summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV/PROBLEMS
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/PROBLEMS')
-rw-r--r--crypto/kerberosIV/PROBLEMS147
1 files changed, 147 insertions, 0 deletions
diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS
new file mode 100644
index 0000000..b72c521
--- /dev/null
+++ b/crypto/kerberosIV/PROBLEMS
@@ -0,0 +1,147 @@
+
+Problems compiling Kerberos
+===========================
+
+Many compilers require a switch to become ANSI compliant. Since krb4 is
+written in ANSI C it is necessary to specify the name of the compiler
+to be used and the required switch to make it ANSI compliant. This is
+most easily done when running configure using the `env' command. For
+instance to build under HP-UX using the native compiler do:
+
+ datan$ env CC="cc -Ae" ./configure
+
+In general `gcc' works. The following combinations have also been
+verified to successfully compile the distribution:
+
+`HP-UX'
+ `cc -Ae'
+
+`Digital UNIX'
+ `cc -std1'
+
+`AIX'
+ `xlc'
+
+`Solaris 2.x'
+ `cc' (unbundled one)
+
+`IRIX'
+ `cc'
+
+Linux problems
+--------------
+
+The libc functions gethostby*() under RedHat4.2 can sometimes cause
+core dumps. If you experience these problems make sure that the file
+`/etc/nsswitch.conf' contains a hosts entry no more complex than the
+line
+
+hosts: files dns
+
+Some systems have lost `/usr/include/ndbm.h' which is necessary to
+build krb4 correctly. There is a `ndbm.h.Linux' right next to the
+source distribution.
+
+There has been reports of non-working `libdb' on some Linux
+distributions. If that happens, use the `--without-berkeley-db' when
+configuring.
+
+SunOS 5 (aka Solaris 2) problems
+--------------------------------
+
+When building shared libraries and using some combinations of GNU gcc/ld
+you better set the environment variable RUN_PATH to /usr/athena/lib
+(your target libdir). If you don't, then you will have to set
+LD_LIBRARY_PATH during runtime and the PAM module will not work.
+
+HP-UX problems
+--------------
+
+The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
+To make problems even worse, there is never an archive version for
+static linking either. Therefore, when building "truly portable"
+binaries first install GNU gdbm or Berkeley DB, and make sure that you
+are linking against that library.
+
+Cray problems
+-------------
+
+`rlogind' won't work on Crays until `forkpty()' has been ported, in the
+mean time use `telnetd'.
+
+IRIX problems
+-------------
+
+IRIX has three different ABI:s (Application Binary Interface), there's
+an old 32 bit interface (known as O32, or just 32), a new 32 bit
+interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
+bits, but they have different calling conventions, and alignment
+constraints, and similar. The N32 format is the default format from IRIX
+6.4.
+
+You select ABI at compile time, and you can do this with the
+`--with-mips-abi' configure option. The valid arguments are `o32',
+`n32', and `64', N32 is the default. Libraries for the three different
+ABI:s are normally installed installed in different directories (`lib',
+`lib32', and `lib64'). If you want more than one set of libraries you
+have to reconfigure and recompile for each ABI, but you should probably
+install only N32 binaries.
+
+GCC had had some known problems with the different ABI:s. Old GCC could
+only handle O32, newer GCC can handle N32, and 64, but not O32, but in
+some versions of GCC the structure alignment was broken in N32.
+
+This confusion with different ABI:s can cause some trouble. For
+instance, the `afskauthlib.so' library has to use the same ABI as
+`xdm', and `login'. The easiest way to check what ABI to use is to run
+`file' on `/usr/bin/X11/xdm'.
+
+Another problem that you might encounter if you run AFS is that Transarc
+apparently doesn't support the 64-bit ABI, and because of this you can't
+get tokens with a 64 bit application. If you really need to do this,
+there is a kernel module that provides this functionality at
+<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>.
+
+AIX problems
+------------
+
+`gcc' version 2.7.2.* has a bug which makes it miscompile
+`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
+if used with too much optimization.
+
+Some versions of the `xlc' preprocessor doesn't recognise the
+(undocumented) `-qnolm' option. If this option is passed to the
+preprocessor (like via the configuration file `/etc/ibmcxx.cfg',
+configure will fail.
+
+The solution is to remove this option from the configuration file,
+either globally, or for just the preprocessor:
+
+ $ cp /etc/ibmcxx.cfg /tmp
+ $ed /tmp/ibmcxx.cfg
+ 8328
+ /nolm
+ options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
+ s/,-qnolm//p
+ options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
+ w
+ 8321
+ q
+ $ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
+
+There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
+kernel to panic in some cases. There is a hack for this in `login', but
+other programs could be affected also. This seems to be fixed in
+version 5.55.
+
+C2 problems
+-----------
+
+The programs that checks passwords works with `passwd', OTP, and
+Kerberos paswords. This is problem if you use C2 security (or use some
+other password database), that normally keeps passwords in some obscure
+place. If you want to use Kerberos with C2 security you will have to
+think about what kind of changes are necessary. See also the discussion
+about Digital's SIA and C2 security, see *Note Digital SIA::.
+
+
OpenPOWER on IntegriCloud