Subject: lib/4204: switching kinit between mit and afs passwords requires re-linking kinit
To: None <>
From: Bill Studenmund <wrstuden@vespasia.Stanford.EDU>
List: netbsd-bugs
Date: 10/01/1997 22:01:33
>Number:         4204
>Category:       lib
>Synopsis:       There are two styles of kerberos IV passwords. Changing between them requires re-linking.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Oct  1 22:05:02 1997
>Originator:     Bill Studenmund
>Release:        1.2 through -current Oct 1, 1997
System: NetBSD vespasia 1.2G NetBSD 1.2G (VESPASIA) #7: Wed Aug 20 20:15:06 PDT 1997 root@vespasia:/y2/ i386

	There are two types of kerberos IV passwords (well, password string
to key conversions). I helped add support for the AFS-style ones around the
time of 1.2, which involved using different routines and changing a call
to crypt to use a valid salt. The code change was implimented (by tls, I
think) by linking libkafs before libkrb, thus replacing a routine which
used the mit style string-to-key (in libkrb) with one (in libkafs) which
uses the afs string to key method.
	At the time, CGD pointed out that it's kinda silly to have this
be a compile-time decision. I think everyone agreed, but no one really wanted
to fix it.
	Now I do. :-)
	I'm appending patches below. Basically, I changed the code in
libkafs to first look at an environment variable, which I called USE_AFS_KEY,
to decide what to do. If the variable exists, and is non-zero, we use the
afs method. If it's zero, we use the mit method. If it's not defined, we use
a compile-time default.
	I also changed kinit so that it always uses libkafs (so the option
will always be there).
	It might be better to just rip this functionality out of libkafs
and make it the default in libkrb.

Index: src/domestic/lib/libkafs/get_in_tkt.c
diff -u src/domestic/lib/libkafs/get_in_tkt.c: src/domestic/lib/libkafs/get_in_tkt.c:1.2
--- src/domestic/lib/libkafs/get_in_tkt.c:	Wed Aug 13 09:21:08 1997
+++ src/domestic/lib/libkafs/get_in_tkt.c	Mon Sep 29 23:41:09 1997
@@ -17,6 +17,7 @@
 #include <krb.h>
 #include <prot.h>
+#include <stdlib.h>
 #ifndef NULL
 #define NULL 0
@@ -28,8 +29,21 @@
  * get_in_tkt.c from libkrb.  Note that you can't strip the other functions
  * out of this file -- a function pointer to passwd_to_key is passed out
  * of one of them.
+ *
+ * Actually, this file's alternate to passwd_to_key will check an environment
+ * variable, and if it represents a non-zero integer, the afs-compatable
+ * string_to_key is used. If the value represents zero, then the standard
+ * string_to_key is used. If the value is undefined, a compile-time
+ * default is used.
  * passwd_to_key(): given a password, return a DES key.
  * There are extra arguments here which (used to be?)
@@ -50,12 +64,24 @@
     char *user, *instance, *realm, *passwd;
     C_Block *key;
-    if (passwd)
-	afs_string_to_key(passwd,realm,key);
-    else {
+    char *tmp;
+    int  i;
+    if ((tmp = getenv(AFS_STRING_ENV_VAR)) == NULL)
+    else
+	i = atoi(tmp);
+    if (passwd) {
+	if (i)
+	    afs_string_to_key(passwd,realm,key);
+	else
+            string_to_key(passwd,key);
+    } else {
 	char	buff[80];
 	des_read_pw_string(buff, sizeof(buff)-1, "Password: ",0);
-	afs_string_to_key(buff,realm,key);
+	if (i)
+	    afs_string_to_key(buff,realm,key);
+	else
+            string_to_key(buff,key);
     return (0);
Index: src/domestic/usr.bin/kinit/Makefile
diff -u src/domestic/usr.bin/kinit/Makefile: src/domestic/usr.bin/kinit/Makefile:1.2
--- src/domestic/usr.bin/kinit/Makefile:	Sun Aug 10 15:41:47 1997
+++ src/domestic/usr.bin/kinit/Makefile	Wed Oct  1 21:55:07 1997
@@ -2,11 +2,6 @@
 #	$NetBSD: Makefile,v 1.2 1997/01/09 10:27:13 tls Exp $
 PROG=	kinit
-.if defined(AFS)
-LDADD=	-L${KAFSOBJDIR} -L${KRBOBJDIR} -lkafs -lkrb -ldes
-LDADD+=	-lcrypt
+LDADD=	-L${KAFSOBJDIR} -L${KRBOBJDIR} -lkafs -lkrb -ldes -lcrypt
 .include <>