From: | "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-ports(at)postgresql(dot)org |
Subject: | Re: Kerberos IV Support Broken? |
Date: | 2003-04-05 02:38:40 |
Message-ID: | p05111700bab3ebf01e81@[137.78.212.225] |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-ports |
At 1:55 AM +0200 4/5/03, Peter Eisentraut wrote:
>Henry B. Hotz writes:
>
>> Configure goes and looks for libkrb with some routine that is there.
>> Then it checks for libdes with des_encrypt. Now first of all there
>> is no libdes on Sol7. There's only the one that was put in when I
>> added ssl. Second there is no des_encrypt in openssl. Third there
>> is no des_encrypt in the Heimdal/KTH-KRB implementation either.
>>
>> So is that routine actually one that's used? If so where did it come
>> from, and whose implementation of what actually provided it?
>
>Last time I reworked that code I used the KTH version to check it, so your
>report puzzles me a little. Basically we just want to make sure that the
>Kerberos installation is sufficient before proceeding. Feel free to
>suggest improvements.
/usr/lib/libdes.a on NetBSD 1.6Q has des_encrypt1, des_encrypt2, and
des_encrypt3, but no unnumbered one. I don't know for sure if that
library is from ssl or from Heimdal/KTF-KRB, but I suspect the
latter. They have definitely done something to rationalize openssl
with Heimdal so it may be a merger of some kind.
OSX has an _k5_des_encrypt routine in libdes425.dylib.
Can't find anything in Solaris 7, which is actually odd because I
thought there was a cryptsoft libdes included with Solaris 2.6.
Perhaps my memory is fading though. That was a while ago. Looking
further on Sol7 I do find:
nm libcrypto.a | fgrep des_encr
[67] | 448| 28|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt
[69] | 480| 28|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt2
[70] | 512| 32|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt3
in /usr/local/lib. Interesting. Now back to /usr/lib:
nm libcrypt.a | fgrep des_encr
[12] | 0| 0|NOTY |GLOB |0 |UNDEF |_des_encrypt
libcrypt.a[des_encrypt.o]:
[6] | 0| 472|FUNC |GLOB |0 |2 |_des_encrypt1
[1] | 0| 0|FILE |LOCL |0 |ABS |des_encrypt.c
[5] | 0| 472|FUNC |WEAK |0 |2 |des_encrypt1
[32] | 604| 40|FUNC |GLOB |0 |2 |_des_encrypt
[38] | 0| 0|NOTY |GLOB |0 |UNDEF |_des_encrypt1
[31] | 604| 40|FUNC |WEAK |0 |2 |des_encrypt
[25] | 444| 160|FUNC |LOCL |0 |2 |des_encrypt_nolock
Bingo!!!!!!!!!!!!!
Going back to NetBSD and OSX I find that they both have the numbered
versions in /usr/lib/libcrypto... Still no unnumbered version.
Well, if there's built-in kerb5 then I would use that over kerb4
anyway. Kerberos 4 is only suitable for simple installations with no
cross-realm authentication needed now.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu
From | Date | Subject | |
---|---|---|---|
Next Message | Guillaume de Renty | 2003-04-08 10:00:18 | New Windows Postgresql platform |
Previous Message | Peter Eisentraut | 2003-04-04 23:55:58 | Re: Kerberos IV Support Broken? |