Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
request, it cores due to using the unitialized global req_name_ptr
pointer. -Wall does not reveal this.
Repeat by having an old valid ticket and start kerberos. rsh to
a non-realm system.
Also intialize lifetime to DEFAULT_TKT_LIFE and kerno to KSUCCESS since
they can be refernced before being initialized.
Submitted by: John Capo <jc@irbs.com>
U.S. the ability to build a secure telnet. Mark is already working on
emultating these function in the export tree, but it will be a while yet.
Kill MISSING since the missing functions are here now.
compile
1) remove rubbish no longer needed
2) correct existing Makefiles
3) add new makefiles where needed
4) correct code, header files and man pages where necessary
PLEASE NOTE - after this you will need to make install in eBones/include,
and mamake obj depend all install in eBones/lib before doing a
make obj depend all install in eBones/. (I am going 6to fix src/Makefile
next)
PS - I hate slow international links - apologies for all the typos
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
- Get all functions prototyped or at least defined before use.
- Make code compile (Mostly) clean with -Wall set
- Start to reduce the degree to which DES aka libdes is built in.
- get all functions to the same uniform standard of definition:
int
foo(a, b)
int a;
int *b;
{
:
}
- fix numerous bugs exposed by above processes.
Note - this replaces the previous work which used an unpopular function
definition style.
the fixes for multi-homed kerberos servers. We're still debating on how
we want to fix the client side.
Reviewed by: Garrett Wollman <wollman>, Mark Murray <markm>
Obtained from: Dieter Dworkin Muller <dworkin@village.org> (small changes by me)
These are the start of a lot of work to clean up the FreeBSD eBones code.
these changes include, but are not limited to:
- Create prototypes for all the library routines
- Make all the libraries compile clean with -Wall set
- Fix numerous small bugs shown up in the above process
- Prepare the code for libdes's removal to secure/
- add register, registerd and make_keypair to the make
Lots more will follow in days to come.
OK'ed by: rgrimes
the slave server).
NOTE: This code should not be built, there is no documentation, and this
method of database transfer is highly suboptimal. It's here just
for those of us who actually have multiple K4 servers and want
something more secure than the other distribution mechanisms.
Obtained from: MIT Project Athena
kerberos databases to slave servers.
NOTE: This method was abandoned by MIT long ago, this code is close to
garbage, but it is slightly more secure than using rdist.
There is no documentation available on how to use it, and
it should -not- be built by default.
Obtained from: MIT Project Athena
Sync with Mark M's latest suggestions.
Submitted by: markm
[This is being pulled from RELENG_2_0_5, it was commited there after the
release, and we need it here and in RELENG_2_1_0, it will be cvs admin -o'ed
off the RELENG_2_0_5 branch after this commit.]
not specified (default case).
Use _PATH_* for utmp/wtmp.
Support for >32 PTYs.
>Submitted by: Heikki Suonsivu <hsu@cs.hut.fi>
Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.
>Reviewed by: karl, guido
>Submitted by: mrgreen@mame.mu.oz.au
Obtained from: FreeBSD insecure telnetd
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.
Submitted by: Charles Henrich
Obtained from: FreeBSD insecure telnetd
cleanup routine, we don't look at bogus data to determine wheter or not
to free the fields of the hostdata struct. This cures the "klogin segfaults
when no kerberos servers are availible" problem.
