Re: Kerberos IV Support Broken?

At 1:55 AM +0200 4/5/03, Peter Eisentraut wrote:
>Henry B. Hotz writes:
>
>>  Configure goes and looks for libkrb with some routine that is there.
>>  Then it checks for libdes with des_encrypt.  Now first of all there
>>  is no libdes on Sol7.  There's only the one that was put in when I
>>  added ssl.  Second there is no des_encrypt in openssl.  Third there
>>  is no des_encrypt in the Heimdal/KTH-KRB implementation either.
>>
>>  So is that routine actually one that's used?  If so where did it come
>>  from, and whose implementation of what actually provided it?
>
>Last time I reworked that code I used the KTH version to check it, so your
>report puzzles me a little.  Basically we just want to make sure that the
>Kerberos installation is sufficient before proceeding.  Feel free to
>suggest improvements.

/usr/lib/libdes.a on NetBSD 1.6Q has des_encrypt1, des_encrypt2, and
des_encrypt3, but no unnumbered one.  I don't know for sure if that
library is from ssl or from Heimdal/KTF-KRB, but I suspect the
latter.  They have definitely done something to rationalize openssl
with Heimdal so it may be a merger of some kind.

OSX has an _k5_des_encrypt routine in libdes425.dylib.

Can't find anything in Solaris 7, which is actually odd because I
thought there was a cryptsoft libdes included with Solaris 2.6.
Perhaps my memory is fading though.  That was a while ago.  Looking
further on Sol7 I do find:
nm libcrypto.a | fgrep des_encr
[67]    |       448|      28|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt
[69]    |       480|      28|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt2
[70]    |       512|      32|FUNC |GLOB |0    |2      |_ossl_old_des_encrypt3

in /usr/local/lib.  Interesting.  Now back to /usr/lib:
nm libcrypt.a | fgrep des_encr
[12]    |         0|       0|NOTY |GLOB |0    |UNDEF  |_des_encrypt
libcrypt.a[des_encrypt.o]:
[6]     |         0|     472|FUNC |GLOB |0    |2      |_des_encrypt1
[1]     |         0|       0|FILE |LOCL |0    |ABS    |des_encrypt.c
[5]     |         0|     472|FUNC |WEAK |0    |2      |des_encrypt1
[32]    |       604|      40|FUNC |GLOB |0    |2      |_des_encrypt
[38]    |         0|       0|NOTY |GLOB |0    |UNDEF  |_des_encrypt1
[31]    |       604|      40|FUNC |WEAK |0    |2      |des_encrypt
[25]    |       444|     160|FUNC |LOCL |0    |2      |des_encrypt_nolock

Bingo!!!!!!!!!!!!!

Going back to NetBSD and OSX I find that they both have the numbered
versions in /usr/lib/libcrypto...  Still no unnumbered version.

Well, if there's built-in kerb5 then I would use that over kerb4
anyway.  Kerberos 4 is only suitable for simple installations with no
cross-realm authentication needed now.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu