agq@itd1.dsto.oz (Ashley Quick) (09/06/90)
Something which may be of interest to those who wish to use
PC NFS with an Apollo running the Authentication Server (PCNFSD).
The SUN PC NFS authentication server is distributed on floppy with
every copy of PC NFS. This is supposed to run on BSD 4.2 systems,
and the Apollo is no exception, if you can get hold of the sun
RPC files.
Our system people were able to obtain these files, and compiled the
PC NFS authentication server. It compiles without problems.
When I came to use the server, it would NOT authenticate my password.
Problem 1.
---------
Not authenticating the password happens if you canverted from SR9 to
SR10 and did not change your password afterwards. The reason is that the
registry saves the passwords with a different encryption under SR10, but
has an SR 9 compatability mode. When the resistry dishes up the /etc/passwd
file, the encrypted password in it is wrong.
Solution: Change you password under SR10. You can even change it to
the same password (to fix the encrypted /etc/passwd) and all will work.
Next problem: I could not change my password. The chpass and passwd
commands would either sit for hours or return wierd error messages.
The only cure was to kill the PCNFSD process, and reboot the master
registry machine!
Problem 2
---------
It seems that the type manager for the /etc/passwd file locks up
the registry if the /etc/passwd file is not closed when you finish
with it. This means that opening /etc/passwd causes the registry to dish
up the UNIX-ish file, but the registry cannot then do anything. (Though
sometimes it can - it just goes unreliable).
The PCNFSD source code supplied makes a call to a routine "getpwnam",
and the manual page states that this routine returns the entry from the
password file, OPENING THE FILE IF NECESSARY. It does not claim to close
the file afterwards. There is a routine, "endpwent" which closes the
file.
To fix the PFNFSD, insert a line in routine "authproc", (rougly line 490)
after the call to "getpwnam(...)", which looks like:
endpwent();
This will close the passwd file after every authentication attempt.
After making the change to this file, and recompiliing, I can now
authenticate on the PC, and change my password on the apollo, and all
is well.
This all raises a few intersting points:
1. PCNFSD is not supported by Apollo, so there is no point complaining
to them, and fair enough.
2. There does seem to be a problem with the registry getting locked up
if /etc/passwd is not closed.
3. Why doesnt PCNFSD cause problems on SUN machines? Surely it must
be impossible for the admin to add/change users if the password
file is locked? I KNOW you can do wierd and wonderful things under
UNIX like deleting a file somebody has open for reading, (which
seems silly to me but I suppose there are good reasons), but
it is hard to believe that even if the file could be modified,
the PCNFSD could keep running having opened the file and not
closed it, then have the file deleted!!!!!
4. Therefore, this should really be classed as a bug in PCNFSD,
as supplied by SUN. Making the simple change above WOULD HAVE
NO EFFECT ON THE USE OF THE PROGRAM ON ANY OTHER MAKERS MACHINES.
Anyhow, those of you who wish to use PC NFS to an Apollo may care
to implement this "fix", just to ensure you dont have future
problems. (Ours was unreliable but sometimes usable!).
BTW: PC NFS can break programs on the PC (running off into happy land,
never to be seen again.) Also, its performance is not very good - but
is highly host dependant. My benchmarking shows there is not much
difference between a DN3000 (SR10) and a SUN 3/280 in performance.
(There may be a bit in price, though!!!!)
From what I can see, the Apollo NFS implementation is pretty good!
(It is also interesting if you export the network root, then type
something like this on your PC:
NET USE E: \\APOLLO-NET\\NODE-NAME\USERS\MY-NAME
[note the two lots of reverse slashes! It works!!!!!!])
Ashleigh Quick
Defence Science and Technology Organisation
PO BOX 1600
Salisbury 5108
Australia.
AGQ@dstos3.dsto.oz.au
[I wish I could do some work instead of fixing computers - this is
just a sideline!]