Kerberos 1.4.1 - Protocols

This is a discussion on Kerberos 1.4.1 - Protocols ; I recently upgraded to Kerberos 1.4.1 from 1.3.6 on Gentoo and found that C-Kermit 8.0.211 make xermit with flags "-DCK_AUTHENTICATION -DCK_KERBEROS -DCK_ENCRYPTION -DCK_DES -DKRB5" wouldn't compile anymore. The linker would die with with "In function `ck_auth_init':: undefined reference to `krb5_init_ets'," ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Kerberos 1.4.1

  1. Kerberos 1.4.1

    I recently upgraded to Kerberos 1.4.1 from 1.3.6 on Gentoo and found that
    C-Kermit 8.0.211 make xermit with flags "-DCK_AUTHENTICATION -DCK_KERBEROS
    -DCK_ENCRYPTION -DCK_DES -DKRB5" wouldn't compile anymore. The linker would
    die with with "In function `ck_auth_init':: undefined reference to
    `krb5_init_ets'," I googled that function and found that it was deprecated
    a while back, wasn't considered part of the public Kerberos API, and was
    removed in Kerberos 1.4. It apparently broke several Kerberos applications.

    While looking in the ckuath.c file, I noticed the MIT_CURRENT define, then
    grepped all the source for a description of that define, and in ckuath.h
    found:

    /* Define MIT_CURRENT to compile the code for use with versions of */
    /* Kerberos later than KRB5 1.0.5. Note. This will not compile */
    /* successfully in Kermit 95 due to the segmentation of crypto */
    /* into a separate DLL.

    I added -DMIT_CURRENT to my make flags and recompiled. This time, I got a
    bunch of DES function related compile errors (emailed to Kermit support) in
    ck_crp.c. I removed "-DCK_ENCRYPTION -DCK_DES" from my make flags and
    recompiled. This worked fine.

    The end result is that I have telnet authenication with Kerberos but no
    telnet-based encryption, which is ok because I can encrypt the telnet
    session over TLS anyway.

    I'm not a Kerberos programming guru, or I'd try to help with the code. I
    hope my experimenting and bug reporting saves someone some time down the
    line.

    Tim

  2. Re: Kerberos 1.4.1

    I've confirmed that Kerberos 1.4.1 (and perhaps 1.4 as well) has removed
    krb5_init_ets from the libkrb5 library. You can still get full Kerberos
    functionality by commenting out the krb5_init_ets call in ckuath.c since
    the krb5_init_ets function had been a no-op anyway. You needn't use any of
    the -D make flags that I posted earlier. Thanks to Jeffrey Altman for the
    tip.

    Tim

+ Reply to Thread