[2693] in Kerberos-V5-bugs
Re: krb5-admin/392: operation of v5passwdd undocumented
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Wed Mar 12 00:57:57 1997
Date: Wed, 12 Mar 1997 00:55:59 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, sklower@CS.BERKELEY.EDU
Cc: bjaspan@MIT.EDU, gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: sklower@CS.BERKELEY.EDU's message of Tue, 11 Mar 1997 23:14:02
-0500, <199703120414.XAA27875@rt-11.MIT.EDU>
Date: Tue, 11 Mar 1997 20:13:12 -0800 (PST)
From: sklower@CS.BERKELEY.EDU
>Description:
There is no description of the entry in /etc/inetd.conf
of how to run a V4 compatible server for programs like
v4kpasswd or BSD/OS passwd program.
>How-To-Repeat:
Reading the FM's. Inspecting the manual pages.
There is no manual page for v5passwdd.
>Fix:
Write a manual page for v5passwdd.
Add additional text to Chapter 3 of "Upgrading to Kerberos V5
from Kerberos V4" that indicates it is necessary to change the
line in inetd.conf from
kpasswd stream tcp nowait root /usr/libexec/kpasswdd kpasswdd
to
kpasswd stream tcp nowait root /usr/local/sbin/v5passwdd
Errr.... no. v5passwdd is **not** the V4 compatible server. It
implements the "simple Kerberos password changing protocol" that was
used in earlier Beta releases of Kerberos V5, and by the Windows and
Macintosh kpasswd programs. v5passwdd also should not be run out of
/etc/passwd, as it listens on a port all by itself.....
If you're trying to get things going initially, you should ignore
v5passdd for now.
The V4 compatible server is called kadmind4, and is the program whose
sources live in src/kadmin/v4server.
I admit that the number of administration servers, and clients, for
various V4 and V5 compatibility purposes are a bit confusing, and we
should straighten things out. A large part of your frustration appears
to jumping to conclusions a bit too quickly, which also didn't help.
- Ted