disable krb4 by default

By default, we disable krb4 in the KDC.  This means that -4 none is
the default mode.

Krb4 is reenabled for the dejagnu tests.

ticket: new
Tags: enhancement

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15149 dc483132-0cff-0310-8789-dd5450dbe970

7 files changed, 20 insertions, 3 deletions

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 0d56cef..709c559 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2003-02-04  Sam Hartman  <hartmans@mit.edu>
+
+	* krb425.texinfo (Upgrading KDCs): Note that -4 needs to be specified
+
 2003-01-30  Sam Hartman  <hartmans@mit.edu>
 
 	* definitions.texinfo: Remove bogus sample IPs and domains.
diff --git a/doc/krb425.texinfo b/doc/krb425.texinfo
index 8f97c60..c239b2f 100644
--- a/doc/krb425.texinfo
+++ b/doc/krb425.texinfo
@@ -206,6 +206,8 @@ in the @value{PRODUCT} Installation Guide.  When you get to the section
 that tells you to start the @code{krb5kdc} and @code{kadmind} daemons,
 first find and kill the Kerberos V4 @code{kerberos} daemon on each of
 the KDCs.  Then start the @code{krb5kdc} and @code{kadmind} daemons as
+You will need to specify an argument to the @code{-4} command line option to enable Kerberos 4 compatibility.
+See the @code{krb5kdc} man page for details.
 directed.  Finally, start the Kerberos V5 to V4 ticket translator
 daemon, @code{krb524d}, by issuing the command:
 
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 22be4d3..9754545 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,10 @@
+2003-02-04  Sam Hartman  <hartmans@mit.edu>
+
+	* krb5kdc.M: Document default v4 mode of none
+
+	* kerberos_v4.c (KDC_V4_DEFAULT_MODE):  Default to no v4 support
+	instead of nopreauth  
+
 2003-01-21  Sam Hartman  <hartmans@mit.edu>
 
 	* kdc_preauth.c (check_padata): Permit returning KRB5KRB_AP_ERR_SKEW
diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c
index fa43989..a87a1d5 100644
--- a/src/kdc/kerberos_v4.c
+++ b/src/kdc/kerberos_v4.c
@@ -160,7 +160,7 @@ static int set_tgtkey (char *, krb5_kvno);
 #define	KDC_V4_FULL		2	/* Preauth required go through */
 #define KDC_V4_NOPREAUTH	3	/* Preauth required disallowed */
 
-#define KDC_V4_DEFAULT_MODE KDC_V4_NOPREAUTH
+#define KDC_V4_DEFAULT_MODE KDC_V4_NONE
 /* Flag on how to handle v4 */
 static int		kdc_v4;
 
diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M
index bc775e5..d6f69b6 100644
--- a/src/kdc/krb5kdc.M
+++ b/src/kdc/krb5kdc.M
@@ -110,7 +110,7 @@ These instruct the KDC to not respond to V4 packets, to
 respond with a version skew error, to issue tickets for all database
 entries, and to issue tickets for all but preauthentication required
 database entries respectively. The default behaviour is as if 
-.I nopreauth
+.I none
 was specified.
 .PP
 The
diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog
index ee881c6..bc0dd8f 100644
--- a/src/tests/dejagnu/config/ChangeLog
+++ b/src/tests/dejagnu/config/ChangeLog
@@ -1,3 +1,7 @@
+2003-02-04  Sam Hartman  <hartmans@mit.edu>
+
+	* default.exp (start_kerberos_daemons): Enable  krb4 
+
 2003-01-23  Ken Raeburn  <raeburn@mit.edu>
 
 	* default.exp (start_kerberos_daemons): Record more information
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index aecf23e..714d199 100644
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -1361,7 +1361,7 @@ proc start_kerberos_daemons { standalone } {
 
     envstack_push
     setup_kerberos_env kdc
-    spawn $KRB5KDC -r $REALMNAME -n
+    spawn $KRB5KDC -r $REALMNAME -n -4 enable
     envstack_pop
     set kdc_pid [exp_pid]
     set kdc_spawn_id $spawn_id