diff options
Diffstat (limited to 'crypto/kerberosIV/PROBLEMS')
-rw-r--r-- | crypto/kerberosIV/PROBLEMS | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS new file mode 100644 index 0000000..b72c521 --- /dev/null +++ b/crypto/kerberosIV/PROBLEMS @@ -0,0 +1,147 @@ + +Problems compiling Kerberos +=========================== + +Many compilers require a switch to become ANSI compliant. Since krb4 is +written in ANSI C it is necessary to specify the name of the compiler +to be used and the required switch to make it ANSI compliant. This is +most easily done when running configure using the `env' command. For +instance to build under HP-UX using the native compiler do: + + datan$ env CC="cc -Ae" ./configure + +In general `gcc' works. The following combinations have also been +verified to successfully compile the distribution: + +`HP-UX' + `cc -Ae' + +`Digital UNIX' + `cc -std1' + +`AIX' + `xlc' + +`Solaris 2.x' + `cc' (unbundled one) + +`IRIX' + `cc' + +Linux problems +-------------- + +The libc functions gethostby*() under RedHat4.2 can sometimes cause +core dumps. If you experience these problems make sure that the file +`/etc/nsswitch.conf' contains a hosts entry no more complex than the +line + +hosts: files dns + +Some systems have lost `/usr/include/ndbm.h' which is necessary to +build krb4 correctly. There is a `ndbm.h.Linux' right next to the +source distribution. + +There has been reports of non-working `libdb' on some Linux +distributions. If that happens, use the `--without-berkeley-db' when +configuring. + +SunOS 5 (aka Solaris 2) problems +-------------------------------- + +When building shared libraries and using some combinations of GNU gcc/ld +you better set the environment variable RUN_PATH to /usr/athena/lib +(your target libdir). If you don't, then you will have to set +LD_LIBRARY_PATH during runtime and the PAM module will not work. + +HP-UX problems +-------------- + +The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems. +To make problems even worse, there is never an archive version for +static linking either. Therefore, when building "truly portable" +binaries first install GNU gdbm or Berkeley DB, and make sure that you +are linking against that library. + +Cray problems +------------- + +`rlogind' won't work on Crays until `forkpty()' has been ported, in the +mean time use `telnetd'. + +IRIX problems +------------- + +IRIX has three different ABI:s (Application Binary Interface), there's +an old 32 bit interface (known as O32, or just 32), a new 32 bit +interface (N32), and a 64 bit interface (64). O32 and N32 are both 32 +bits, but they have different calling conventions, and alignment +constraints, and similar. The N32 format is the default format from IRIX +6.4. + +You select ABI at compile time, and you can do this with the +`--with-mips-abi' configure option. The valid arguments are `o32', +`n32', and `64', N32 is the default. Libraries for the three different +ABI:s are normally installed installed in different directories (`lib', +`lib32', and `lib64'). If you want more than one set of libraries you +have to reconfigure and recompile for each ABI, but you should probably +install only N32 binaries. + +GCC had had some known problems with the different ABI:s. Old GCC could +only handle O32, newer GCC can handle N32, and 64, but not O32, but in +some versions of GCC the structure alignment was broken in N32. + +This confusion with different ABI:s can cause some trouble. For +instance, the `afskauthlib.so' library has to use the same ABI as +`xdm', and `login'. The easiest way to check what ABI to use is to run +`file' on `/usr/bin/X11/xdm'. + +Another problem that you might encounter if you run AFS is that Transarc +apparently doesn't support the 64-bit ABI, and because of this you can't +get tokens with a 64 bit application. If you really need to do this, +there is a kernel module that provides this functionality at +<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>. + +AIX problems +------------ + +`gcc' version 2.7.2.* has a bug which makes it miscompile +`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'), +if used with too much optimization. + +Some versions of the `xlc' preprocessor doesn't recognise the +(undocumented) `-qnolm' option. If this option is passed to the +preprocessor (like via the configuration file `/etc/ibmcxx.cfg', +configure will fail. + +The solution is to remove this option from the configuration file, +either globally, or for just the preprocessor: + + $ cp /etc/ibmcxx.cfg /tmp + $ed /tmp/ibmcxx.cfg + 8328 + /nolm + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm + s/,-qnolm//p + options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000 + w + 8321 + q + $ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure + +There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the +kernel to panic in some cases. There is a hack for this in `login', but +other programs could be affected also. This seems to be fixed in +version 5.55. + +C2 problems +----------- + +The programs that checks passwords works with `passwd', OTP, and +Kerberos paswords. This is problem if you use C2 security (or use some +other password database), that normally keeps passwords in some obscure +place. If you want to use Kerberos with C2 security you will have to +think about what kind of changes are necessary. See also the discussion +about Digital's SIA and C2 security, see *Note Digital SIA::. + + |