HardenedBSD/crypto/kerberosIV/PROBLEMS
2000-01-09 08:31:47 +00:00

148 lines
5.1 KiB
Plaintext

Problems compiling Kerberos
===========================
Many compilers require a switch to become ANSI compliant. Since krb4 is
written in ANSI C it is necessary to specify the name of the compiler
to be used and the required switch to make it ANSI compliant. This is
most easily done when running configure using the `env' command. For
instance to build under HP-UX using the native compiler do:
datan$ env CC="cc -Ae" ./configure
In general `gcc' works. The following combinations have also been
verified to successfully compile the distribution:
`HP-UX'
`cc -Ae'
`Digital UNIX'
`cc -std1'
`AIX'
`xlc'
`Solaris 2.x'
`cc' (unbundled one)
`IRIX'
`cc'
Linux problems
--------------
The libc functions gethostby*() under RedHat4.2 can sometimes cause
core dumps. If you experience these problems make sure that the file
`/etc/nsswitch.conf' contains a hosts entry no more complex than the
line
hosts: files dns
Some systems have lost `/usr/include/ndbm.h' which is necessary to
build krb4 correctly. There is a `ndbm.h.Linux' right next to the
source distribution.
There has been reports of non-working `libdb' on some Linux
distributions. If that happens, use the `--without-berkeley-db' when
configuring.
SunOS 5 (aka Solaris 2) problems
--------------------------------
When building shared libraries and using some combinations of GNU gcc/ld
you better set the environment variable RUN_PATH to /usr/athena/lib
(your target libdir). If you don't, then you will have to set
LD_LIBRARY_PATH during runtime and the PAM module will not work.
HP-UX problems
--------------
The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
To make problems even worse, there is never an archive version for
static linking either. Therefore, when building "truly portable"
binaries first install GNU gdbm or Berkeley DB, and make sure that you
are linking against that library.
Cray problems
-------------
`rlogind' won't work on Crays until `forkpty()' has been ported, in the
mean time use `telnetd'.
IRIX problems
-------------
IRIX has three different ABI:s (Application Binary Interface), there's
an old 32 bit interface (known as O32, or just 32), a new 32 bit
interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
bits, but they have different calling conventions, and alignment
constraints, and similar. The N32 format is the default format from IRIX
6.4.
You select ABI at compile time, and you can do this with the
`--with-mips-abi' configure option. The valid arguments are `o32',
`n32', and `64', N32 is the default. Libraries for the three different
ABI:s are normally installed installed in different directories (`lib',
`lib32', and `lib64'). If you want more than one set of libraries you
have to reconfigure and recompile for each ABI, but you should probably
install only N32 binaries.
GCC had had some known problems with the different ABI:s. Old GCC could
only handle O32, newer GCC can handle N32, and 64, but not O32, but in
some versions of GCC the structure alignment was broken in N32.
This confusion with different ABI:s can cause some trouble. For
instance, the `afskauthlib.so' library has to use the same ABI as
`xdm', and `login'. The easiest way to check what ABI to use is to run
`file' on `/usr/bin/X11/xdm'.
Another problem that you might encounter if you run AFS is that Transarc
apparently doesn't support the 64-bit ABI, and because of this you can't
get tokens with a 64 bit application. If you really need to do this,
there is a kernel module that provides this functionality at
<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>.
AIX problems
------------
`gcc' version 2.7.2.* has a bug which makes it miscompile
`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
if used with too much optimization.
Some versions of the `xlc' preprocessor doesn't recognise the
(undocumented) `-qnolm' option. If this option is passed to the
preprocessor (like via the configuration file `/etc/ibmcxx.cfg',
configure will fail.
The solution is to remove this option from the configuration file,
either globally, or for just the preprocessor:
$ cp /etc/ibmcxx.cfg /tmp
$ed /tmp/ibmcxx.cfg
8328
/nolm
options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
s/,-qnolm//p
options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
w
8321
q
$ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
kernel to panic in some cases. There is a hack for this in `login', but
other programs could be affected also. This seems to be fixed in
version 5.55.
C2 problems
-----------
The programs that checks passwords works with `passwd', OTP, and
Kerberos paswords. This is problem if you use C2 security (or use some
other password database), that normally keeps passwords in some obscure
place. If you want to use Kerberos with C2 security you will have to
think about what kind of changes are necessary. See also the discussion
about Digital's SIA and C2 security, see *Note Digital SIA::.