Hi Harald,
We tried the AFS 3.5 patch 6 binaries after I sent out the request for
info/help... the new code still has not resolved the problem. With patch 6,
as with patch 5: login still fails; although klog works. This new release
code is worse than Transarc's pre-IBM updates IMHO. If we utilise the
kaserver from the AFS 3.5 patch 3 binaries (since we somehow missed
downloading the patch 4 code and it is now unavailable?) all seems well,
although I am concerned that the kerberos v4 buffer overflow code fix is not
included. Has anyone successfully integrated kerberos v5 into an AFS cell
with recent kerberos v5 release (it seems that the migration kit does not
support the the latest versions), or does anyone have any pointers for this?
This might be a better solution as one is not dependent on IBM?
Thanks,
Jim
---
Harald Barth wrote:
> > Although, I can klog and pts ex and kas ex after the upgrade, all of
> > the kerberos dependent code ('ssh', 'sudo', and 'ktelnet') no longer
> > function with kerberisation.
>
> I suppose you found the same bug I described earlier in this list.
>
> Transarc wrote:
>
> >RE: TR-60627: AFS: 3.5-3.51 does not authenticate krb_udp requests
> >correctly
> >
> >I am not certain if I have given you a status on this issue. I am
> >hoping that I just overlooked an email somewhere :D
> >
> >Our Development team has created a defect for this problem:
> >
> > madhuri-12541-afs3.5-buffer-overflow-problem, revision 1.1
> >
> >and it will be included in the upcoming 3.5, patch 6 release.
>
> You might want to grab at least the kaserver binary from that release.
>
> Harald.