Subject: misc/1897: kerberos v4 provided, but v5 /etc/services entries the default
To: None <gnats-bugs@gnats.netbsd.org>
From: Chris G. Demetriou <cgd@NetBSD.ORG>
List: netbsd-bugs
Date: 01/06/1996 00:51:57
>Number: 1897
>Category: misc
>Synopsis: krb4 provided, but unusable because of bad /etc/services ents.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people (Misc Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sat Jan 6 01:05:01 1996
>Last-Modified:
>Originator: Chris G. Demetriou
>Organization:
Kernel Hackers 'r' Us
>Release: NetBSD-current, January 5, 1995
>Environment:
System: NetBSD sun-lamp.pc.cs.cmu.edu 1.1A NetBSD 1.1A (SUN_LAMP) #19: Thu Jan 4 20:42:03 EST 1996 cgd@sun-lamp.pc.cs.cmu.edu:/usr/src/sys/arch/i386/compile/SUN_LAMP i386
>Description:
The version of kerberos in /usr/src/domestic is kerberos v4.
The port numbers given for kerberos in /etc/services for kerberos
are the v5 ports. This means that programs like kinit won't be
able to talk to existing kerberos v4 servers.
>How-To-Repeat:
In an environment that has a Kerberos v4 implementaton deployed,
build the domestic sources, install them, set up /etc/kerberosIV,
and try to use kinit. It will always time out when trying to
talk to the servers. (modify kinit to set the 'extern int' variable
krb_debug to verify this.)
>Fix:
The following diff to /etc/services fixes the patch, but has a couple
of problems:
(1) it updates the /etc/services entries, but doesn't
edit the comments that say which are provided,
(2) the kerberos v5 magic numbers are the defaults in
/etc/services, i guess because they're officially
assigned numbers. Applying this diff puts the
(unassigned) v4 numbers back into /etc/services,
and that may be considered undesirable.
Even though these numbers aren't officially assigned numbers,
I suggest they be made the default in /etc/services. If they're
not, then the kerberos implementation provided in NetBSD is
rendered unusable, for apparently no good reason... (If it's
so wrong to have the unofficial numbers in /etc/services, then
it's just as wrong to use the software that needs the numbers
in the source tree, no? 8-)
Index: services
===================================================================
RCS file: /a/cvsroot/src/etc/services,v
retrieving revision 1.15
diff -c -r1.15 services
*** services 1995/12/17 02:01:16 1.15
--- services 1996/01/06 05:34:24
***************
*** 51,58 ****
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
! kerberos 88/tcp krb5 # Kerberos v5
! kerberos 88/udp
supdup 95/tcp
# 100 - reserved
hostnames 101/tcp hostname # usually from sri-nic
--- 51,58 ----
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
! #kerberos 88/tcp krb5 # Kerberos v5
! #kerberos 88/udp
supdup 95/tcp
# 100 - reserved
hostnames 101/tcp hostname # usually from sri-nic
***************
*** 168,176 ****
#
klogin 543/tcp # Kerberos `rlogin'
kshell 544/tcp krcmd # Kerberos `rsh'
! kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
! #kerberos 750/udp kdc # Kerberos (server) udp
! #kerberos 750/tcp kdc # Kerberos (server) tcp
krbupdate 760/tcp kreg # Kerberos registration
kpasswd 761/tcp kpwd # Kerberos `passwd'
eklogin 2105/tcp # Kerberos encrypted `rlogin'
--- 168,176 ----
#
klogin 543/tcp # Kerberos `rlogin'
kshell 544/tcp krcmd # Kerberos `rsh'
! #kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
! kerberos 750/udp kdc # Kerberos (server) udp
! kerberos 750/tcp kdc # Kerberos (server) tcp
krbupdate 760/tcp kreg # Kerberos registration
kpasswd 761/tcp kpwd # Kerberos `passwd'
eklogin 2105/tcp # Kerberos encrypted `rlogin'
>Audit-Trail:
>Unformatted: