port-mac68k: Re: NFS, kerberos

Subject: Re: NFS, kerberos
To: Aaron F Godfrey <fgodfrey+@cmu.edu>
From: Bill Studenmund <wrstuden@loki.stanford.edu>
List: port-mac68k
Date: 07/10/1997 13:59:15
> 	The CMU realm does indeed require AFS kerberos, a fact which I
> discovered after several hours messing with NetBSD's built in kerberos
> stuff.  I ended up just grabbing the CMU kerberos distribution (which
> borders on impossible to compile...) from
> /afs/andrew.cmu.edu/system/src/local/kerberos.  It works now on
> NetBSD/i386.  I haven't tried it on /mac68k but I see no reason why it
> wouldn't also work.

There were two things wrong with the kerberos stuff in NetBSD a while
back (the 1.2 dist, I think). The andrew string2key routine used an
invalid salt in a crypt call (fixed), and we had to get the right
string2key routine used. Just define -DAFS during a build in domestic,
and it should work.

> 	The telnet works also, but for some reason, it doesn't auto log you in
> without a password.  Ie, if I'm on a netbsd box and do "telnet -a
> sun4.andrew.cmu.edu" it puts in my username (ag5c) after encrypting the
> session but then I get asked for my password anyway.  Not sure why that
> is...  However, it does encrypt...  Inbound, the telnetd takes the
> forwarded user ID and "password" but then doesn't get kerberos tickets
> for me so I have to re-kinit...  Also, for inbound encrypted telnet to
> work, you need a kerberos instance - at CMU, you need to mail
> "advisor+@andrew" to get one...

This is kerberosIV, which doesn't have ticket forwarding. You have to
forward the tickets before logging in, then you don't get a request for
password.

I use kftgt, a ticket forwarding program. I think Stanford wrote it.

> 	As for AFS, there are no binaries for NetBSD/mac68k.  When I asked, I
> was told that there was some problem with the way NetBSD/mac68k handled
> interupts.  I tried binaries for /m68k4k and m68k8k with no results (it
> was missing kernel symbols).  The binaries are VERY version dependant. 
> I was thinking about porting it myself but was told that CMU does not
> have a source code license to AFS, which is REALLY odd since we
> developed it...  Anyway, if you DO get AFS/mac68k working I'd be really
> interested in hearing how :)

I've never tried AFS on a mac, just i386. I am VERY puzzled about mac68k
not handling interrupts right for AFS. All the other file systems seem
fine, so....

m68k8k would work, I thought. Maybe not.

Take care,

Bill