Athena 8.2 Release (AC-08.2)

Overview

In July 1998, Information Systems released the latest version of the Athena system (Release 8.2) on Sun and SGI workstations. These changes are summarized in this document.

Summary of Changes

Among the most visible changes (effective with the Release) are the following:

• Operating Systems, System Software, and Peripherals:
  • Solaris and IRIX operating systems upgraded
  • New SGI O2 workstations deployed in some clusters
  • Further Kerberos 5 upgrades made
  • Power saving added
  • The hostname shell variable changed
  • Delete and Backspace key mappings no longer reversed.

• Basic Application Software:
  • ispell upgraded
  • Zephyr and Discuss minor upgrades

• For Developers:
  • Perl 5 now the default
  • The default Sun compilers upgraded
  • SGI compilers upgraded
  • The supported GCC release is FSF version 2.8.1

• For Private Workstation Owners:
  • Kermit added
  • A variety of changes to the login system
  • SSH (the secure shell) now supported on mkserv remote machines
  • Remote access features added
  • The default passwd command updated
  • Kerberos 5 and Private Workstations
  • Sendmail configuration changes

• Third-Party Software Upgrades:
  • Netscape: Version 4
  • Xess: Version 4
  • Maple: Version 5 Release 5
  • MATLAB: Version 5.2
  • FrameMaker: Version 5.5

Relevant details about user-visible changes are listed in later sections of this document. For the complete list of changes in the release (not only user-visible changes), see the System Release Notes.

How to Tell What Version of Athena You Are Running

If your workstation is running the Athena 8.2 Release, the text string "8.2" should appear within the output of the machtype -L command. For example:

  athena% machtype -L
  8.2.6

The numbers following "8.2" may be different on your system; this simply indicates a minor update within the 8.2 Release. As long as it says "8.2", you are running the new release.

Reporting Bugs

Please report any problems in the new release by using the sendbug command on Athena:

  athena% sendbug

Changes to Operating Systems and Other System Software

• Solaris and IRIX Operating Systems upgraded. On Sun Workstations, the operating system has been upgraded (from Solaris 2.5.1 to Solaris 2.6) and a variety of patches have been applied. On SGI Indy workstations, the operating system has been upgraded to IRIX 6.2 and the new SGI O2 workstations are running IRIX 6.3.

• New SGI O2 workstations deployed in some clusters. The O2 workstations use the same dotfiles and have the same interface as the SGI Indy workstation. However, O2 workstations are more powerful than the Indy and have superior graphical modeling capabilities.

• Further Kerberos 5 upgrades made. Some resulting changes are:

  • A Kerberos 5 principal with an instance is written with a slash instead of a period as in Kerberos 4. So username.extra becomes username/extra, username.root becomes username/root, and so forth.

  • There is no longer a program named ksrvtgt in the Athena release (although there is a native version shipped with Solaris). The command ksrvtgt rcmd `hostname` should typically be replaced with /usr/athena/bin/kinit -k -l 5m.

  • The rlogin, rsh, and rcp clients will attempt to make Kerberos 5 connections. If the Kerberos 5 connection fails, Kerberos 4 will be used instead.

  • The telnet client and server support both Kerberos 5 and Kerberos 4 authentication. You will not be prompted for a password if you telnet to an Athena workstation with forwarded or forwardable Kerberos 5 credentials. Be extra careful. Never leave yourself logged in to an unattended workstation without using a locking screensaver.

  • Some options to commonly-used Kerberos programs have changed. Some notable changes are:

    • In Kerberos 4, klist -t was often used in shell scripts to query whether a ticket file exists. In Kerberos 5, this has been replaced with klist -s.

    • In Kerberos 4, kdestroy -f runs without displaying a status message. This behavior is gone in Kerberos 5; you must redirect output and error to /dev/null.

    • In Kerberos 4, kinit -l and kinit -r prompt you for a lifetime (in minutes) and realm, respectively. In Kerberos 5, kinit -l takes a lifetime argument on the command line (such as 20h for twenty hours or 30m for thirty minutes). Also, in Kerberos 5, the kinit -r has a different meaning (renewable ticket life); to request tickets for a different realm use kinit user@realm.

  • The Kerberos 4 kdestroy command prints "Tickets destroyed." The Kerberos 5 kdestroy command is silent if successful.

• Solaris 2.6 introduces power saving. Under some circumstances, the monitor will enter a power saving mode and the screen will power down.

• The hostname shell variable changed. the shell vairiable hostname is now a fully qualified hostname. Instead of w20-575-1 the value of hostname is now w20-575-1.mit.edu.

• Delete and Backspace keymappings no longer reversed. We The backspace and delete keys are no longer mapped to be reversed the backspace on the Sun keyboard. This improves our compatibility with third-party software packages but may cause some temporary problems with older versions of third-party software.

