd^@pescadero^@DSG.STANFORD.EDU^@
>n
>then the V4 clients with V4 rcmd instances -- provided by the V5
>server with backward compatbility -- happily authenticate themselves
>to Pescadero, after I install the edited srvtab.
>
>>nI believe the correct thing for a krb5 utility that creats
>V4-compatible srvtabs to do is this: to special-case the principal
>name `host' in exactly the way that KRB4 backwards compatiblity does
>(i.e., map `host' to `rcmd'); and also to (perhaps optionally) strip
>anything following a period out of an instance.
I experimented, and it turns out that simply substituting "rcmd" for
"host" is sufficient for my configuration. The FQDN in the srvtab
doesn't appear to break anything. If it makes any difference, I'm
using CNS as the KerberosIV library, with telnet and telnetd
(manually) tweaked to compile and link with -DKRB and V4 libraries.
thanks again
--Jonathan Stone
Stanford DSG
