Patch Name: PHSS_23710 Patch Description: s700_800 11.00 KRB-Support libsis.sl patch Creation Date: 01/05/24 Post Date: 01/06/01 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: KRB-Support.KRB-SUPP-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_23710 Symptoms: PHSS_23710: 1.JAGad34553 : During kerberized telnet the following message is displayed: [ Kerberos V5 refuses authentication because telnetd: Make reply failed: Key size is incompatible with encryption type ] ERROR! Kerberos authentication failed. To bypass Kerberos authentication, use the -P option. 2.JAGad61969 : Forwarding tickets over multiple domains does not work. Eg. kerberized rlogin & telnet fails if we use -F option [ Forward ] rlogin -F kcmd: Error getting forwarded creds Defect Description: PHSS_23710: 1.JAGad34553 : The (krb5_keyblock * ) parameter is not used by telnetd while, invoking krb5_mk_rep. The problem occurs because, telnetd makes the krb5_mk_rep call in the following format : krb5_error_code krb5_mk_rep(krb5_context, krb5_auth_context, krb5_data *) Whereas krb5_mk_rep is implemented as: krb5_error_code krb5_mk_rep(krb5_context, krb5_auth_context, krb5_keyblock *, krb5_data *) 2.JAGad61969 :the implementation of krb5_fwd_tgt_creds uses client's realm rather than the server's realm for constructing the tgs principal. Resolution: 1.JAGad34553 : The implementation of krb5_mk_rep API is being changed from krb5_error_code krb5_mk_rep(krb5_context, krb5_auth_context, krb5_keyblock *, krb5_data *) to krb5_error_code krb5_mk_rep(krb5_context, krb5_auth_context, krb5_data *) in libsis.sl. 2.JAGad61969 : the implementation of krb5_fwd_tgt_creds now uses client's realm rather than the server's realm for constructing the tgs principal. SR: 8606165259 8606192757 Patch Files: KRB-Support.KRB-SUPP-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: /usr/lib/libsis.sl what(1) Output: KRB-Support.KRB-SUPP-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: /usr/lib/libsis.sl: Kerberos Support for HP-UX and DCE(1.7) PATCH: PHSS_ 23710 Module: libsis.sl Date: Apr 18 2001 22:18:35 cksum(1) Output: KRB-Support.KRB-SUPP-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64, v=HP: 3936071248 942080 /usr/lib/libsis.sl Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 940 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_23710 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_23710.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_23710. If you do not wish to retain a copy of the original software, use the patch_save_files option: swinstall -x autoreboot=true -x patch_match_target=true \ -x patch_save_files=false -s /tmp/PHSS_23710.depot WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_23710.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_23710.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_23710.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: During installation of the patch the following message can be ignored NOTE: tlinstall is searching filesystem- please be patient NOTE: The following are messages for core transition links WARNING: Can't create core transition links since files/directories exist: /usr/bin/kdestroy -> /opt/dce/bin/kdestroy /usr/bin/kinit -> /opt/dce/bin/kinit /usr/bin/klist -> /opt/dce/bin/klist NOTE: Complete with message(s) displayed above WARNING: The command "/usr/lbin/sw/install_clean" had warnings. The installation will continue.Check the above output for details about the warnings.