envbvs@epb2.lbl.gov (Brian V. Smith) (01/07/90)
The Imakefile for xdm is (IMHO) missing a preprocessor flag for the case where the machine does NOT have DES encryption. Here is a patch: *** xdm/Imakefile.orig Wed Dec 13 12:26:21 1989 --- xdm/Imakefile Sat Jan 6 19:29:31 1990 *************** *** 10,20 #if HasDESLibrary DESDEFS = -DHASDES DESOBJS = xdmauth.o DESSRCS = xdmauth.c #else ! DESDEFS = DESOBJS = DESSRCS = #endif XDMCONFIGDIR = XdmConfigurationSubdirectory --- 10,20 ----- #if HasDESLibrary DESDEFS = -DHASDES DESOBJS = xdmauth.o DESSRCS = xdmauth.c #else ! DESDEFS = -DDONT_USE_DES DESOBJS = DESSRCS = #endif XDMCONFIGDIR = XdmConfigurationSubdirectory -- _____________________________________ Brian V. Smith (bvsmith@lbl.gov) Lawrence Berkeley Laboratory I don't speak for LBL, these non-opinions are all mine.
keith@EXPO.LCS.MIT.EDU (Keith Packard) (01/07/90)
> The Imakefile for xdm is (IMHO) missing a preprocessor flag for the case > where the machine does NOT have DES encryption. > Here is a patch: > *** xdm/Imakefile.orig Wed Dec 13 12:26:21 1989 > --- xdm/Imakefile Sat Jan 6 19:29:31 1990 > *************** > *** 10,20 > #if HasDESLibrary > DESDEFS = -DHASDES > DESOBJS = xdmauth.o > DESSRCS = xdmauth.c > #else > ! DESDEFS = > DESOBJS = > DESSRCS = > #endif > > XDMCONFIGDIR = XdmConfigurationSubdirectory > > --- 10,20 ----- > #if HasDESLibrary > DESDEFS = -DHASDES > DESOBJS = xdmauth.o > DESSRCS = xdmauth.c > #else > ! DESDEFS = -DDONT_USE_DES > DESOBJS = > DESSRCS = > #endif > > XDMCONFIGDIR = XdmConfigurationSubdirectory > This patch is not correct. HASDES is defined for machines which have implemented a client library which does DES in the way expected for XDM-AUTHENTICATION-1 and XDM-AUTHORIZATION-1 authentication/authorization schemes. As no machines have such a library (the sample implementation written here at MIT is not distributable outside of the US), HasDESLibrary should always be false. On the other hand, DONT_USE_DES is defined for machines which have neither setkey/encrypt nor crypt in libc. These functions are used to generate cryptographically secure random numbers and do not depend on whether DES is used in those functions, just that the perturb the bits around when called. Machines which are exported from the US typically do not have any DES routines at all (even for password checking) and so this option allows those machines to use a less secure mechanism for generating the keys (less secure is rather misleading in this context; without HASDES the only authorization scheme supported is MIT-MAGIC-COOKIE-1 which passes these carefully crafted cryptographically secure random numbers in the clear over the network). If the commerce departement ever allows us to distribute DES implementations (or even code which uses some other DES implementation), HASDES will become useful, and session authorization will be more secure. Keith Packard MIT X Consortium