mac osx arla ticket forwarding problem
Harald Barth
haba at pdc.kth.se
Thu Nov 9 11:56:10 CET 2006
> Skillnad på -f och -F:
arla-drinkers is an english speaking mailing list. However,
this is probably a question for the also english speaking
heimdal-discuss mailing list.
The problem here is that telnet/telnetd in heimdal 0.7.2 has a bug
which in certain combinations prevents ticket forwarding to work
correctly between machines with different endianess. Sometimes this
can be worked around by using addressless tickets, sometimes not. I
don't have a list of combinations that work and which won't, the
matrix would include at least 2 versions, 4 combinations of endianess,
2 for tickets with and without addresses... you see where this is
leading. This bug was fixed on the server (telnetd) you connect to. It
is probably not fixed on the client you use, because the dmg which
contains the fix has not been released "publicly" (or what you want to
call it) yet. Tol was very nice and fixed an arla dmg with the
bugfixed heimdal binaries for me, but the right way would be to
release an heimdal dmg with the bugfixed programs needed (for arla,
you only need kinit and afslog, so telnet is just a bonus).
file:///afs/stacken.kth.se/ftp/pub/random/tol/arla-0.43-haba.dmg
ftp://ftp.stacken.kth.se/pub/random/tol/arla-0.43-haba.dmg
Testing of the above version has been 'limited' (or how you best want
to call it).
I'm still hoping for heimdal 0.7.3 or 0.8 to appear. It would be very
nice to have a heimdal dmg but I doubt we will see that from the
heimdal authors as their time is limited and I overheard that it
is not high on the priority list, partly because OSX ships with
ssh/sshd including key excahnge and ticket forwarding. A rollout
of sshd on the server side at PDC would have been faster if
it would not be for lacking key exchande support, see:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187211
http://bugzilla.mindrot.org/show_bug.cgi?id=1242
which means that we have to craft our own ssh RPMs. That takes time.
Apple and Sun ship it with the OS.
Back to telnet...
You can use the following trick to see if you have a new enough telnet:
$ gdb /usr/arla/bin/telnet
(...blabla...)
(gdb) break main
Breakpoint 1 at 0x7670: file ../../../../heimdal-20060921/appl/telnet/telnet/main.c, line 167.
(gdb) run
Starting program: /usr/arla/bin/telnet
Reading symbols for shared libraries .++++++ done
Breakpoint 1, main (argc=<incomplete type>, argv=0xbffffb14) at ../../../../heimdal-20060921/appl/telnet/telnet/main.c:167
167 ../../../../heimdal-20060921/appl/telnet/telnet/main.c: No such file or directory.
in ../../../../heimdal-20060921/appl/telnet/telnet/main.c
And here you can see the snapshot date heimdal-20060921 which is "good enough".
Harald.
More information about the Arla-drinkers
mailing list