[27] in Kerberos-V5-bugs
re: Diffs to krb5 alpha1.
daemon@ATHENA.MIT.EDU (John T Kohl)
Thu Oct 18 12:02:26 1990
Date: Thu, 18 Oct 90 11:22:18 -0400
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: krb5-testers@ATHENA.MIT.EDU, sommerfeld@apollo.com
Cc: raeburn@ATHENA.MIT.EDU
In-Reply-To: [23]
Bill, thanks for the patches. Here is a quick status, plus some
comments. Things I'd like feedback are delimited by ***'s.
>Changed files:
>
> appl/sample/sclient/sclient.c {auth_data}
> appl/sample/sserver/sserver.c {auth_data}
I'd prefer not to make the "standard samples" be too complicated; in the
normal case I don't think people will be playing with auth_data.
However, I _would_ like to see an additional sample client which plays
with all the various protocol elements.
> asn.1/encode.h {auth_data}
>[changes for const krb5_pointer stuff, and changes to
>encode_krb5_tgs_req_enc_part()]
Does const void * differ from void const *? If not, why define
krb5_const_pointer rather than using const krb5_pointer?
The tgs_req stuff has changed significantly since alpha1 went out; the
code we are currently using purports to implement the specification of
draft 3.
> clients/kinit/kinit.c {portability}
patched.
> comerr/com_err.c {portability mess}
> comerr/com_err.h {portability mess}
> comerr/internal.h {portability mess}
Referred to the "owner" of com_err, who will integrate.
> include/krb5/ccache.h {auth_data}
patched
> include/krb5/krb5.h {auth_data, port. mess}
I've added authdata to the creds structure.
*** I'd like opinions from others on whether we should worry about compiler
warnings of structure alignments ***
> include/krb5/asn.1.h {portability mess}
> include/krb5/error_def.h {portability mess}
The include file ".." problem can be quite troublesome. Remember we
can't depend on symlinks being available (the cray folks have already
moaned about this), and all the include files that a user application
sees should be somewhere under <krb5/...>. If we can't use the ..
names, then we should move the include files to include/krb5/asn.1/
The error table include files present a pernicious problem, since they
are generated files which probably want to be under the include
hierarchy, but the sources to the error tables want to be in the library
directory.
*** Any suggestions, folks? ***
> include/krb5/wordsize.h {allow include of krb5.h w/o special defs}
I'm not sure that defaulting to BITS32 is quite right, but neither is
defaulting to BITS16 or BITS64 or ....
*** suggestions/comments? ***
> kdc/kdc_util.c {auth_data}
> lib/ccache/file/fcc_nseq.c {auth_data}
> lib/ccache/file/fcc_read.c {auth_data}
> lib/ccache/file/fcc_retrv.c {auth_data}
> lib/ccache/file/fcc_store.c {auth_data}
> lib/ccache/file/fcc_write.c {auth_data}
> lib/krb/gc_via_tgt.c {auth_data}
> lib/krb/get_creds.c {auth_data}
> lib/krb/send_tgs.c {auth_data}
patched.
> lib/os/sendto_kdc.c {allow multihomed kdcs}
The existing code will pick up all the "homes" of a KDC as long as
gethostbyname() returns all such addresses.
*** Perhaps we should not restrict the address comparison search to only
the last n-1 hosts, but allow it to match any of the KDC's? ***
[also, remember this stuff is in libos/, and so there can be some
flexibility between implementations here]
> lib/rcache/rc_dfl.h {portability}
already patched.
