openssh-1.2pre15 on AIX
Tor-Ake Fransson
torake at hotmail.com
Tue Nov 30 21:53:05 EST 1999
Damien,
As you probably realize, i solved those problems in order to be able to
create a new DCE patch. I kept those changes out of the DCE patch though.
An explanation on what needs to be done to log on to DCE was included in my
response to 'Food for thought regarding PAM'.
Some background to why you need special actions for DCE:
On systems where you use DCE and DFS, you replace the whole authentication
system with DCE. The authentication is kerberos 5 based, with some extra
whohah. Local users are just local users, and have no credentials
what-so-ever to access DFS (distributed filesystem)
For establishing a working login you need a thing called network
credentials. Those are established by fetching a TGT (ticket granting
ticket) from a security server, who holds all account information, and
validates your password. Holding the TGT you can aquire a credential ticket,
giving you network credentials (access to the local machine, and access to
DFS)
All the network traffic is encrypted, and the whole thing is hidden in the
dce runtime libraries. All you have to do in an application is call some DCE
runtime routines and take care of the login context this gives you. The
login context is invisibly attached to your process, until you either purge
it or do a setuid().
For more information, see e.g the online DCE documentation at
http://www.tks.buffalo.edu/dce/Trandocs/online-doc/dce/
Feel free to forward this to the mailinglist if you think there are people
that might find interest in this.
Regards,
Tor-Åke
>From: Damien Miller <djm at mindrot.org>
>To: Tor-Ake Fransson <torake at hotmail.com>
>CC: openssh-unix-dev at mindrot.org
>Subject: Re: openssh-1.2pre15 on AIX
>Date: Tue, 30 Nov 1999 10:12:12 +1100 (EST)
>
>On Mon, 29 Nov 1999, Tor-Ake Fransson wrote:
>
> > Hi.
> >
> > Pre15 compiles out-of-the-box on AIX 4.3.2 ...almost.
> >
> > No patch included this time, but the following were the gotchas:
> >
> > - The __P() prototyping doesn't work (as discussed earlier)
> > - bsd-daemon.o wasn't linked into libssh.a (though configure seemed to
> > detect the need for it)
>
>These are both fixed in the next release. For now, add:
>
>#ifndef __P
># define __P(x) x
>#endif
>
>to the end of config.h.in and add 'bsd-daemon.o' to the 'libssh.a:' line
>of Makefile.in and re-run configure.
>
> > DCE patch will follow shortly.
>
>Can you explain this to a DCE-illiterate (me!)?
>
>Thanks,
>Damien
>
>--
>| "Bombay is 250ms from New York in the new world order" - Alan Cox
>| Damien Miller - http://www.mindrot.org/
>| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
>
>
>
>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
More information about the openssh-unix-dev
mailing list