[2044] in Kerberos-V5-bugs
Re: beta 6 applications don't build
daemon@ATHENA.MIT.EDU (Doug Engert)
Tue Jun 25 14:35:50 1996
Date: Tue, 25 Jun 1996 13:35:31 -0500
From: Doug Engert <DEEngert@anl.gov>
To: Todd Acheson <acheson@oak.cats.ohiou.edu>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krb5-bugs@MIT.EDU
In-Reply-To: <SIMEON.9606250810.A@muahost.oak.cats.ohiou.edu >
Todd Acheson writes:
>
>
> Now for the real meat and potatoes - can your version
> V tools interact correctly with my DCE version V
> environment?
The kerberos 5 beta 6 libs and utilities will operate with a DCE
Security server as the KDC. We have been doing this for over a year
now using DCE 1.0.3a and DCE 1.1 on a number of different platforms.
MIT has been very responsive to bug fixes and suggestions to
make this work and has included most of them in K5 beta 6.
In particular, DCE and K5 can share the ticket cache, thus a krlogin
can use the cache created by the dce_login i.e the TGT and store additional
tickets in the same cache. The krlogind can share a v5srvtab as well,
and you can use the DCE rgy_edit kt* commands to update it.
This does take adding two additional entries to the krb5.conf file in
the libdefault section:
kdc_req_checksum_type = 2
ccache_type = 1
This tells the K56 libs to use the correct checksum_type with the DCE
security server, and to create older type caches.
If you have access to the OSF RFCs, see RFC 92.0 which discuses some
of these issues as well.
>
> I assume I may have to modify the makefile of the
> telnetd to use the DCE kerberos V libraries. Any
> thoughts or experience with that process?
>
No you do not want to link against the DCE kerberos libraries, as
these are based on older versions of K5, and have different options,
and structures. You want to use the K5.6 libs.
>
I also have a way of using a forwarded K5.6 ticket to get a DCE
context automaticly during login using rlogin. I need to work on the
telnetd interface, and the rsh.
You can also get AFS tokens from a forwarded ticket, or a DCE context
too.
If you are interested drop me a note. I am on travel this week, so I
may not beable to respond as quickly as I would like.
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
