Date: Sun, 26 Nov 1995 15:30:06 -0500 From: Sam Hartman < hartmans@MIT.EDU> To: krbdev@MIT.EDU As we approach the release of beta-6, it becomes apparent that I will not have time to make a few bug fixes and improvements before the end of classes. I was talking to Chris and he suggested checking these into TODO (or, at least, the bug fixes); I will do that, but I thought I would send a note here as well. In particular, I am aware of two bugs with libpty and one but with rlogind that I will not be able to fix until Christmas or so: * Utmp and wtmp handling is fairly broken on SunOS and Ultrix. The libpty code assumes that ttyslot() does something reasonable when it is cleaning out a utmp/wtmp entry on logout. This is incorrect; ttyslot() depends on being able to find the tty on stdin or stdout, and neither file descriptor is open at that point; the proper solution is probably to search through /etc/utmp for the line we have. I cannot remember the result of the first call to ttyslot() because the initial utmp stuff is often done in the child process, but the parent always does the cleanup. It is just a matter of redesigning interfaces to pty_update_utmp and implementing the fix; the problem is well-understood. * On Solaris and possibly other systems, utmpx and wtmpx are being updated incorrectly. Solaris expects the username to be in logout records in utmpx and particularly wtmpx. (This, BTW, is bogus design, because telnetd and rlogind often don't know the user name; you have to look it up in the utmpx login record first.) The main symptom of this problem is last username doesn't notice the logout records for username, although last |grep username works fine. Again, the problem is fairly well-understood; it's just implementing the fix. * There is an interesting interaction between rlogin and rlogind, which shows up on Solaris and SunOS. If you hit ctrl-C, the connection is wedged if the ctrl-C is interpreted by the remote end as an interrupt character. (This at first was confused as a bug Barry fixed a while back where ctrl-C interrupted rlogind as well as the child process. I'm fairly certain that bug has been squashed, after looking at a similar patch recently resubmitted, and talking o people about the problem; I fixed it this summer, possibly exposing the wedging problem.) The rlogind wedges problem requires more investigation; it is not understood at this time. I also have been planning to make the following changes to * I need to rearrange the location of the compat_recvauth functions, etc, to remove any dependency on libkrb4 by libkrb5 so shared libraries can be simplified and will start working on AIX again. * Telnetd and rlogind do not properly deal with machines with multiple A records for the same domain, or setups like the MIT dialups. I think ops would appreciate this getting fixed before krb5 becomes widely deployed. (This was the problem warlord submitted recently). Basically, the current code does a forward resolve on the hostname, gets an IP, connects to that address, does another forward resolve on the hostname to cannonicalize it for a service principal, then tries to get tickets. If you have a round-robbin name server, the second forward resolve gets you tickets for the wrong host. The easiest solution to this problem is to add an additional API for sendauth that takes a network address and reverse resolves it instead of taking a host name. (We have not actually committed to fixing this bug yet, but I think we should do so. Besides being essential for the MIT dialups, this is also required if we want to support multiple A records for a single machine--something that is certainly allowed by the RFCs.) It would be nice if someone could do this before beta-6 as it involves an API addition. * There is no way to tell krlogin to accept v4 and v5 authentication without rhosts authentication. You can tell it to take v5 only, but not both v and v5. I reported this a while back, and Ted decided on how he wanted the option processing for the krlogind command line to work, but I haven't had time to implement. I'm not sure this is as big of a problem as the libpty bugs, but it will require a change in the command line interface to krlogind, so we might want to let people know it will eventually happen when we release beta-6. Besides bugs, I had received tentative approval to make the following functionality changes. I would like to request a waver from the functionality freeze at beta-6 for the first change if no one else has time to implement it before beta-6. The second change is something I would still like to do, but there is no reason it can't wait until krb5 1.1 or whatever--I will either check it in on a separate branch or just send a patch to krb5-bugs for checkin after the 1.0 release. * In order to make krshd secure, it should use the checksum slot in the authenticator to checksum its command line. This can be done without breaking compatability with old clients and servers; see my previous message on this topic. * Over the summer I talked to Ted about adding an option to krshd, krlogind and ktelnetd to accept any host/* key in the v5srvtab. At that time, I argued it would that it would be required for the dialups. This actually isn't quite true; in the dialup configuration it could defeat replay caching, and if the bug fix with reverse resolution is implemented both for Windows, Mac and Unix clients (see above), this is unnecessary for the dialups. However, the other argument for the option was for multi-realmed servers--servers that have keys directly in multiple realms or having multiple hostnames in the same realm. (This is the main reason I would like to see this option; I expect to need it in a project I'm working on external to MIT, and since I'll have to write the code anyway, I would like to check it in eventually)