[7440] in Kerberos
Re: beta 6 problems..
daemon@ATHENA.MIT.EDU (Nathan Sheeley)
Mon Jun 10 00:37:18 1996
From: Nathan Sheeley <nsheeley@doa.flame.org>
To: hartmans@MIT.EDU (Sam Hartman)
Date: Sun, 9 Jun 1996 23:26:38 -0500 (CDT)
Cc: kerberos@MIT.EDU
In-Reply-To: <tsl20joppr7.fsf@tertius.mit.edu> from "Sam Hartman" at Jun 9, 96 06:38:20 pm
> Nathan> v5b5 compiled fine on my elf Linux 1.2.13 box.
>
> I regularly tested the code on a Linux 1.2.13 (Slackware 3.0
> with Gcc 2.7.2) system without problems. What was the configure line
> you used for Beta6 that failed, and what was the error and what was it
> produced by?
I didn't have this problem, someone else did, and was wondering if elf
was the problem, I was commenting that it had compiled fine (at least
b5) for Linux elf. Either you or I deleted the "xxx wrote" line, sorry
> Nathan> As for problems, I have some on k5b6:
>
> Nathan> On ultrix 4.4, the autoconf script detects that I have
> Nathan> ndbm, and that I don't need the dbm_error and dbm_clearerr
> Nathan> prototypes, but then bombs on this in src/kdb. I looked
> Nathan> into the problem, I was just wondering if anyone has an
> Nathan> easy fix.....I tried adding the --with-dbm flags for dbm,
> Nathan> and it didn't help
>
> There is no src/kdb; I assume you mean src/kdc. What is the
> error? We are able to compile on Athena Ultrix 4.2A without a
> problem.
Here is the start of a configure run and the resulting error later:
k5b6/krb5-beta6/ultrix44% ../src/configure --with-cc="gcc" --with-ccopts="-DUltrix -DULTRIX" --prefix="/krb5"
loading cache ./config.cache
checking for C compiler... gcc
checking for gcc... gcc
checking whether we are using GNU C... yes
checking whether gcc accepts -g... yes
CCOPTS is -DUltrix -DULTRIX
LD defaults to gcc
CPPOPTS defaults to
built in krb4 support
checking for working const... yes
checking for -lsocket... no
checking for -lnsl... no
checking whether we are using GNU C... checking how to run the C preprocessor... gcc -E
yes
checking for build host... checking host system type... mips-dec-ultrix4.4
mips-dec-ultrix4.4
checking for ndbm.h... yes
checking for dbm_nextkey... yes
checking for missing dbm_error prototype... no
checking for missing dbm_clearerr prototype... no
Using ndbm for name conversion database.
checking for ndbm.h... (cached) yes
checking for dbm_nextkey... (cached) yes
checking for missing dbm_error prototype... (cached) no
checking for missing dbm_clearerr prototype... (cached) no
Using ndbm for kerberos database.
updating cache ./config.cache
creating ./config.status
creating ./Makefile.tmp
creating ./pre.tmp
creating ./post.tmp
creating ./Makefile
[continues]
[later, in a make (GNU make)]
gcc -DUltrix -DULTRIX -DHAVE_UNISTD_H=1 -DHAVE_SRAND48=1 -DHAVE_SRAND=1 -DHAVE_SRANDOM=1 -DHAVE_UMASK=1 -DNDBM=1 -DNDBM=1 -DKRB5_KRB4_COMPAT -I./../../include -I../../../src/lib/kdb/../../include -I./../../include/krb5 -I../../../src/lib/kdb/../../include/krb5 -DKRB5_KRB4_COMPAT -I./../../include -I../../../src/lib/kdb/../../include -I./../../include/krb5 -I../../../src/lib/kdb/../../include/krb5 -c ../../../src/lib/kdb/kdb_dbm.c -o kdb_dbm.o
../../../src/lib/kdb/kdb_dbm.c:121: warning: initialization from incompatible pointer type
../../../src/lib/kdb/kdb_dbm.c:135: `dbm_error' undeclared here (not in a function)
../../../src/lib/kdb/kdb_dbm.c:135: initializer element for `kdb5_default_dispatch.kdb5_dbm_error' is not constant
../../../src/lib/kdb/kdb_dbm.c:140: `dbm_clearerr' undeclared here (not in a function)
../../../src/lib/kdb/kdb_dbm.c:140: initializer element for `kdb5_default_dispatch.kdb5_dbm_clearerr' is not constant
make[2]: *** [kdb_dbm.o] Error 1
make[2]: Leaving directory `/disk/4/scl/nsheeley/Proj/k5b6/krb5-beta6/ultrix44/lib/kdb'
make[1]: *** [all-unix] Error 1
make[1]: Leaving directory `/disk/4/scl/nsheeley/Proj/k5b6/krb5-beta6/ultrix44/lib'
make: *** [all-unix] Error 1
[sorry about the wrapping]
> Nathan> On any architectures, how does kerberos v5 handle multiple
> Nathan> interfaces on one host. We have many machines that have
> Nathan> atm & ethernet interfaces, fddi & ether interfaces, etc.
> Nathan> The little testing I have done has lead me to believe that
> Nathan> k5 only works with host tickets for the primary host name
> Nathan> of the machine....(and therefore the interface associated
> Nathan> with it) Again, I haven't worked on this problem that
> Nathan> much.
>
> The handling of this changed in Beta6. Basically, it should
> work if the following conditions are met:
>
> * The client's forward and reverse resolution yield the same name.
> * That FQDN is in the Kerberos database as a host ticket.
> * The server finds the appropriate host key in its keytab.
I think I meet all these criteria, tho I am not using a k5b6 kdc, I am
using a k5b5 kdc. I will create a more concrete scenario tomorrow send it
to the list..
Nate
-------------------------------------------------------------------------------
Nathan Sheeley nsheeley@doa.flame.org 515-233-6055
Iowa State University nsheeley@iastate.edu CPR E 4
Scalable Computing Laboratory nsheeley@scl.ameslab.gov Assist. System Admin.
