Problems with upgrading to Solaris 7 & AFS 3.5 Patch 5 on database servers...
Russ Allbery
rra@stanford.edu
20 Mar 2001 03:08:10 -0800
James Prater <jprater@alw.nih.gov> writes:
> We tried the AFS 3.5 patch 6 binaries after I sent out the request for
> info/help... the new code still has not resolved the problem. With patch
> 6, as with patch 5: login still fails; although klog works. This new
> release code is worse than Transarc's pre-IBM updates IMHO. If we
> utilise the kaserver from the AFS 3.5 patch 3 binaries (since we somehow
> missed downloading the patch 4 code and it is now unavailable?) all
> seems well, although I am concerned that the kerberos v4 buffer overflow
> code fix is not included.
As I understand it, the buffer overflow fix is what broke it. The first
analysis that I read indicated that it rendered the kaserver incapable of
handing out service tickets; at the very least, it does severe damage to
its ability to serve as a functioning K4 kdc.
> Has anyone successfully integrated kerberos v5 into an AFS cell with
> recent kerberos v5 release (it seems that the migration kit does not
> support the the latest versions), or does anyone have any pointers for
> this? This might be a better solution as one is not dependent on IBM?
Better, maybe, but it's a major undertaking if you've already got a large
K4 realm. We've been trying to line up all the ducks for that switch for
the past four years or so (admittedly a good chunk of that time was wasted
on DCE, which I'll be happy if I never see again).
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>