Re: Kerberos IV Support Broken?

At 1:55 AM +0200 4/5/03, Peter Eisentraut wrote:
>Henry B. Hotz writes:
>
>> Configure goes and looks for libkrb with some routine that is there.
>> Then it checks for libdes with des_encrypt. Now first of all there
>> is no libdes on Sol7. There's only the one that was put in when I
>> added ssl. Second there is no des_encrypt in openssl. Third there
>> is no des_encrypt in the Heimdal/KTH-KRB implementation either.
>>
>> So is that routine actually one that's used? If so where did it come
>> from, and whose implementation of what actually provided it?
>
>Last time I reworked that code I used the KTH version to check it, so your
>report puzzles me a little. Basically we just want to make sure that the
>Kerberos installation is sufficient before proceeding. Feel free to
>suggest improvements.

/usr/lib/libdes.a on NetBSD 1.6Q has des_encrypt1, des_encrypt2, and
des_encrypt3, but no unnumbered one. I don't know for sure if that
library is from ssl or from Heimdal/KTF-KRB, but I suspect the
latter. They have definitely done something to rationalize openssl
with Heimdal so it may be a merger of some kind.

OSX has an _k5_des_encrypt routine in libdes425.dylib.

Can't find anything in Solaris 7, which is actually odd because I
thought there was a cryptsoft libdes included with Solaris 2.6.
Perhaps my memory is fading though. That was a while ago. Looking
further on Sol7 I do find:
nm libcrypto.a | fgrep des_encr
[67] | 448| 28|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt
[69] | 480| 28|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt2
[70] | 512| 32|FUNC |GLOB |0 |2 |_ossl_old_des_encrypt3

in /usr/local/lib. Interesting. Now back to /usr/lib:
nm libcrypt.a | fgrep des_encr
[12] | 0| 0|NOTY |GLOB |0 |UNDEF |_des_encrypt
libcrypt.a[des_encrypt.o]:
[6] | 0| 472|FUNC |GLOB |0 |2 |_des_encrypt1
[1] | 0| 0|FILE |LOCL |0 |ABS |des_encrypt.c
[5] | 0| 472|FUNC |WEAK |0 |2 |des_encrypt1
[32] | 604| 40|FUNC |GLOB |0 |2 |_des_encrypt
[38] | 0| 0|NOTY |GLOB |0 |UNDEF |_des_encrypt1
[31] | 604| 40|FUNC |WEAK |0 |2 |des_encrypt
[25] | 444| 160|FUNC |LOCL |0 |2 |des_encrypt_nolock

Bingo!!!!!!!!!!!!!

Going back to NetBSD and OSX I find that they both have the numbered
versions in /usr/lib/libcrypto... Still no unnumbered version.

Well, if there's built-in kerb5 then I would use that over kerb4
anyway. Kerberos 4 is only suitable for simple installations with no
cross-realm authentication needed now.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu