[1871] in Kerberos-V5-bugs
Re: K5B5 on AIX 4.1.4
daemon@ATHENA.MIT.EDU (Doug Engert)
Mon Apr 15 14:30:51 1996
Date: Mon, 15 Apr 1996 13:30:31 -0500
From: Doug Engert <DEEngert@anl.gov>
To: "Theodore Ts'o" <tytso@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: <9604122136.AA05181@dcl.MIT.EDU>
Ted,
Thanks for the new snapshot, ss-960411.tar.gz. I configured and built
it over the weekend, and tried it this morning.
Without changing any of the source, I configured the ss-960411.tar.gz
on AIX 4.1.4 using:
../src/configure --with-cc=gcc --with-ccopts= -O -mcpu=common
--with-cppopts=-DAFS524 -DUSE_LOGIN_F --prefix=/krb5
This is using gcc 2.7.2. The -DAFS524 -DUSE_LOGIN_F defines are for
some additional changes which I had in the ss-962301 but have not
added to the new snapshot. (I used my old config script.)
I then modified the Makefile to only build the "SUBDIRS = util include lib
krb524 clients appl tests config-files ", as these are the components
needed for use with DCE.
It all compiled.
The kinit, klist and rlogin work. (You changed the names of the
krlogin to rlogin which was a surprise!)
The name of the krlogind was also changed, as well as its options.I
can see changing krlogin to rlogin but why krlogind to klogind???
I tested the klogind and it *HUNG* the machine, requiring a reboot!
This is the same problem I had with the ss-962301 snapshot, it appears
that on AIX 4.1.4 the login.krb5 has a problem.
The solution I used on the AIX 4.1.4 and HPUX 10.0 for this problem
with ss-962301 was to use the vendor's login program, by adding the
USE_LOGIN_F and modifying the krlogind.c code. I sent these
modification in on March 15, "ss-962301 - krlogind and other fixes"
> ./src/appl/bsd/krlogind.c - The AIX 4.1.4 system would crash somewhere
> in login.krb5. Rather then debuging login.krb5, I would rather see the
> vendor's login used if possible.
> The AIX and HP systems both support "login -f -p", and so ifdefs were
> added for USE_LOGIN_F (which was manually added during the configure)
> to use the vendor's login. This requires passing the terminal type as
> an environment variable, rather then via the input stream, and skipping
> a number of changes to the terminal.
Depending on when you plan on releasing the K5.6 (You said in your
note, possibly one or two weeks), if these changes could be included
I will get you new versions ASAP. If not, I will wait for the K5.6 to
add these mods.
Let me know what you would like.
In addition to the hang of the machine, I am adding the capability
of inserting a module or two between krlogind and login*. These are
the k5dcelogin and k5afslogin. Krlogind exec's the k5dcelogin which
uses a forwarded ticket to get the DCE context. It then exec's the
k5afslogin which will use the forward ticket, or DCE context to get
an AFS token. It then exec's login or login.krb5.
I have not done this yet for krshd, but would like change the
k5dcelogin and k5afslogin so they would work with with both.
These are separate modules to avoid linking problems with the DCE and
K5 libs. Since they both have the same named routines, with different
parameters, they can't be in the same module.
The other main set of changes which I made and were not included were
in the krb524 files. There were some change to use a newer version of
the sendmsg.c which was copied from the send_to_kdc.c code. This works
on multi-homed servers and allows for replicated krb524ds. This
required changes to a number of other routines since sendmsg.c now
loops thru all the possible addresses to try. You should consider
adding these changes.
The other change to krb524 was to map a K5 ticket for
"afsx/afs.cell.name@K5.realm" to "afs@afs.cell.name" and encrypt it in
the key from a copy of the AFS KeyFile. This is used with the modified
aklog, which is called from the k5afslogin above.
If there is anything I can do which would help in the release of the
K5.6 package, let me know.
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
