[460] in Kerberos-V5-bugs
Porting and Modifications
daemon@ATHENA.MIT.EDU (Lee A. Butler)
Fri Apr 15 06:03:50 1994
Date: Fri, 15 Apr 94 5:59:35 EDT
From: "Lee A. Butler" <butler@ARL.MIL>
To: krb5-bugs@MIT.EDU
Here at ARL we have installed the KerberosVbeta3. At the moment, we
have the software running on Irix4.0.5 and SunOS 4.1.[13] and a port to HPUX
is under way. Here are some of the problems we have run into and the fixes.
BUILDING THE ISODE LIBRARY:
The following files were removed from the compat library:
select.c signals.c strdup.c putenv.c
Each of these files provides routines already provided by the vendor OS. In
several cases they are NOT functional replacements for the vendor-supplied
routines. In addition to removing these source modules, the source module
compat/internet.c was modified so the the routines "getservbyname()" and
"gethostbyname()" were removed in favor of vendor-supplied versions.
----------------------------------------------------------------------
BUILDING KERBEROS:
A better list is needed of the compilation symbols available and
their meaning. This would greatly help in the construction of *.cf files
for new platforms.
----------------------------------------------------------------------
appl/bsd/krlogin:
The version of rlogin provided did not provide for transmitting
the window/screen size. I have ported the NET2 version of rlogin.
The rlogin client provided always attempted BSD-style rlogin if
the kerberos-style attempt failed. This was changed so that BSD-style rlogin
was attempted ONLY when one of the following conditions occurrs:
A) kerberos-rlogin connection attempt resulted in the error
ECONNREFUSED, indicating that there is no kerberos
service available on the destination host.
B) the '-K' command line option was presented, in which case
the kerberos-rlogin connection is never attempted.
The rlogin program was modified to optionally use termios instead
of sgtty interface. The compile-time symbol USE_TERIOS selects this behavior
when defined.
----------------------------------------------------------------------
appl/bsd/kcmd.c
Since Kerberos is rather picky about the host names used, the kcmd()
routine was changed to perform gethostbyname() followed by gethostbyaddr() on
the first address in the result as an attempt to get the "primary" name for
the remote host.
----------------------------------------------------------------------
About rlogin/rlogind in encrypted mode:
I notice that the client->server message containing the userid,
principal, and terminal-type for the session is passed over the network in
the clear even when setting up a DES-encrypted session. Since this service is
provided on a distinct port, there would seem to be no reason why this data
should not be passed in encrypted form. Can anyone comment on why this was
not done?
Lee A. Butler
Attn: AMSRL-SL-BV
U.S. Army Research Laboratory Internet: butler@brl.mil
Aberdeen Proving Ground, MD 21005-5068 Phone: (410) 278-9200
