*BSD News Article 88849


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!panix!news.panix.com!not-for-mail
From: tls@panix.com (Thor Lancelot Simon)
Newsgroups: comp.unix.bsd.netbsd.misc
Subject: Re: Kerberos functionality/configuration for NetBSD 1.2
Date: 10 Feb 1997 18:29:01 -0500
Organization: Panix
Lines: 58
Message-ID: <5doavt$kbk@panix2.panix.com>
References: <5dntom$lbt@alexander.INS.CWRU.Edu>
Reply-To: tls@rek.tjls.com
NNTP-Posting-Host: panix2.panix.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5335

In article <5dntom$lbt@alexander.INS.CWRU.Edu>,
Wes Brown <wes@prozac.student.cwru.edu> wrote:
>Well I finally have my hp300 running NetBSD via a very magical setup.  Now
>I would like to get Kerberos IV connections to this box.  The release
>version of NetBSD 1.2 did not have the libraries (libkrb.so.2.0...) that
>were needed even though I downloaded the full domestic section as well as
>all the other binaries.

It sounds like the domestic portion of the hp300 distribution wasn't built
correctly.  Since I'm not the hp300 port maintainer, I can't speak to that.
However, 1.2 did ship with function Kerberos clients, servers, and libraries.
I use them every day.

>I have since downloaded the NetBSD-current/domestic directory and built
>that.  All of the libraries built and installed.  However, the program
>klist does not work.  The error that is returned reads as follows:
>/usr/libexec/ld.so: Undefined symbol "_crypt" in klist:/usr/lib/libkrb.so.2.0

You seem to have the exportable version of libcrypt installed.  Did you build
and install *all* of domestic/lib, or just the Kerberos libraries?  Kerberos
is dependent upon the libcrypt encryption functionality, which isn't in the
exportable version of libcrypt.

>Is there a working verion of klist out there?  Is there documentation

Yes, the version in the source tree works just fine:

| > klist
| Ticket file:    /tmp/tkt666
| Principal:      tls@ATHENA.MIT.EDU
| 
|   Issued           Expires          Principal
| Feb 10 17:24:42  Feb 11 03:24:42  krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU


>somewhere on the entire KerberosIV on NetBSD?  Is there some reason why it

The manual pages are decent.  From a user's point-of-view, we're just like
MIT Kerberos except that some files have moved around, and the manual pages do
indicate where those are.  Perhaps we should ship a few of the MIT papers in
/usr/share/doc.

>would be using crypt instead of the other crypts in the kerberos package?

The string-to-key routines use crypt() to make a key from the password string.
You can't do otherwise and be compatible with MIT Kerberos IV; AFS does do
things a bit differently, and you can build our libs to work that way if you
like.

>Is there a good reason why these kerberos libraries are shared libraries?

Is there a good reason why *any* libraries are shared libraries?  Same
reason.

-- 
Thor Lancelot Simon	                                          tls@panix.COM

 Stumbling drunk in the railyard looking for God: http://www.panix.com/~tls/