Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!goanna.cs.rmit.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!elroy.jpl.nasa.gov!usc!chi-news.cic.net!news.math.psu.edu!hudson.lm.com!usenet From: peterb@tcptest.psc.edu (Peter Berger) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Why Kerberos, DES? Date: 10 Nov 1995 14:16:45 -0500 Organization: ter Lines: 45 Sender: peterb@tcptest.psc.edu Message-ID: <qzyu44ci8ki.fsf@tcptest.psc.edu> References: <47lndp$p0q@mark.ucdavis.edu> <1995Nov7.095052.1890@grove.iup.edu> NNTP-Posting-Host: tcptest.psc.edu In-reply-to: Curtis Kaminski's message of 7 Nov 95 09:50:51 EST X-Face: >~|/XtK\n?zuw}g&-,O0hyx0f9X1Ah`R<dK=Ii1iATg2ua8L9uP<yEWy/QN^B2>iMZL0Pa* X/"A@zMzsEkbr1)KfB2.Mj8VPzuV0,hVm7$,zbsp9>7cyiBR#Kicz.h4Q*:PLRgze[-bA=d9i35y:: .? -----BEGIN PGP SIGNED MESSAGE----- In article <1995Nov7.095052.1890@grove.iup.edu> Curtis Kaminski <curtis@iu28.arin.k12.pa.us> writes: > I never got kerberos to work, Berkeley says its an unsupported function, > and left me hanging. Kerberos should give you user authentication for > the network. Kerberos doesn't work because of a stupid error made by BSD/OS. If you're a source customer, check out the source code in the "register" program and compare it against the kerberos registration server. The bottom line is that "register" passes the conf file as something like "/etc/kerberosIV/krb.conf" and the server then takes that as the value of the krb conf FILE and appends it to the krb conf DIRECTORY, and so looks for /etc/kerberosIV/etc/kerberosIV/krb.conf. You can fix this, and it will work. But the bottom line is that kerberos doesn't work as BSDI distributes it, no matter how closely you follow their instructions. Why the fuck they a) haven't fixed this and b) keep distributing it broken as is is a mystery to me. It did shake my confidence greatly in BSDI to realize that they distributed a part of their product that even the most cursory of tests would have shown was incapable of working. I would love to learn that I am incorrect, but I have yet to meet a single person who has gotten Kerberos working as shipped by BSDI. If you're out there, please let me know. BSDi, do you have any explanation for this? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMKOlDBY1vlCaZ9uNAQGVtgP+OBu70MllEdA480tv8m0r0RI+UxEfnw27 EzJJ/uuC2cQiByUjANctnj1duZZgV2C5qGdtypI0a5jtFpOPsrRukpQkpKx5sNV/ Z+2+q770Vj4tm2rWVMM2d8U+SOaKHUV0skZyrxsaghbLAu1hS1xnyeGUk60ZRqmw d6ygpz0H3Go= =1bW0 -----END PGP SIGNATURE-----