[2174] in Kerberos-V5-bugs
Re: Documentation lacking questions.
daemon@ATHENA.MIT.EDU (Randall S. Winchester)
Tue Aug 20 17:21:11 1996
Date: Tue, 20 Aug 1996 17:20:18 -0400 (EDT)
From: "Randall S. Winchester" <rsw@Glue.umd.edu>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, "Randall S. Winchester" <rsw@Glue.umd.edu>
In-Reply-To: <tslwwyugdb3.fsf@tertius.mit.edu>
On 20 Aug 1996, Sam Hartman wrote:
: >>>>> "Randall" == "Randall S Winchester" <rsw@Glue.umd.edu> writes:
:
: Randall> kadmind5: cannot get service entry for kpasswd (Error 0).
: Randall> Segmentation fault
:
: I would guess this probably can be found in osconf.h or one of
: the kadmin include files as a #define. Also, you can look at krb.log
: in tests/dejagnu after running make check.
:
Thanks, I added the following to /etc/services;
kpasswd 464/tcp
kpasswd 464/udp
Which ever is correct should be added to config-files/services.append.
Otherwise change the source to look at the defined variables in adm.h as;
/*
* Kerberos V5 Change Password service name
*/
#define KRB5_ADM_SERVICE_NAME "kpasswd"
#define KRB5_ADM_DEFAULT_PORT 464
I also found a bug in kadmind5, where it will not take the -s option. A
simple diff follows:
diff -r1.1 srv_main.c
48c48
< static const char *getopt_string = "a:d:e:k:l:mnp:r:t:D:M:T:";
---
> static const char *getopt_string = "a:d:e:k:l:mnp:r:s:t:D:M:T:";
51c51
< static const char *getopt_string = "a:d:e:k:mnp:r:t:D:M:T:";
---
> static const char *getopt_string = "a:d:e:k:mnp:r:s:t:D:M:T:";
: If you want to enable MD5, set the md5 bit on all the
: principals in the database, and add des-cbc-md5 before des-cbc-crc on
: the two enctypes lines in krb5.conf. (just `des' stands for
: des-cbc-md5.)
: Right, you need to set the md5 bit on the principal using the
: modify command of kdb5_edit. You should also set the md5 bit on the
: server principals you plan on using--especially krbtgt.
Thanks, that worked, but I also noticed that I had to kinit again before I
could use kpasswd. I got the following error:
aria:/usr/local/krb5/bin; ./kpasswd
Enter old password:
Enter new password:
Re-enter new password:
./kpasswd: error (Password mismatch) reading passwords.
I tried a couple time to make sure I typed it in correctly as this is a
confusing error message.
:
: If you relaly need to get des3 running now, I can give you the
: necessary incantations; I'm using it and it does work once you apply
: the SHS endianness patch, but you may not be able to use your keys
: with future releases of Kerberos.
I would appeciate these "incarnations", thanks! I do not care about
compatability at this time as I only want to run some timing experiments.
A large goverment agency (outside the university) is looking at using
Kerberos and encryption across the country and wants to know what sort of
thruput delays to expect with various encryption types.
Thanks again!
Randall
