Hi all,
I wrote:
Excerpts from mail.osf-managers: 29-Feb-96 clock patch bad? =>
alpha-osf-managers_at_or (820)
> I have been trying to install the clock patch discussed elsewhere in
> this list, but am having some problems. The 3.2c and 3.2d versions give
> a type of 'data' with the file command, whereas the original clock.o
> gives a type of COFF executable/module, as does the new version for 3.2.
> As a result, the kernel build fails, as it doesn't recognise the new
> clock.o as a valid module.
> Are they corrupted? I have tried downloading from two different sites,
> but the contents are the same.
> All this isn't helped by the fact that we are running DCE, which *hates*
> having it's clocks played with.
The 'data' type of parts of the patch was explained by Paul Rockwell
(rockwell_at_rch.dec.com), among others:
Excerpts from mail: 29-Feb-96 Re: clock patch bad? Paul
Rockwell_at_rch.dec.co (1194*)
> If you are not running on a 3.2c or 3.2d system, issuing a 'file clock.o'
> against
> the 3.2c/d versions will give you a type of 'data'.
> It's because in 3.2c and beyond we introduced a 'compressed object' type which
> earlier releases don't understand.
The reason I didn't spot this was that there was some confusion as to
which version of D-UNIX we are actually running. What thought we are
running, and what we are actually running, turned out to be completly
different. I am fixing that as I type.
The more interesting problem is the DCE one. Basically, there is a bug
in DCE that means the authentication fails with a clock skew error after
Feb 29. Thanks to Simon Tardell (tardell_at_particle.kth.se) for tracking
this one. Digital do now have a patch for this, but I am not sure on any
release restrictions. Here is the info. from Digital:
Subject: Clock skew problem
For DIGITAL UNIX ONLY:
We think we have a fix.
Stop all DCE daemons that may be running, copy the new libdce.so into
/opt/dce/usr/shlib, and restart DCE.
-------------------------------------------------------------------------------
Note fix in -.1 is for V1.3.* of DCE for Digital UNIX.
It is not appropriate for customers running with the
privacy-enhancement kit. We're building a libdce.so
for that too. Let me know if you have a customers
who need it.
-------------------------------------------------------------------------------
PROBLEM: DCE_LOGINs and authenticated RPCs fail with "clock skew" errors
after 29-Feb-1996.
It was discovered that the above DCE versions do not run properly on and
after February 29, 1996 (Leap Day) and complain about clock skews in
security. Our analysis reveals that there is a bug in the ASN1
translation code of the OSF R1.0.3 code release that incorrectly
translates the given binary time to its ASCII string representation
for leap years on and after February 29 of that year. This is used
in the DCE security protocol.
-------------------------------------------
Thanks to:
Paul Rockwell (rockwell_at_rch.dec.com)
Simon Tardell (tardell_at_particle.kth.se)
and others for offering their help, including sending me their copy of
the clock patch, including:
Olle Eriksson (olle_at_cb.uu.se)
Alan Oborne (scoaco_at_thor.cf.ac.uk)
Martyn Johnson (Martyn.Johnson_at_cl.cam.ac.uk)
Dr. Tom Blinn (tpb_at_zk3.dec.com)
William D. Blasingame (waldorf!daleb_at_uunet.uu.net)
Craig Makin (Craig_Makin.DOLA_at_notes.dola.wa.gov.au)
and
Ron Arvidson (arvidson_at_zk3.dec.com) - I'll keep hold of your phone number :-)
Tony
Tony Gale |+MIME, all MIME+| Stop whinging and start Wine'ing
gale_at_minotaur.dra.hmg.gb |
http://daedalus.dra.hmg.gb/gale/wine/wine.html
| All opinions expressed are my own |
Received on Fri Mar 01 1996 - 13:33:06 NZDT