[180] in Zephyr Mailing List
Re: zephyr has problems authenticating from multihomed hosts (?)
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 4 17:53:54 1995
To: Michael Cerrato <mec@cis.ufl.edu>
Cc: zephyr@MIT.EDU
In-Reply-To: Your message of "Mon, 04 Sep 1995 17:12:59 EDT."
<199509042113.RAB17815@cutter.cis.ufl.edu>
Date: Mon, 04 Sep 1995 17:50:11 EDT
From: Greg Hudson <ghudson@MIT.EDU>
> We use multihomed SunOS 4.1.3 boxes to do the routing.
It's a known problem that Zephyr doesn't deal well with multi-homed
hosts or hosts without assigned hostnames. This is unfortunately
difficult to fix due to a weakness in the current protocol whereby the
same field is used for the packet ID and (by zwgc) for the address of
the sending client.
The check in dispatch.c was added at some point before the January 94
snapshot; people who didn't have trouble before 2.0 were perhaps
running servers prior to the January snapshot.
You can remove the check in dispatch.c, at the expense of making it
trivial for anyone to forge the sending host on messages.
Since I expect to change the protocol revision number before 2.1 in
order to support Kerberos 5 authentication, I will hopefully address
this problem as well by adding a separate "sending client host" field
to the notice structure which is not part of the packet ID and
therefore can be filled in by the server.
