[2689] in Kerberos-V5-bugs
krb5-admin/392: operation of v5passwdd undocumented
daemon@ATHENA.MIT.EDU (sklower@CS.BERKELEY.EDU)
Tue Mar 11 23:17:08 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, sklower@CS.BERKELEY.EDU
Date: Tue, 11 Mar 1997 20:13:12 -0800 (PST)
From: sklower@CS.BERKELEY.EDU
Reply-To: sklower@CS.BERKELEY.EDU
To: krb5-bugs@MIT.EDU
>Number: 392
>Category: krb5-admin
>Synopsis: operation of v5passwdd undocumented
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: open
>Class: doc-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Mar 11 23:14:00 EST 1997
>Last-Modified:
>Originator: sklower@CS.BERKELEY.EDU Administrator
>Organization:
Computer Science Department, UC Berkeley.
>Release: 1.0
>Environment:
System: BSD/OS circe.CS.Berkeley.EDU 2.1 BSDI BSD/OS 2.1 Kernel #7: Thu Oct 31 16:48:20 PST 1996 hodes@terrorism.cs.berkeley.edu:/disks/barad-dur/roboline/PC/src.2.1/sys/compile/BS_MOBILEIP WILDBOAR APM/PCMCIA Driver (WB960224) i386
>Description:
There is no description of the entry in /etc/inetd.conf
of how to run a V4 compatible server for programs like
v4kpasswd or BSD/OS passwd program.
>How-To-Repeat:
Reading the FM's. Inspecting the manual pages.
There is no manual page for v5passwdd.
>Fix:
Write a manual page for v5passwdd.
Add additional text to Chapter 3 of "Upgrading to Kerberos V5
from Kerberos V4" that indicates it is necessary to change the
line in inetd.conf from
kpasswd stream tcp nowait root /usr/libexec/kpasswdd kpasswdd
to
kpasswd stream tcp nowait root /usr/local/sbin/v5passwdd =>
v5passwdd -m
and that it is necessary (but apparently not sufficient)
to add the principals
changepw/{REALM}@REALM
kpasswd/<server>@REALM
to the kerberos database.
Merely doing so didn't get it completely working however.
>Audit-Trail:
>Unformatted: