Windows Patch for Kerberos 5
About the Windows Patch for Kerberos 5
The Windows patch is a patch for the NT-ALPHA-2 snapshot of Kerberos 5
from MIT. The highlights of the changes it provides are working commandline
ftp, rsh and rcp under windows. The current version of the patch is v0.2.0.
Although NCSA has been using these patches in production, use them at your
own risk.
Changes implemented by the patch
From v0.1.0 to v0.2.0
- Bug fix in rsh/rcp that prevented two rcps or rshs from being run
simultaneously.
- Bug fixes in ascii mode in ftp and rcp clients.
- ftp client now accepts the backslash character
- Enabled shell escapes in ftp client
- Fixed bug in ftp that would cause it to crash doing mputs
- Fixed bug in rcp that wouldn't allow it to recursively copy
directories.
- Added '--background' options to rsh. This is intended for
users using Exceed. Also some signal handling enhancements (from
Randy Sharpe)
- The credentials manager now has a "No IP Address" option to
get tickets without IP addresses encoded in them. This is for folks
behind address translation firewalls.
- Fixed bug in ftp client where mget would fail if /tmp didn't exit.
- Fixed bug in credentials manager. If an error occurred when
changing a password the error string from the server was not getting
displayed.
Changes made by v0.1.0 patch
Note that this was originally a untitled patch released in the
summer of '98.
- rsh, rcp and ftp clients build and function
- krb524 library builds (from Craig Huckabee)
- Credential Manager modified so that it can run a secondary program
when credentials are acquired. The intend is to run the aklog program
(from Ken Hornstein's AFS-KRB5 Migration kit) to acquire AFS credentials.
- Added the following functions to lib/krb5_32.def so that they could
be exported: krb5_address_compare, krb5_address_search,
krb5_net_read, krb5_net_write, krb5_read_message, krb5_set_config_files,
krb5_write_message.
- Modified lib/crypto/os/c_localaddr.c so that it would return all
the local addresses. Note that there is evidence that this does
not work well.
- Added appdefault stuff from Ken Hornstein's AFS-KRB5 Migration kit.
- Modified lib/krb5/os/sn2princ.c to remove the trailing '.' on
hostnames under NT 5.0
- kinit accepts a '-P' option to take the password directly from stdin
without prompting.
- Fix for tailing '.' in hostnames under NT5.0
Getting the patch
The patch is available from
ftp://ftp.ncsa.uiuc.edu/aces/kerberos/windows/
Patch files are signed with my public key (vwelch@ncsa.uiuc.edu) which
you can find at
BAL's PGP Public Key Server
and my
Home Page
Kerberos 5 itself is available from
MIT.
This patch is designed to work with the
NT Alpha 2 Snapshot.
Applying the patch
To apply this patch, under Unix, go to the top of the Kerberos 5 source tree
(you should see a acconfig.h file) and apply the patch using the patch command -
i.e. patch < krb5_windows_patch
Building the code
Here are the steps I use to build the code.
First, under UNIX:
- cd to the top of the source tree
- make -f Makefile.in kerbsrc-nt.zip
- Transfer kerbsrc-nt.zip to the PC
Then on the PC:
- Create a directory to hold the tree - mkdir \k5
- cd \k5
- unzip kerbsrc-nt.zip
- nmake
The resulting files are:
- appl/bsd/rcp.exe
- appl/bsd/rsh.exe
- appl/gssftp/ftp/ftp.exe
- krb524/libkrb524.dll
- krb524/libkrb524.lib
- lib/libkrb5.dll
- lib/libkrb5.lib
- lib/gssapi.dll
- lib/gssapi.lib
- windows/cns/cns.exe
- windows/wintel/telnet
To run any files you need to create a krb5.ini in your windows directory.
This file will probably look just like a krb5.conf file under Unix.
See the MIT Kerberos 5 documentation for information on how to go about
creating this file.
Sending feedback
Feedback about the patch may be sent to
kerberos@ncsa.uiuc.edu.
Note that feedback about Kerberos code should go to MIT.
Back to NCSA Kerberos Information
Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu
