[1894] in Kerberos-V5-bugs
Re: ss-960411 Checksum Problems
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Fri Apr 19 17:17:37 1996
Date: Fri, 19 Apr 1996 17:17:24 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, Sam Hartman <hartmans@MIT.EDU>,
Doug Engert <DEEngert@anl.gov>, krb5-bugs@MIT.EDU, raeburn@cygnus.com
In-Reply-To: Sam Hartman's message of 18 Apr 1996 18:18:37 -0400,
<tslybntnpky.fsf@tertius.mit.edu>
Sam,
My main concern is that of complexity to system administrators.
We really have too many options already, and no good documentation
explaining what the heck any of them do. This is bad. As long as
there's good, "chatty" documentation explaining how people should
configure their krlogin server, I suppose I could live with one more
option that controlled whether or not we verified the checksum ---
although we need to explain to people how all of these options interact
with one another.
> I think it's perfectly reasonable to warn about a combination
>of options that is internally inconsistent. I.E. my point is that the
>combination -54c is equivelent to -54, because you do not gain any
>additional security over -54 if checksums are validated when present.
>I realize that backward compatability makes this difficult, and
>requires this to be rethought, but I argue that under the old
>code, -54c was almost certainly a user error. It is reasonable to
>warn users that they should rethink their options and settle on -5c or
>-54, but not try to combine basically incompatible operating modes.
The problem with your old code was that it was printing that warning
message even when you didn't allow any backwards compatibility, AND the
checksum was being validated, AND the checksum valid. So it was warning
about a non-existent problem.
- Ted
