[867] in Kerberos-V5-bugs
more smelly input from this end
daemon@ATHENA.MIT.EDU (*Hobbit*)
Tue Oct 18 03:30:26 1994
Date: Tue, 18 Oct 1994 03:30:22 -0400
From: *Hobbit* <hobbit@asylum.sf.ca.us>
To: krb5-bugs@MIT.EDU
Well, I've got some of the lossage hammered out with patchlevel 3; MWE
already knows about some unfinished BSD stuff hosing a sunos build. To be
specific, the inclusion of sys/tty.h and sys/ptyvar.h.
I can get tickets, run sserver/sclient successfully, and auto-authenticate
with telnet, although it's not clear to me if turning on -DENCRYPTION,
-DDES_ENCRYPTION, and dinking telnet/Makefile.in and telnetd/Makefile.in
to include libdes425 is really giving me an encrypted path or not. In the
interest of testing this latter question, I've tried to make myself a v4
principal over at Asylum and use it from MIT cluster machines.
I can actually kinit, getting a tgt of "krbtgt.ELF.COM@ELF.COM" [ELF.COM is
the realm name I'm using for now] -- this looks bogus, especially when I
later try to use that and see the MIT workstation asking asylum's KDC
for principal "krbtgt", instance "SF.CA.US". Since v4 clients use dots to
separate principals and instances and v5 stuff uses slashes, how is
everything supposed to map?
The "mkvno" problem between v4 and v5 seems to have gone away, or at least
I didn't see it in this evening's tests.
Here's a list of gripes I've been cooking up over time.
v5-to-v5 rlogin fails with "bad response during sendauth", and I haven't
really managed to trace it any farther than that yet. Ideas? The bits of
code I looked at seemed to indicate that this should "never happen".
krb5kdc -m should ask for the master key and then daemon() itself, rather
than requiring me to ^Z out and background it. Likewise with kadmind. A
simple fix, one would think. "run kstash" isn't an option at this point.
Under sunos4.1.3, the bsd appls are including both termio.h and termios.h,
which causes lots of redfine warnings. If anyone cares.
I can't extract a srvtab for more than one instance name, for example
having host/asylum.sf.ca.us *and* host/localhost in the same srvtab.
Simply catting two srvtabs together doesn't work...
I tried building the entire tree adding CCOPTS=-DDEBUG to the top level
make. This broke several things in lib/crypto/des and prevented them from
loading -- try it and see. I only did this in an attempt to get more
debugging information out of anything that had #ifdef DEBUGs in the code,
which is mighty sparse.
I did find it somewhat instructive to turn on a "local6" file and get
syslog output from the KDC, which isn't documented.
I now know most of the principals I need to create for testing, but that
doesn't help the next poor schlunk who comes along to try building this.
Kadmind doesn't listen on the loopback interface, but the KDC does. Why?
More as it surfaces..
_H*
