openssh-1.2pre15 on AIX

Tor-Ake Fransson torake at hotmail.com
Tue Nov 30 21:53:05 EST 1999


Damien,

As you probably realize, i solved those problems in order to be able to 
create a new DCE patch. I kept those changes out of the DCE patch though.

An explanation on what needs to be done to log on to DCE was included in my 
response to 'Food for thought regarding PAM'.

Some background to why you need special actions for DCE:

On systems where you use DCE and DFS, you replace the whole authentication 
system with DCE. The authentication is kerberos 5 based, with some extra 
whohah. Local users are just local users, and have no credentials 
what-so-ever to access DFS (distributed filesystem)

For establishing a working login you need a thing called network 
credentials. Those are established by fetching a TGT (ticket granting 
ticket) from a security server, who holds all account information, and 
validates your password. Holding the TGT you can aquire a credential ticket, 
giving you network credentials (access to the local machine, and access to 
DFS)

All the network traffic is encrypted, and the whole thing is hidden in the 
dce runtime libraries. All you have to do in an application is call some DCE 
runtime routines and take care of the login context this gives you. The 
login context is invisibly attached to your process, until you either purge 
it or do a setuid().

For more information, see e.g the online DCE documentation at
http://www.tks.buffalo.edu/dce/Trandocs/online-doc/dce/

Feel free to forward this to the mailinglist if you think there are people 
that might find interest in this.

Regards,
Tor-Åke

>From: Damien Miller <djm at mindrot.org>
>To: Tor-Ake Fransson <torake at hotmail.com>
>CC: openssh-unix-dev at mindrot.org
>Subject: Re: openssh-1.2pre15 on AIX
>Date: Tue, 30 Nov 1999 10:12:12 +1100 (EST)
>
>On Mon, 29 Nov 1999, Tor-Ake Fransson wrote:
>
> > Hi.
> >
> > Pre15 compiles out-of-the-box on AIX 4.3.2 ...almost.
> >
> > No patch included this time, but the following were the gotchas:
> >
> > - The __P() prototyping doesn't work (as discussed earlier)
> > - bsd-daemon.o wasn't linked into libssh.a (though configure seemed to
> > detect the need for it)
>
>These are both fixed in the next release. For now, add:
>
>#ifndef __P
># define __P(x) x
>#endif
>
>to the end of config.h.in and add 'bsd-daemon.o' to the 'libssh.a:' line
>of Makefile.in and re-run configure.
>
> > DCE patch will follow shortly.
>
>Can you explain this to a DCE-illiterate (me!)?
>
>Thanks,
>Damien
>
>--
>| "Bombay is 250ms from New York in the new world order" - Alan Cox
>| Damien Miller - http://www.mindrot.org/
>| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
>
>
>
>

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com





More information about the openssh-unix-dev mailing list