From f5e4086a74c01bf09e8b7c2cb63854ec7d4f24f1 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 4 Feb 2003 22:07:38 +0000 Subject: [PATCH] disable krb4 by default By default, we disable krb4 in the KDC. This means that -4 none is the default mode. Krb4 is reenabled for the dejagnu tests. ticket: new Tags: enhancement git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/ChangeLog | 4 ++++ doc/krb425.texinfo | 2 ++ src/kdc/ChangeLog | 7 +++++++ src/kdc/kerberos_v4.c | 2 +- src/kdc/krb5kdc.M | 2 +- src/tests/dejagnu/config/ChangeLog | 4 ++++ src/tests/dejagnu/config/default.exp | 2 +- 7 files changed, 20 insertions(+), 3 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 0d56cef75..709c55980 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2003-02-04 Sam Hartman + + * krb425.texinfo (Upgrading KDCs): Note that -4 needs to be specified + 2003-01-30 Sam Hartman * definitions.texinfo: Remove bogus sample IPs and domains. diff --git a/doc/krb425.texinfo b/doc/krb425.texinfo index 8f97c60d6..c239b2f54 100644 --- a/doc/krb425.texinfo +++ b/doc/krb425.texinfo @@ -206,6 +206,8 @@ in the @value{PRODUCT} Installation Guide. When you get to the section that tells you to start the @code{krb5kdc} and @code{kadmind} daemons, first find and kill the Kerberos V4 @code{kerberos} daemon on each of the KDCs. Then start the @code{krb5kdc} and @code{kadmind} daemons as +You will need to specify an argument to the @code{-4} command line option to enable Kerberos 4 compatibility. +See the @code{krb5kdc} man page for details. directed. Finally, start the Kerberos V5 to V4 ticket translator daemon, @code{krb524d}, by issuing the command: diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 22be4d31b..97545454b 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,10 @@ +2003-02-04 Sam Hartman + + * krb5kdc.M: Document default v4 mode of none + + * kerberos_v4.c (KDC_V4_DEFAULT_MODE): Default to no v4 support + instead of nopreauth + 2003-01-21 Sam Hartman * kdc_preauth.c (check_padata): Permit returning KRB5KRB_AP_ERR_SKEW diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index fa43989a5..a87a1d5e5 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -160,7 +160,7 @@ static int set_tgtkey (char *, krb5_kvno); #define KDC_V4_FULL 2 /* Preauth required go through */ #define KDC_V4_NOPREAUTH 3 /* Preauth required disallowed */ -#define KDC_V4_DEFAULT_MODE KDC_V4_NOPREAUTH +#define KDC_V4_DEFAULT_MODE KDC_V4_NONE /* Flag on how to handle v4 */ static int kdc_v4; diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M index bc775e5c5..d6f69b645 100644 --- a/src/kdc/krb5kdc.M +++ b/src/kdc/krb5kdc.M @@ -110,7 +110,7 @@ These instruct the KDC to not respond to V4 packets, to respond with a version skew error, to issue tickets for all database entries, and to issue tickets for all but preauthentication required database entries respectively. The default behaviour is as if -.I nopreauth +.I none was specified. .PP The diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog index ee881c6b3..bc0dd8f0c 100644 --- a/src/tests/dejagnu/config/ChangeLog +++ b/src/tests/dejagnu/config/ChangeLog @@ -1,3 +1,7 @@ +2003-02-04 Sam Hartman + + * default.exp (start_kerberos_daemons): Enable krb4 + 2003-01-23 Ken Raeburn * default.exp (start_kerberos_daemons): Record more information diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index aecf23e8b..714d19922 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -1361,7 +1361,7 @@ proc start_kerberos_daemons { standalone } { envstack_push setup_kerberos_env kdc - spawn $KRB5KDC -r $REALMNAME -n + spawn $KRB5KDC -r $REALMNAME -n -4 enable envstack_pop set kdc_pid [exp_pid] set kdc_spawn_id $spawn_id -- 2.26.2