[7427] in Kerberos
Re: beta 6 problems..
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Jun 9 18:53:34 1996
To: Nathan Sheeley <nsheeley@doa.flame.org>
Cc: tomryan@camlaw.rutgers.edu (Tom Ryan), kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 09 Jun 1996 18:38:20 -0400
In-Reply-To: Nathan Sheeley's message of Fri, 7 Jun 1996 19:12:40 -0500 (CDT)
>>>>> "Nathan" == Nathan Sheeley <nsheeley@doa.flame.org> writes:
>> Ever since I upgraded my linux aout system to Elf, I have been
>> unable to compile kerberos..
>>
>> I keep getting errors on dbm_open, dbm_close, etc, etc.. I
>> tried adding -ldbm and -lgdbm (both of which exist on my
>> system.. however, it still will not compile (either beta5 or
>> the new beta6) Does anyone have any ideas?? (does it not
>> compile cleanly under ELF)
Nathan> v5b5 compiled fine on my elf Linux 1.2.13 box.
I regularly tested the code on a Linux 1.2.13 (Slackware 3.0
with Gcc 2.7.2) system without problems. What was the configure line
you used for Beta6 that failed, and what was the error and what was it
produced by?
Nathan> As for problems, I have some on k5b6:
Nathan> On ultrix 4.4, the autoconf script detects that I have
Nathan> ndbm, and that I don't need the dbm_error and dbm_clearerr
Nathan> prototypes, but then bombs on this in src/kdb. I looked
Nathan> into the problem, I was just wondering if anyone has an
Nathan> easy fix.....I tried adding the --with-dbm flags for dbm,
Nathan> and it didn't help
There is no src/kdb; I assume you mean src/kdc. What is the
error? We are able to compile on Athena Ultrix 4.2A without a
problem.
Nathan> On any architectures, how does kerberos v5 handle multiple
Nathan> interfaces on one host. We have many machines that have
Nathan> atm & ethernet interfaces, fddi & ether interfaces, etc.
Nathan> The little testing I have done has lead me to believe that
Nathan> k5 only works with host tickets for the primary host name
Nathan> of the machine....(and therefore the interface associated
Nathan> with it) Again, I haven't worked on this problem that
Nathan> much.
The handling of this changed in Beta6. Basically, it should
work if the following conditions are met:
* The client's forward and reverse resolution yield the same name.
* That FQDN is in the Kerberos database as a host ticket.
* The server finds the appropriate host key in its keytab.
FTP may be a bit more restrictive, and there are apparently
problems with multi-homed KDCs but besides that things should work.
Nathan> Nate
--Sam
