Xref: utzoo comp.protocols.kerberos:455 comp.unix.ultrix:4799 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!samsung!munnari.oz.au!brolga!bunyip.cc.uq.oz.au!lance!surf!eay From: eay@surf.sics.bu.oz (Eric the Young) Newsgroups: comp.protocols.kerberos,comp.unix.ultrix Subject: So much for kerberos in Ultrix 4.0 (outside the USA) Keywords: kerberos des Message-ID: <1322@surf.sics.bu.oz> Date: 5 Oct 90 00:54:04 GMT Reply-To: eay@surf.sics.bu.oz (Eric the Young) Organization: SICS, Bond University, Australia. Lines: 51 With eager anticipation I installed Ultrix 4.0 with the expectation that a complete version of kerberos would be included, boy was I wrong. (For those that don't know, DEC claimed that kerberos with full encryption (in binary form only) was being sent will all versions with ultrix 4, including sites outside of the USA) What do I find, NO DES ENCRYPTION ROUTINES IN THE DES LIBRARY !!! a simple ar t of /usr/lib/libdes.a __________ELEL_ key_sched.o debug_decl.o quad_cksum.o random_key.o read_password.o string_to_key.o weak_key.o key_parity.o new_rnd_key.o util.o (and a strings - -9 of the library reveals no des_*_encrypt routines). To top it off the des_*_encrypt sections of the man page has been commented out of /usr/man/man/des_encrypt.3krb. The only interesting things is that there are files with names like pcbc_inline.c and des_inline.c compiled into files like /usr/etc/kerberos. So, des is in the kerberos application binaries, but since there is no des in the libraries and there are no user level kerberos application i.e. kerberised rlogin and rcp, this (IMHO) is a total waste of time and appears to be a bit of missinformation of DECs behalf. I will concede that Ultrix is only calmed to have binary versions of des encryption in the export version, but I take this to mean no source code, not no object files. Have other non US sites found this with their ultrix 4.0 installations or am I making a fool of my self :-). I feels a bit cheated :-( (I should also not that the kerberos library looks as thought it has been fiddled with as well :-( Non of the above is a reflection of the opinion or of the policies of Bond University, it is just the grumbling of an annoyed system programmer (me). -- Eric Young | "It is always best to start running System Programmer, SICS Bond Uni.| away early, before the rush. That way ACSnet: eay@surf.sics.bu.oz.au | there are fewer bodies to trip over."