Changes to Basic Application Software

• ispell upgraded. A new version of ispell, the program used to check the spelling of emacs buffers and text files, was installed. It has a larger library of words and more features. However, it may not remember words you put into your local dictionary as it stores the file in a new location.

• Zephyr has been updated to a newer code base. A new variable ZEPHYR_CLIENT is supported in the .environment file. It specifies an alternative zephyr client to zwgc in the startup process.

• Discuss has been upgraded.

  • The discuss recover program and dsgrep command should now work on any size discuss meetings.

  • The discuss client now truncates subject lines in a meeting listing to the width of the screen instead of to 80 columns.

  • dsmail -d now preserves Message-ID and MIME headers.

  • The discuss elisp code supports a new variable discuss-reply-by-mail-with-message-id to make Reply-To lines follow the more standard Message-ID format. It is disabled by default.

Changes of Note for Developers

In addition to the changes listed below and elsewhere in this document, program developers should be sure to see the Athena 8.2 System Release Notes for details of the many changes involved in the release. The items included here are only highlights:

• Perl 5 now the default, usr/athena/bin/perl is now Perl 5.004_04. Perl 5 is very close to backward-compatible with Perl 4, but some scripts may break. The most common problem is that instances of @ in a string literal must now be preceded by a backslash. Other problems may be more subtle. If all else fails, change the first line of the script from #!/usr/athena/bin/perl to #!/afs/athena.mit.edu/contrib/perl/perl.

• The default Sun compilers upgraded. The default compilation command (i.e. when you do something like f77 foo.f) now does static linking instead of dynamic linking against all libraries that need to be found in the compiler locker at runtime. This is a change from the vendor's default setup, which does dynamic linking for everything. The files /mit/sunsoft_v5.1/README.important_changes and /mit/sunsoft_v5.1/README.dynamic_linking contain more information on these changes.

• The Default SGI compilers upgraded from 7.1 to 7.2. The new compilers are license managed and require you to have tokens.

• The supported GCC release is FSF version 2.8.1; we are no longer using the Cygnus supported version of GCC.

Changes of Note for Private Workstation Owners

In addition to the changes listed below and elsewhere in this document, private workstation owners should be sure to see the Athena 8.2 System Release Notes for details of the many changes involved in the release. The items here include only highlights:

• Kermit 6.0 is now included in the Athena release.

• There have been a variety of changes to the login system.

  • The Athena login, telnetd, and ftpd programs have been updated to the Kerberos 5 versions.

  • A Kerberized rlogin connection will perform an Athena login. (As before, an rsh connection will not perform a login at all.)

  • If the file /etc/athena/access exists, it is used instead of /etc/noremote, /etc/nocreate and the passwd file to decide which users are authorized to log into a machine. The access file can also specify that a user's account is local and Athena-specific login activities for that account should be suppressed. See access(5) for the file format. The access file information overrides the rc.conf variables NOREMOTE and NOCREATE. However, /etc/noremote and nocreate will be honored if /etc/athena/access does not exist.

• SSH (the secure shell) is now supported on mkserv remote machines. The Secure Shell, both client and server, is now supported in the Athena release. The server is enabled automatically on mkserv remote machines, and it can be enabled manually by setting the SSHD variable in /etc/athena/rc.conf and running ssh-keygen -b 1024 -f /etc/ssh_host_key -N. In addition to true or false, the value of SSHD can be switched, in which case sshd will run only when the workstation is access_on. By default sshd is configured to accept only Kerberos 5 or password authentication, since RSA authentication cannot be used to conduct a login with credentials.

• Remote Access features added to mkserv remote. A configuration where users can run access_off to disable remote access is now supported through mkserv remote. The default is the same as before (access_off will have no effect). As part of this support, a new rc.conf variable ACCESSON sets the default access state of a workstation. The default value is false, corresponding to the previous workstation default of being access_off.

• New encryption option in mkserv remote.. mkserv remote will now ask: "Do you wish to require encrypted passwords on remote connections?" If you answer yes, the workstation will be configured to not allow users to log in with cleartext passwords. (The default is currently no, but use of this option is encouraged, given the prevalence of machines that have been cracked and had sniffers installed.) If your workstation is already mkserv remote, the easiest way to enable this is (once your machine has been update to Athena 8.2) log in as root and run 'mkserv remote' again. This will re-prompt you about various things and allow you to change the defaults (this is also a reasonable way to change the ACCESSON default). As always, you must reboot after running mkserv.

• Default passwd command updated. The default passwd command is now a program which selects between the Kerberos and local password-changing programs.

