current-users: NetBSD kerberos problems

Subject: NetBSD kerberos problems
To: Outbound News <outnews+netnews.cmu.comp.os.linux@andrew.cmu.edu>
From: Christopher J Mason <cmason+@CMU.EDU>
List: current-users
Date: 11/11/1996 02:48:26

CMU people: I apologize for posting this somewhat off-topic, but I don't
know a better place, and I know some of you reading this bboard run
NetBSD.

I'm having problems getting standard NetBSD kerberos to work with
andrew.  I fixed a few configuration problems I was having (I needed a
new version of /etc/services)  but now I consistently get errors like:

cmason@ros:~> kinit
NetBSD Kerberos (ros)
Kerberos Initialization
Kerberos name: cjm
Password: 
kinit: Password incorrect

when I'm absolutely sure I'm getting it right.

I also had accounts setup a kerberos instance for me.  I can add the key
but whenver I try to "change" it I get:

cmason@ros:~# ksrvutil change

Principal: rcmd.ros@ANDREW.CMU.EDU; version 0
Changing to version 1.
ksrvutil: Key NOT changed: Principal unknown (kerberos)
Old keyfile in /etc/kerberosIV/srvtab.old.

I know that the instance exists because I get tickets for it when I try
to telnet into my machine.

Now someone did give me diffs which changed two things in
src/domestic/lib/libkrb/:

changed from standard string to key to afs/transarc string to key in
get_in_tkt.c:
>afs_string_to_key(buff,realm,key);

change crypt salt from "#~" to "p1" in str2key.c
>strncpy((void *)key, (char *)crypt(password, "p1") + 2, sizeof(des_cblock));

Supposedly, (atleast according to him) p1 generates the same encryption
as #~ which isn't a valid salt for our crypt library.  Now, he is from
stanford, which I understands runs a lot of CMU software.  He said he
thought that the kerberos stuff was the same.

Does anyone out there know what else needs to be changed in order to get
NetBSD kerb4 to work with CMU andrew?

BTW, I'm not using the CMU source because I can't get it to compile
under NetBSD.  Andrew makefiles are terrible things.

Why is it that CMU has to be so original with its software?  :-) <ducking>

Thanks alot.

-c
 _____________________________________________________________________
|Chris Mason - cmason@nyx.net  cmason@cmu.edu  http://ros.res.cmu.edu |
|"You can always count on a murderer for a fancy prose style."-Nabokov|
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~