diff options
Diffstat (limited to 'crypto/kerberosIV/doc/problems.texi')
| -rw-r--r-- | crypto/kerberosIV/doc/problems.texi | 156 |
1 files changed, 0 insertions, 156 deletions
diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi deleted file mode 100644 index 9e3630e2d0bf..000000000000 --- a/crypto/kerberosIV/doc/problems.texi +++ /dev/null @@ -1,156 +0,0 @@ -@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top -@chapter Resolving frequent problems - -@menu -* Problems compiling Kerberos:: -* Common error messages:: -@end menu - -@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems -@section Problems compiling Kerberos - -Many compilers require a switch to become ANSI compliant. Since kth-krb -is written in ANSI C it is necessary to specify the name of the compiler -to be used and the required switch to make it ANSI compliant. This is -most easily done when running configure using the @kbd{env} command. For -instance to build under HP-UX using the native compiler do: - -@cartouche -@example -datan$ env CC="cc -Ae" ./configure -@end example -@end cartouche - -In general @kbd{gcc} works. The following combinations have also been -verified to successfully compile the distribution: - -@table @asis - -@item @samp{HP-UX} -@kbd{cc -Ae} -@item @samp{Digital UNIX} -@kbd{cc -std1} -@item @samp{AIX} -@kbd{xlc} -@item @samp{Solaris 2.x} -@kbd{cc} (unbundled one) -@item @samp{IRIX} -@kbd{cc} - -@end table - -@subheading Linux problems - -Some systems have lost @file{/usr/include/ndbm.h} which is necessary to -build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to -the source distribution. - -There has been reports of non-working @file{libdb} on some Linux -distributions. If that happens, use the @kbd{--without-berkeley-db} -when configuring. - -@subheading HP-UX problems - -The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all -systems. To make problems even worse, there is never an archive version -for static linking either. Therefore, when building ``truly portable'' -binaries first install GNU gdbm or Berkeley DB, and make sure that you -are linking against that library. - -@subheading Cray problems - -@kbd{rlogind} won't work on Crays until @code{forkpty()} has been -ported, in the mean time use @kbd{telnetd}. - -@subheading AIX problems - -@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile -@file{appl/telnet/telnetd/sys_term.c} (and possibily -@file{appl/bsd/forkpty.c}), if used with too much optimization. - -@subheading C2 problems - -@cindex C2 -The programs that checks passwords works with @file{passwd}, OTP, and -Kerberos paswords. This is problem if you use C2 security (or use some -other password database), that normally keeps passwords in some obscure -place. If you want to use Kerberos with C2 security you will have to -think about what kind of changes are necessary. See also the discussion -about Digital's SIA and C2 security, see @ref{Digital SIA}. - -@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems -@section Common error messages - -These are some of the more obscure error messages you might encounter: - -@table @asis - -@item @samp{Time is out of bounds} - -The time on your machine differs from the time on either the kerberos -server or the machine you are trying to login to. If it isn't obvious -that this is the case, remember that all times are compared in UTC. - -On unix systems you usually can find out what the local time is by doing -@code{telnet machine daytime}. This time (again, usually is the keyword) -is with correction for time-zone and daylight savings. - -If you have problem keeping your clocks synchronized, consider using a -time keeping system such as NTP (see also the discussion in -@ref{Install the client programs}). - -@item @samp{Ticket issue date too far in the future} - -The time on the kerberos server is more than five minutes ahead of the -time on the server. - -@item @samp{Can't decode authenticator} - -This means that there is a mismatch between the service key in the -kerberos server and the service key file on the specific machine. -Either: -@itemize @bullet -@item -the server couldn't find a service key matching the request -@item -the service key (or version number) does not match the key the packet -was encrypted with -@end itemize - -@item @samp{Incorrect network address} - -The address in the ticket does not match the address you sent the -request from. This happens on systems with more than one network -address, either physically or logically. You can list addresses which -should be considered equal in @file{/etc/krb.equiv} on your servers. - -A note to programmers: a server should not pass @samp{*} as the instance -to @samp{krb_rd_req}. It should try to figure out on which interface the -request was received, for instance by using @samp{k_getsockinst}. - -If you change addresses on your computer you invalidate any tickets you -might have. The easiest way to fix this is to get new tickets with the -new address. - -@item @samp{Message integrity error} - -The packet is broken in some way: -@itemize @bullet -@item -the lengths does not match the size of the packet, or -@item -the checksum does not match the contents of the packet -@end itemize - -@item @samp{Can't send request} -There is some problem contacting the kerberos server. Either the server -is down, or it is using the wrong port (compare the entries for -@samp{kerberos-iv} in @file{/etc/services}). The client might also have -failed to guess what kerberos server to talk to (check -@file{/etc/krb.conf} and @file{/etc/krb.realms}). - -@item @samp{Generic kerberos error} -This is a generic catch-all error message. - -@end table - |