Skip site navigation (1) Skip section navigation (2)

Re: Kerberos IV Support Broken?

From: "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-ports(at)postgresql(dot)org
Subject: Re: Kerberos IV Support Broken?
Date: 2003-04-05 02:38:40
Message-ID: p05111700bab3ebf01e81@[] (view raw, whole thread or download thread mbox)
Lists: pgsql-ports
At 1:55 AM +0200 4/5/03, Peter Eisentraut wrote:
>Henry B. Hotz writes:
>>  Configure goes and looks for libkrb with some routine that is there.
>>  Then it checks for libdes with des_encrypt.  Now first of all there
>>  is no libdes on Sol7.  There's only the one that was put in when I
>>  added ssl.  Second there is no des_encrypt in openssl.  Third there
>>  is no des_encrypt in the Heimdal/KTH-KRB implementation either.
>>  So is that routine actually one that's used?  If so where did it come
>>  from, and whose implementation of what actually provided it?
>Last time I reworked that code I used the KTH version to check it, so your
>report puzzles me a little.  Basically we just want to make sure that the
>Kerberos installation is sufficient before proceeding.  Feel free to
>suggest improvements.

/usr/lib/libdes.a on NetBSD 1.6Q has des_encrypt1, des_encrypt2, and 
des_encrypt3, but no unnumbered one.  I don't know for sure if that 
library is from ssl or from Heimdal/KTF-KRB, but I suspect the 
latter.  They have definitely done something to rationalize openssl 
with Heimdal so it may be a merger of some kind.

OSX has an _k5_des_encrypt routine in libdes425.dylib.

Can't find anything in Solaris 7, which is actually odd because I 
thought there was a cryptsoft libdes included with Solaris 2.6. 
Perhaps my memory is fading though.  That was a while ago.  Looking 
further on Sol7 I do find:
nm libcrypto.a | fgrep des_encr
[67]    |       448|      28|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt
[69]    |       480|      28|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt2
[70]    |       512|      32|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt3

in /usr/local/lib.  Interesting.  Now back to /usr/lib:
nm libcrypt.a | fgrep des_encr
[12]    |         0|       0|NOTY |GLOB |0    |UNDEF  |_des_encrypt
[6]     |         0|     472|FUNC |GLOB |0    |2      |_des_encrypt1
[1]     |         0|       0|FILE |LOCL |0    |ABS    |des_encrypt.c
[5]     |         0|     472|FUNC |WEAK |0    |2      |des_encrypt1
[32]    |       604|      40|FUNC |GLOB |0    |2      |_des_encrypt
[38]    |         0|       0|NOTY |GLOB |0    |UNDEF  |_des_encrypt1
[31]    |       604|      40|FUNC |WEAK |0    |2      |des_encrypt
[25]    |       444|     160|FUNC |LOCL |0    |2      |des_encrypt_nolock


Going back to NetBSD and OSX I find that they both have the numbered 
versions in /usr/lib/libcrypto...  Still no unnumbered version.

Well, if there's built-in kerb5 then I would use that over kerb4 
anyway.  Kerberos 4 is only suitable for simple installations with no 
cross-realm authentication needed now.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu

In response to

pgsql-ports by date

Next:From: Guillaume de RentyDate: 2003-04-08 10:00:18
Subject: New Windows Postgresql platform
Previous:From: Peter EisentrautDate: 2003-04-04 23:55:58
Subject: Re: Kerberos IV Support Broken?

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group