[879] in Kerberos_V5_Development
Re: KRB5KDC_[ERR_]PREAUTH_FAILED
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Mon Feb 27 17:14:23 1995
Date: Mon, 27 Feb 1995 17:14:17 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: Stephen Gildea <gildea@x.org>
Cc: converse@x.org, swick@x.org
Cc: krbdev@MIT.EDU
In-Reply-To: Stephen Gildea's message of Mon, 27 Feb 1995 15:04:35 EST,
<9502272004.AA10779@alex.x.org>
Cc: converse@x.org, swick@x.org
Date: Mon, 27 Feb 1995 15:04:35 EST
From: Stephen Gildea <gildea@x.org>
We have a bug report saying that xdm doesn't work with Kerberos 5 BETA_4.3
because KRB5KDC_PREAUTH_FAILED has changed with Kerberos BETA_4.3 to
KRB5KDC_ERR_PREAUTH_FAILED.
Questions for you are...
Is this true?
Yes, this was true. The change was made in 7/15/1994, after we had
handed the changes off to you. Sorry about that.... the reason was
simply to make that one error code name match with the standard
convention. (I had screwed up when I originally created the error code name).
What version of Kerberos do I have? What file to I look at to tell?
You probably BETA 4 patchlevel 1 --- the change was first made visible
in Beta 4 patchlevel 2. There's a patchlevel.h file at the top level of
the source tree which shows this.
Should I get a later version? How?
Probably, but I'd should warn you that in Beta 5 (to be released in a
month or so), we're going to be making *significant* API changes, which
will break the X11 code. I will get someone (probably Tom), to work on
getting you patches to make the X11 Krb5 auth code compile against Beta
5.
In the meantime, simply changing KRB5KDC_PREAUTH_FAILED to
KRB5KDC_ERR_PREAUTH_FAILED should make things work with Beta 4
patchlevel 3. (The most recently released version).
Is there a mailing list where I should ask these questions?
In the future, just send such questions to krbdev; that way, we can
track your mail messages in our archives, and it will also be sent to
the other members of the Kerberos development team.
Is there a mailing list that would tell me about new versions of Kerberos?
It's sent to the Kerberos mailing list (kerberos@mit.edu). That's a
pretty high-volume list, though. There hasn't yet been requests for a
kerberos-announce list, but it would probably be a good idea to set one
up. I presume that's the sort of thing you were looking for?
- Ted
