f



Kerberos 1.4.1

I recently upgraded to Kerberos 1.4.1 from 1.3.6 on Gentoo and found that
C-Kermit 8.0.211 make xermit with flags "-DCK_AUTHENTICATION -DCK_KERBEROS
-DCK_ENCRYPTION -DCK_DES -DKRB5" wouldn't compile anymore. The linker would
die with with "In function `ck_auth_init':: undefined reference to
`krb5_init_ets'," I googled that function and found that it was deprecated
a while back, wasn't considered part of the public Kerberos API, and was
removed in Kerberos 1.4. It apparently broke several Kerberos applications.

While looking in the ckuath.c file, I noticed the MIT_CURRENT define, then
grepped all the source for a description of that define, and in ckuath.h
found:

    /* Define MIT_CURRENT to compile the code for use with versions of */
    /* Kerberos later than KRB5 1.0.5.  Note.  This will not compile   */
    /* successfully in Kermit 95 due to the segmentation of crypto     */
    /* into a separate DLL.        

I added -DMIT_CURRENT to my make flags and recompiled. This time, I got a
bunch of DES function related compile errors (emailed to Kermit support) in
ck_crp.c. I removed "-DCK_ENCRYPTION -DCK_DES" from my make flags and
recompiled. This worked fine.

The end result is that I have telnet authenication with Kerberos but no
telnet-based encryption, which is ok because I can encrypt the telnet
session over TLS anyway.

I'm not a Kerberos programming guru, or I'd try to help with the code. I
hope my experimenting and bug reporting saves someone some time down the
line.

Tim 
0
Timothy
6/29/2005 3:22:21 AM
comp.protocols.kermit.misc 428 articles. 0 followers. Post Follow

1 Replies
381 Views

Similar Articles

[PageSpeed] 26

I've confirmed that Kerberos 1.4.1 (and perhaps 1.4 as well) has removed
krb5_init_ets from the libkrb5 library. You can still get full Kerberos
functionality by commenting out the krb5_init_ets call in ckuath.c since
the krb5_init_ets function had been a no-op anyway. You needn't use any of
the -D make flags that I posted earlier. Thanks to Jeffrey Altman for the
tip.

Tim
0
Timothy
6/29/2005 6:49:55 AM
Reply: