Re: Incomplete documentation

[Martin MOKREJŠ <mmokrejs@natur.cuni.cz>]

On Thu, 18 Sep 2003, Love wrote:

>
> Martin MOKREJ? <mmokrejs@natur.cuni.cz> writes:
>
> > On Wed, 17 Sep 2003, Martin MOKREJ? wrote:
> >
> > I seems everyone is either busy or doesn't know anwers to my questions ...
> > and I have continuation already ... :)
>
> mmmm, upgrading ssh.

Well, the openssh people don't know much about krb4/5, so I have to ask
here ... :)

>
> >> So, how am I supposed to configure heimdal whe want to use AFS? With or
> >> without --with-krb4. How about the --enable-kaserver option. As I do not
> >> need to convert from krb4 to krb5 type databse, I can omit
> >> --enable-kaserver-db, right?
> >
> > I gave it a last shot: tried compiling heimdal against krb4(with it's own libdes)
> > and asking heimdal to add support for krb4 and openssl(0.9.7b):
>
> heimdal think it must use the same crypto lib as the krb4 stuff if compiled
> with kerberos 4 support, it will refuse to use anything else.

OK, then when krb4 was compiled without -lcrypto and heimdal's configure is
also asked to configur ewithout -lcrypto, this check in configure doesn't
make sense and maybe it's clear then why "-lcrypto" is missing on the link
line. But why does it test for AES when it's present only in -lcrypto ...?


> > configure: error: the crypto library used by krb4 lacks features
> > required by Kerberos 5; to continue, you need to install a newer
> > Kerberos 4 or configure --without-krb4
>
> yes, current heimdal requires openssl>=0.9.7, and there is not released
> kth-krb4 that can handle that.

Oh, finally I hear it.

But why heimdal cannot get compiled without -lcrypto when -lcrypto was also
not used for krb4 build ... I don't understand.

That means I have to use openssl-0.9.6 right and build krb4 and heimdal
against it?

> > configure:10538: cc  -o conftest -DHAVE_OLD_HASH_NAMES -I/usr/athena/include -O2 -arch ev56 -I/software/@sys/usr/include -I/usr/local/in
> > clude -I/usr/local/openssl/include  conftest.c -L/usr/athena/lib -ldes -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/li
> > b -L/usr/lib >&5
> > cc: Severe: configure, line 10488: Cannot find file <aes.h> specified in #include directive. (noinclfilef)
> >                 #include <aes.h>
> > -----------------^
> >
> > Sure it cannot find it, it should look for openssl/aes.h !
>
> It first check for <openssl/aes.h> and then <aes.h>.

Oh, maybe I missed that successfull build in config.log few lines above, I
should read better, sorry for noise.


> > I tried comfiguring heimdal --without-openssl , as krb4 was also compiled without
> > openssl support:
> [..]
> > configure: error: the crypto library used by krb4 lacks features
> > required by Kerberos 5; to continue, you need to install a newer
> > Kerberos 4 or configure --without-krb4
>
> krb4 libdes is old and doesn't contain any DES_ nor AES_ functions.

That's what I believe in in -lcrypto 0.9.7 in that new DES API in 0.9.7 as
opposed to 0.9.6.

> > I'm waiting for official patch and configure command-line. ;)
>
> There are some issues with telnet, openssh 0.9.7b and DES_ I've not been
> able to find yet. I don't even know how to reproduce it.

Please let me now if I could be somehow of help.


-- 
Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585