From owner-freebsd-ports@FreeBSD.ORG Thu Dec 2 21:52:29 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C38416A4CE for ; Thu, 2 Dec 2004 21:52:29 +0000 (GMT) Received: from komquats.com (S0106002078125c0c.gv.shawcable.net [24.108.146.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD2B43D54 for ; Thu, 2 Dec 2004 21:52:28 +0000 (GMT) (envelope-from Cy.Schubert@komquats.com) Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by komquats.com (Postfix) with ESMTP id D0ABC4C5ED for ; Thu, 2 Dec 2004 13:52:27 -0800 (PST) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.13.1/8.13.1) with ESMTP id iB2LqRGJ033111 for ; Thu, 2 Dec 2004 13:52:27 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Resent-Message-Id: <200412022152.iB2LqRGJ033111@cwsys.cwsent.com> Message-Id: <200412022152.iB2LqRGJ033111@cwsys.cwsent.com> Prev-Resent: Thu, 02 Dec 2004 13:52:04 -0800 Prev-Resent: freebsd-current@freebsd.org X-Mailer: exmh version 2.7.0 06/18/2004 with nmh-1.0.4 From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Tillman Hodgson In-Reply-To: Message from Tillman Hodgson <20041123220009.GJ88293@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 02 Dec 2004 13:51:30 -0800 Sender: Cy.Schubert@komquats.com Resent-To: freebsd-ports@freebsd.org Resent-Date: Thu, 02 Dec 2004 13:52:27 -0800 Resent-From: Cy Schubert cc: freebsd-current@freebsd.org Subject: Re: krb5 port: -current behaves differently than 4.X w.r.t rsh X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Cy Schubert List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 21:52:29 -0000 Under 5.3 & 6.0 bind in kcmd returns EPERM. In my case there is no firewall involved as the hosts are all on the same network. I believe that this is some sort of kernel issue when a wildcard IP:port is passed to bind(2). Cheers, Cy Schubert Web: http://www.komquats.com and http://www.bcbodybuilder.com FreeBSD UNIX: Web: http://www.FreeBSD.org BC Government: "Lift long enough and I believe arrogance is replaced by humility and fear by courage and selfishness by generosity and rudeness by compassion and caring." -- Dave Draper In message <20041123220009.GJ88293@seekingfire.com>, Tillman Hodgson writes: > Howdy folks, > > [I'm not sure that ports@ is the right place for this, but thought I'd > start here and see what happens.] > > I run a couple of Kerberos realms. I recently installed some new 5.3R > machines and then immediately upgraded them to -current. Cursory testing > (I know, I know) seemed to show that the MIT Kerberos port > (security/krb5) was working correctly. Over time, I've found a > difference between it and my older 4.X systems. > > While kinit, kdestroy, klist, kerberos telnet and ftp, and other basic > tools work correctly, the kerberos rsh client (not the server, it's > fine) doesn't seem to work. > > Here's a a 4-stable box connecting via rsh to anotehr 4-stable box as > well as to a -current box: > > [root@athena ~]# rsh -x coyote uname -a > This rsh session is encrypting input/output data transmissions. > FreeBSD coyote.seekingfire.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Thu Nov 18 > 13:10:32 CST 2004 > toor@athena.seekingfire.prv:/usr/obj/usr/src/sys/COYOTE i386 > > [root@athena ~]# rsh -x backforty uname -a > This rsh session is encrypting input/output data transmissions. > FreeBSD backforty.seekingfire.prv 6.0-CURRENT FreeBSD 6.0-CURRENT #2: Fri Nov > 19 08:03:52 CST 2004 > tillman@backforty.seekingfire.prv:/usr/obj/usr/src/sys/BACKFORTY i386 > > When I try to connect from the -current box ('backforty' from the > example above) outwards to either type of box I get a failure: > > $ rsh -x coyote uptime > socket: protocol error or closed connection in circuit setup > > $ rsh -x caliban uptime > socket: protocol error or closed connection in circuit setup > > (caliban is another -current box). > > The auth.log on the server-side system shows: > > Nov 23 15:55:10 athena kshd[4565]: connect second port: Connection refused > > Note that all otehr client Kerberos apps work: I can telnet -x, ftp -x, > rlogin, etc to my hearts connect. Only rsh displays this behaviour. > > I've confirmed that I'm running the right rsh binary: > > $ which rsh > /usr/local/krb5/bin/rsh > > And I've confirmed that they're both running up-to-date ports trees and > the most current version fo security/krb5. > > I've googled for the auth.log message. It seems that the connection > "back" for stderr is being denied. By what, I don't know ... the host > backforty isn't runnign any sort of firewall: > > root@backforty# ipfw list > ipfw: getsockopt(IP_FW_GET): Protocol not available > root@backforty# ipfstat -hin > open: No such file or directory > root@backforty# pfctl -s rules > pfctl: /dev/pf: No such file or directory > > Any ideas? > > -T > > > -- > >I've gone through over-stressed to physical exhaustion... what's next? > Tuesday > - A.S.R. quote (Simon Burr & Kyle Hearn) > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >