[1893] in Kerberos-V5-bugs
Re: patch for appl/bsd from 4/11/96 to 4/19/96
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Apr 19 15:54:50 1996
To: Doug Engert <DEEngert@anl.gov>
Cc: Sam Hartman <hartmans@MIT.EDU>, deengert@anl.gov, cc@austin.ibm.com,
krb5-bugs@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 19 Apr 1996 15:54:30 -0400
In-Reply-To: Doug Engert's message of Fri, 19 Apr 1996 11:57:27 -0500
>>>>> "Doug" == Doug Engert <DEEngert@anl.gov> writes:
Doug> Sam, I applied the patches you sent. I had a little trouble
Doug> with them, since parts of the patch were already in
Doug> ss-960411 file. I got it straight.
Sorry; looking at the CVS man pages, I should have started the patch on April 12, not April 11.
Doug> There is a bug. You added the line:
Doug> else tiocpkt_on = 0;
Thanks. I fixed this and my Emacs crashed before saving. (My
RISC/60000 ran out of swap and made a poor decision about what process
to kill.)
Doug> It should be
Doug> else tiocpkt_on = 1;
Doug> You may also wish to change getstr(... to void getstr(...
Actually, this is unnecessary. The convention of placing a
cast to void in front of some function calls was a bug fix for a very
old version of lint. With newer compilers and lints, this is not
needed.
Doug> I built the krlogind on AIX 4.1.4 using a configure with:
Doug> ../src/configure --with-cc=gcc \ --with-ccopts=" -O
Doug> -mcpu=common "\ --with-cppopts='-DAFS524
Doug> -DDO_NOT_USE_K_LOGIN -DUSE_LOGIN_F
Doug> -DLOGIN_PROGRAM=\"/bin/login\" ' \ --prefix=/krb5
Doug> I tested it using:
Doug> ./klogind -5ce -D 11111 ./klogind -5e -D 11111
Doug> And it appears to work, i.e. ss-960411 clients work with
Doug> both, Other clients fail with the -c, and K5.5 clients fail
Doug> and get the nice message.
That is good to hear..
Doug> I still question the need to turn on the selected c_lflags
Doug> and c_iflags when using the vendor's login. I would assume
Doug> that the slave pty whould have the correct defaults aready
Doug> set.
This should be true on AIX. However, it isn't true on say
Ultrix or NetBSD, where you will get the tty flags of the previous
user of the pty. Setting the flags on AIX, Solaris, etc doesn't
really hurt.
Doug> On the AIX system, when I login at the console, the
Doug> IXANY and INCLR are off. You turn them on.
I could see leaving ixany off in krlogind, although I think
newer systems tend to turn it on by default. I think you probably
want ICRNL turned on for interactive login sessions over the network.
You don't need this at the console, because you know what the newline
key generates. You are dealing with a greater variety of hardware and
remote terminal settings over the network.
Doug> The original problem was that you were turning off in
Doug> krlogind.c flags and having login.krb5 turn them back
Doug> on. When using the vendor login, these were not being turned
Doug> back on, because they were not expected to be off. ISIG was
Doug> main one.
Understood. The reason I turn these flags on when using the
vendor login is that I don't have a good idea what the pty state will
be. The designed purpose of pty_init_slave is to get the pty state
handled, leaving the calling application to deal with tty flags and
packet mode only. I realize that the current implementation of libpty
does some tty initialization in pty_init_slave. WI think we may move
more stuff into libpty as we are able to develop additional
abstractions that capture the behavior of telnetd and klogind. As we
do this, the current definition of pty_init_slave may change. I don't
want to depend on its behavior with regard to tty flags until I'm more
convinced its behavior is correct.
Yet, I need to set the tty flags on some systems. The
appropriate place to do this is currently krlogind. If we start
running into major problems with systems that by default always have
reasonable tty flags, we can add code not to set tty flags on these
systems.
Doug> Other then that things are looking great.
Doug> ~
Doug> Douglas E. Engert Systems Programming Argonne
Doug> National Laboratory 9700 South Cass Avenue Argonne, Illinois
Doug> 60439 (708) 252-5444
Doug> Internet: DEEngert@anl.gov
