Subject: Kerberos under NetBSD-0.9?
To: None <sommerfeld@orchard.medford.ma.us>
From: Mark W. Eichin <eichin@cygnus.com>
List: netbsd-users
Date: 11/17/1993 23:59:45
Sorry this is long, I've been tending to ramble a lot lately :-) And
try not to pay too much mind to the various digs about upgrading.
Well, maybe a little. :-)

Basically, 386bsd 0.0 (0.1 had no substantial changes outside the
kernel, and very few inside -- I read the 100K or so of diffs and
decided that it didn't fix anything I hadn't already replaced) had an
early GNU ar (I assume that is where it came from) that did something
clever with "long" names in archives (long being longer than one of
14, 15, or 16 characters, I forget.) It was self-consistent --
anything you added with ar r you could extract with ar x. However, the
linker never had any support for this, and for some reason got badly
confused. (Current GNU ar and linker don't have such a problem... for
that matter, the current tools at that time didn't either.)

I never figured out what the bug was (around the time I went back to
linux, noone had figured out how to build a BSD kernel with gcc 2, and
since I work at Cygnus, I couldn't justify hacking on anything
less...) but renaming the 8 files in libkrb.a was certainly enough to
fix it.

Ken Raeburn recently tried building the Cygnus Network Security tree
under netbsd something (0.8 or 0.9, don't know which) and reported the
same problem -- I suggest, just randomly, that he check those
filenames. He extracted them, renamed them, put them back, and things
apparently worked.

Here are the "offending" filenames...

	create_auth_reply.o
	create_death_packet.o
	extract_ticket.o
	get_svc_in_tkt.o
	get_tf_fullname.o
	krb_get_in_tkt.o
	read_service_key.o
	save_credentials.o

Note that last time we tried, I wasn't able to get the BSD pty
initialization code to give an 8-bit clean connection to a
sub-process, but that may be that I was trying to use old BSD
interfaces (it didn't work with the POSIX interfaces either, and one
dasn't mix them...) The amusing upshot was that encrypted rlogind
worked fine, but unencrypted didn't. [This is using sources that are
roughly the MIT 4p10 sources with another couple of man-months of work
on them, *not* any of Kevin Fall's code, which may be what you're
trying to work with, so you may have more luck there.] If you are
working with MIT-based Kerberos code, and get that part working, there
are a couple of NetBSD users at Cygnus who might appreciate it if I
heard about it (since I'd probably apply it so they could use it.)

So, you've got a workaround here, but I hope some day you upgrade or
fix your linker. (In the meantime, I'm renaming those files in our
release anyway, because Centerline gets confused by GNU-ar folded
names.)
				_Mark_ <eichin@athena.mit.edu>
				MIT Student Information Processing Board
				Cygnus Support <eichin@cygnus.com>

------------------------------------------------------------------------------