[7518] in Kerberos

home help back first fref pref prev next nref lref last post

Re: krb4 application compatibility

daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Jun 21 20:59:19 1996

To: Dave McGuire <mcguire@rocinante.digex.net>
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 21 Jun 1996 20:56:00 -0400
In-Reply-To: Dave McGuire's message of Wed, 19 Jun 1996 23:03:33 -0400

>>>>> "Dave" == Dave McGuire <mcguire@rocinante.digex.net> writes:

    Dave> Folks,
    Dave>   I remember from beta5 there was a neat little library that acted as
    Dave> glue to provide a krb4-looking api to krb5.  What happened to that?  I

	It was removed from the source code because people were using it.  See below.


    Dave> have a good-sized krb4 application (the UofMD backup package,
    Dave> "amanda") which I'd *love* to convert to krb5 but don't want to spend
    Dave> three weeks doing it.  Any advice?

	E	Either convert it properly or don't convert it.
Basically, libkrb425 presented a wire protocol that wasn't
particularly comptabile with how people tend to write krb5
applications, and a API that was almost krb4 comptabile.
Unfortunately, krb5 is not krb4; there are issues like environment
variables to control configuration files, transit lists on tickets,
multiple encryption types, etc; liefe is not as simple as it was in
krb4.  By ignoring these issues and using an API similar to krb4, you
are stuck with all the misfeatures of krb4's broken design, plus you
have to worry about how krb5 may interact with your application.  You
also lose compatability with past and future versions of the
application.  Past versions of the application (krb4 only) cannot
speak the krb425 protocol, and future versions that take full
advantage of krb5 or GSSAPI will not speak the krb425 protocol.

	On the other hand, you should have no problems if you continue
to have a krb4 application.  The KDC and krb524d should handle most of
the issues involving assumptions that have changed between krb5 and
krb4.  Your application maintains compatability with past versions.
Future versions of the application may even choose to maintain
compatability with the past versions of the application in a manner
similar to the BSD utilities, although you should probably drop krb4
support some day.

--Sam

    Dave>                             Thanks,
    Dave>                             -Dave McGuire
    Dave>                              Systems Engineer
    Dave>                              Digital Express Group, Incorporated
    Dave>                              mcguire@digex.net
home help back first fref pref prev next nref lref last post