[1782] in Kerberos-V5-bugs
Re: AIX 3.2.5 porting notes/fixes
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Jan 18 21:13:51 1996
Date: Thu, 18 Jan 1996 21:13:35 -0500
From: Sam Hartman <hartmans@MIT.EDU>
To: Mark Carson <carson@cs.umd.edu>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: "[1744] in Kerberos-V5-bugs"
Thanks for the bug report; I had gone through and fixed most
of these previously, but you pointed out a few things I missed. >>>>> "Mark" == Mark Carson <carson@cs.umd.edu> writes:
Mark> Notes: 1. I did some minimal testing of these same changes
Mark> on AIX 3.2, and they seem to work there too. I haven't yet
Mark> tried anything on AIX 4.1.
This agrees with my experience. Unfortunately, If
you have AIX4, you notice an interesting problem with the telnet and
rlogin daemons after the next release. We have very limited access to
AIX4 machines, and so far I have been unable to track things down.
Mark> 4. In particular, even though AIX 3.2.5 supports streams,
Mark> you're better off not using the streams-dependent code. I
Mark> didn't take the time to figure out how to get configure not
Mark> to define HAVE_STREAMS, but just eliminated it manually.
Mark> (The files involved are src/appl/bsd/krlogin.c and
Mark> src/appl/bsd/krlogind.c.)
Noted; I hardwired AIX3 to avoid streams. Under AIX4, it
doesn't matter whether I use streams or not, the compiles either ways
and locks up eventually.
Mark> 6. The install program in /usr/ucb is BSD-compatible and
Mark> works just fine for the install. This is fortunate, since
Mark> the Makefiles configure built didn't always have the path to
Mark> the install-sh script right. (I didn't investigate what the
Mark> problem was.)
We now use a consistent path to install.sh so this works even
if the user doesn't have /usr/ucb/install in their path.
Mark> 7. I also enabled telnet encryption in my build.
There are some serious problems with doing this under beta5.
Make sure the traffic going over the wire is actually encrypted and
also use the encrypt status command. It is fairly easy to get
unidirectional encryption if you aren't careful.
Besides these bugs, the the telnet encryption is something we
strongly encourage people not to use it until a new standard is
proposed that is more secure. The rlogind in the next release should
do much better terminal and utmp handling, and its encryption is
secure.
Mark> Code changes (in addition to those reported previously):
Apparently, either not defining _BSD or applying recent PTFs
fixed your problems with system header files as I did not encounter
them.
--Sam Hartman,
Mit Kerberos Team
