[2045] in Kerberos-V5-bugs
Re: beta 6 applications don't build
daemon@ATHENA.MIT.EDU (Todd Acheson)
Tue Jun 25 16:18:09 1996
From: Todd Acheson <acheson@oak.cats.ohiou.edu>
To: Doug Engert <DEEngert@anl.gov>
Cc: krb5-bugs@MIT.EDU, "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Tue, 25 Jun 1996 16:13:45 -0400 (EDT)
Thanks for your response.
In the short term I am interested in the telent and
ftp.
I will experiment and see if I can get some DCE and
krb56 interaction going.
On Tue, 25 Jun 1996 13:35:31 -0500 Doug Engert
<DEEngert@anl.gov> wrote:
> Todd Acheson writes:
> >
> >
> > Now for the real meat and potatoes - can your version
> > V tools interact correctly with my DCE version V
> > environment?
>
> The kerberos 5 beta 6 libs and utilities will operate with a DCE
> Security server as the KDC. We have been doing this for over a year
> now using DCE 1.0.3a and DCE 1.1 on a number of different platforms.
> MIT has been very responsive to bug fixes and suggestions to
> make this work and has included most of them in K5 beta 6.
>
> In particular, DCE and K5 can share the ticket cache, thus a krlogin
> can use the cache created by the dce_login i.e the TGT and store additional
> tickets in the same cache. The krlogind can share a v5srvtab as well,
> and you can use the DCE rgy_edit kt* commands to update it.
>
> This does take adding two additional entries to the krb5.conf file in
> the libdefault section:
>
> kdc_req_checksum_type = 2
> ccache_type = 1
>
> This tells the K56 libs to use the correct checksum_type with the DCE
> security server, and to create older type caches.
>
> If you have access to the OSF RFCs, see RFC 92.0 which discuses some
> of these issues as well.
>
> >
> > I assume I may have to modify the makefile of the
> > telnetd to use the DCE kerberos V libraries. Any
> > thoughts or experience with that process?
> >
>
> No you do not want to link against the DCE kerberos libraries, as
> these are based on older versions of K5, and have different options,
> and structures. You want to use the K5.6 libs.
> >
>
> I also have a way of using a forwarded K5.6 ticket to get a DCE
> context automaticly during login using rlogin. I need to work on the
> telnetd interface, and the rsh.
>
> You can also get AFS tokens from a forwarded ticket, or a DCE context
> too.
>
> If you are interested drop me a note. I am on travel this week, so I
> may not beable to respond as quickly as I would like.
>
>
> Douglas E. Engert <DEEngert@anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (708) 252-5444
> PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
----------------------
Todd Acheson
Ohio University
614-593-0034
