[280] in Kerberos-V5-bugs
Re: Problems with Kerberos version 5.
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Jan 16 00:07:59 1993
Date: Sat, 16 Jan 93 00:07:43 EST
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: sanjay@cerc.wvu.wvnet.edu
Cc: krb5-bugs@Athena.MIT.EDU
In-Reply-To: sanjay@cerc.wvu.wvnet.edu's message of Wed, 13 Jan 93 15:57:15 EST,
From: sanjay@cerc.wvu.wvnet.edu
Date: Wed, 13 Jan 93 15:57:15 EST
We are trying to install Kerberos (version 5) in our testbed. We just
got the source code from the ftp site athena-dist.mit.edu. I had a
few questions:
1. Is there some Installation guide that tells me how I should go about
installing Kerberos and what is the function of "ss, com_err".
No, not yet. This documentation is still very skimpy; this is one
reason why we're still in "beta test". If you're willing to write up
something documenting your experiences as you figure out how to install
things, and send it to us, that would be greatly appreciated.
'ss' is the subsystem library. If you know what Tcl is, it's very
similar to Tcl, except it's much, much simpler. Basically, it provides
the user interface used by programs like kdb5_edit.
'com_err' is the common error handling library. It provides a system
which allows various different packages to pass error codes back and
forth without needing to convert them from subsystem to subsystem, and
without requiring that a global error table be established. Basically,
the high 24 bits of a 32 bit error code identify the subsystem, while
the low 8 bits specify the subsystem specific error code. So when you
have something like "program A -> calls subsystem B -> calls subsystem C
-> calls subsystem D", subsystem D can generate an error code, which can
be passed back up through C, B, and A, and when program A receives the
error code, it can pass it to the com_err library to interpret it.
2. If I have a Kerberos client written for version 5 , will it be able to
communicate with a server thats been written for version 4.
No. There are ways that a Kerberos V5 server can be written so that it
will be able to communicate with a client written for version 4.
However, this is not easy to do right now. I am thinking about writing
some functions that will do this, hopefully automtically. However, this
has not been done yet, and I'm not sure how hard this will actually turn
out to be.
3. If we already have Kerberos (version 4) installed on a m/c and we
plan to install version 5 on that same machine will there be any
conflicts in any of the files (e.g. /etc/svrtab etc.).
There shouldn't be. First of all, as shipped by default, all of the
Kerberos-specific file will be placed in /krb5. Secondly, the V5 srvtab
is named v5srvtab, and the names of the "ticket file" (renamed to be the
credentials cache in V5) are different as well.
I hope this answers your questions!
- Ted