• Kerberos 5 upgrade issues:

  • Kerberized server processes will look for a Kerberos 5 keytab in /etc/krb5.keytab and, if that does not exist, will look for a Kerberos 4 srvtab in /etc/athena/srvtab. So system administrators are not required to do anything differently with regard to their srvtab files, although they are encouraged to use Kerberos 5 keytab files.

  • Kerberized login daemons will look for a .k5login with Kerberos 5 principals in it and if that does not exist, will look for a .klogin with Kerberos 4 principals. This behavior has actually been in place in the 8.1 release since January 1998 but was not well-advertised. A change in the Athena 8.2 release is that the ksu program will not work with a .klogin file; you must convert to a .k5login file (changing dots to slashes in the process). Apart from the problem with ksu, system administrators and account owners are not required to do anything differently with regard to .klogin files, but are encouraged to use .k5login files.

  • By default the Athena 8.2 version of telnetd will try to negotiate Kerberos 5 authentication. The current version of Host Explorer can only deal with Kerberos 4 logins. An updated version should be available in the near future (see http://web.mit.edu/is/pubs/ns-55/ for updates and information).

    If you need to allow remote access to your private Athena 8.2 workstation to users of the current Host Explorer you can disable Kerberos 5 athentication. You will need to edit the file /etc/athena/inetd.conf and change the line:

    telnet stream tcp nowait unswitched root /etc/athena/telnetd telnetd -a cred

    to:

    telnet stream tcp nowait unswitched root /etc/athena/telnetd telnetd -a cred -X KERBEROS_V5

    then reboot or restart /etc/athena/inetd. Note that the machine needs to already have been configured for remote access before you make the above changes.

• Sendmail configuration changes.

  • Addresses of the form username@machinename.mit.edu are no longer rewritten to username@mit.edu in the From: and envelope from addresses of messages. This rewriting, although a convenient safety net for MUAs which assumed that username@hostname was a correct way of writing an email address, was causing difficulty for mailing lists administered on Athena workstations. (Bounces would go to owner-listname@mit.edu instead of owner-listname@hostname.mit.edu because of the rewriting of the envelope from address.)

  • Mail for root is no longer thrown away in sendmail.cf. A new class, E, has been introduced to indicate people whose mail should be delivered locally, and root's mail is now thrown away in an alias entry which can be modified by the machine administrator.

  • Non-MIT hostnames are no longer canonicalized on the client before mail is sent to the MIT mailhubs. This change makes it less likely that transient DNS errors will cause mail to be queued on Athena workstations.

  • Mail to programs no longer bashes the case of the line they execute.

  • at is no longer translated to @ by the client sendmail. It is still translated at the mailhubs, though.

Changes to Third-Party Software

[Strictly speaking, changes to locker software are not "Athena release changes," because this software is not tied in with the basic Athena release. Instead, locker changes are simply "changes to Athena application software." These changes are listed here because they happen to coincide with the Athena 8.2 Release.]

Many of the major locker-based Athena applications (MATLAB, Maple, Netscape, Frame Maker, and Xess) are being upgraded over the summer: the newest versions of each of these will become the default on Athena by the end of the summer. For more information on Third party software, see the following:

  http://web.mit.edu/acs/www/3partysw.html

The significant changes to the third-party software suite include:

• Netscape 4 will become the default later this summer. There are many complicated issues related to upgrading to Netscape 4. You might lose your bookmark files, certificates and preferences. Further information on upgrading to Netscape 4 will be available closer to the upgrade. Netscape 4 offers many new features and a significantly improved user interface.

• Xess: Version 4 of this spreadsheet program, a major release, will become the default on Athena by the end of the summer. Version 4 supports 3-D workbooks, dynamic language support, expanded currency formats, cell borders and patterns, fraction formats, an upgraded XLS filter, images, and more. To run version 4 now, type:

    athena% add xess
    athena% xess -ver 4.0 &
  
  

• Maple upgraded to Version 5 R5 This new version of the Maple symbolic math package, 5R5 (Version 5 revision 5), has been released for Suns, SGIs, Linux, and NetBSD workstations. It is now the default version on Athena. Many new capabilities and improvements have been made, including an advanced online help system and user interface, expanded symbolic capabilities, and new packages.

• MATLAB: Version 5.2 MATLAB 5.2 is a major upgrade to this popular math software package. It is now defualt version on Athena. MATLAB 5.2 has improved online documentation, UNIX environment tools, visualization, GUI development tools, toolboxes, blocksets, and more.

• FrameMaker: Version 5.5 FrameMaker 5.5 is now the default. FrameReader aka FrameViewer no longer exists. Acrobat Reader is now the viewing program for FrameMaker. Documents will either have to be converted or you can invoke the full program to read old files.