Athena 8.2 Release (AC-08.2)
(Effective 29 July 1998)
Overview
In July 1998, Information Systems released the latest version of
the Athena system (Release 8.2) on Sun and SGI workstations. These
changes are summarized in this document.
Summary of Changes
Among the most visible changes (effective with the Release) are the
following:
- Operating Systems, System Software, and
Peripherals:
- Solaris and IRIX operating systems upgraded
- New SGI O2 workstations deployed in some clusters
- Further Kerberos 5 upgrades made
- Power saving added
- The hostname shell variable changed
- Delete and Backspace key mappings no longer reversed.
- Basic Application Software:
- ispell upgraded
- Zephyr and Discuss minor upgrades
- For Developers:
- Perl 5 now the default
- The default Sun compilers upgraded
- SGI compilers upgraded
- The supported GCC release is FSF version 2.8.1
- For Private Workstation Owners:
- Kermit added
- A variety of changes to the login system
- SSH (the secure shell) now supported on mkserv remote
machines
- Remote access features added
- The default passwd command updated
- Kerberos 5 and Private Workstations
- Sendmail configuration changes
- Third-Party Software Upgrades:
- Netscape: Version 4
- Xess: Version 4
- Maple: Version 5 Release 5
- MATLAB: Version 5.2
- FrameMaker: Version 5.5
Relevant details about user-visible changes are listed in later sections of
this document. For the complete list of changes in the release (not only
user-visible changes), see the System Release Notes.
If your workstation is running the Athena 8.2 Release, the text string
"8.2" should appear within the output of the machtype -L
command. For example:
athena% machtype -L
8.2.6
The numbers following "8.2" may be different on your system; this simply
indicates a minor update within the 8.2 Release. As long as it says
"8.2", you are running the new release.
Reporting Bugs
Please report any problems in the new release by using the
sendbug command on Athena:
athena% sendbug
- Solaris and IRIX Operating Systems upgraded.
On Sun Workstations, the operating system has been upgraded (from
Solaris 2.5.1 to Solaris 2.6) and a variety of patches have been
applied. On SGI Indy workstations, the operating system has been
upgraded to IRIX 6.2 and the new SGI O2 workstations are running IRIX
6.3.
- New SGI O2 workstations deployed in some
clusters. The O2 workstations use the same dotfiles and have
the same interface as the SGI Indy workstation. However, O2
workstations are more powerful than the Indy and have superior
graphical modeling capabilities.
- Further Kerberos 5 upgrades made.
Some resulting changes are:
- A Kerberos 5 principal with an instance is written with a slash
instead of a period as in Kerberos 4. So
username.extra becomes
username/extra, username.root
becomes username/root, and so forth.
- There is no longer a program named ksrvtgt in
the Athena release (although there is a native version shipped with
Solaris). The command ksrvtgt rcmd `hostname` should
typically be replaced with /usr/athena/bin/kinit -k -l
5m.
- The rlogin, rsh, and rcp clients will attempt to make Kerberos
5 connections. If the Kerberos 5 connection fails, Kerberos 4 will
be used instead.
- The telnet client and server support both Kerberos 5 and
Kerberos 4 authentication. You will not be prompted for a password if
you telnet to an Athena workstation with forwarded or forwardable
Kerberos 5 credentials. Be extra careful. Never leave yourself
logged in to an unattended workstation without using a locking
screensaver.
- Some options to commonly-used Kerberos programs have changed.
Some notable changes are:
- In Kerberos 4, klist -t was often used in shell scripts to query whether a ticket file exists. In Kerberos 5, this has been
replaced with klist -s.
- In Kerberos 4, kdestroy -f runs without
displaying a status message. This behavior is gone in Kerberos 5; you
must redirect output and error to /dev/null.
- In Kerberos 4, kinit -l and kinit
-r prompt you for a lifetime (in minutes) and realm,
respectively. In Kerberos 5, kinit -l takes a
lifetime argument on the command line (such as 20h for
twenty hours or 30m for thirty minutes). Also, in
Kerberos 5, the kinit -r has a different meaning
(renewable ticket life); to request tickets for a different realm
use kinit user@realm.
- The Kerberos 4 kdestroy command prints "Tickets destroyed."
The Kerberos 5 kdestroy command is silent if successful.
- Solaris 2.6 introduces power saving. Under some
circumstances, the monitor will enter a power saving mode and the
screen will power down.
- The hostname shell variable changed. the shell
vairiable hostname is now a fully qualified hostname.
Instead of w20-575-1 the value of hostname is now w20-575-1.mit.edu.
- Delete and Backspace keymappings no longer
reversed. We The backspace and delete keys are no longer mapped to be
reversed the backspace on the Sun keyboard. This improves our
compatibility with third-party software packages but may cause some
temporary problems with older versions of third-party software.
- ispell upgraded. A new version of ispell, the
program used to check the spelling of emacs buffers and text
files, was installed. It has a larger library of words and
more features. However, it may not remember words you put into
your local dictionary as it stores the file in a new location.
- Zephyr has been updated to a newer code
base. A new variable ZEPHYR_CLIENT is supported in the .environment
file. It specifies an alternative zephyr client to zwgc in the
startup process.
- Discuss has been upgraded.
- The discuss recover program and
dsgrep command should now work on any size discuss
meetings.
- The discuss client now truncates subject lines in a meeting
listing to the width of the screen instead of to 80 columns.
- dsmail -d now preserves Message-ID and MIME headers.
- The discuss elisp code supports a new variable
discuss-reply-by-mail-with-message-id to make Reply-To lines follow
the more standard Message-ID format. It is disabled by default.
In addition to the changes listed below and elsewhere in this document,
program developers should be sure to see the Athena 8.2 System Release Notes for details of the many changes
involved in the release. The items included here are only highlights:
- Perl 5 now the default,
usr/athena/bin/perl is now Perl 5.004_04. Perl 5 is very close to
backward-compatible with Perl 4, but some scripts may break. The most
common problem is that instances of @ in a string literal must now be
preceded by a backslash. Other problems may be more subtle. If all
else fails, change the first line of the script from
#!/usr/athena/bin/perl to #!/afs/athena.mit.edu/contrib/perl/perl.
- The default Sun compilers upgraded. The
default compilation command (i.e. when you do something like f77
foo.f) now does static linking instead of dynamic linking against
all libraries that need to be found in the compiler locker at
runtime. This is a change from the vendor's default setup, which does
dynamic linking for everything. The files
/mit/sunsoft_v5.1/README.important_changes and
/mit/sunsoft_v5.1/README.dynamic_linking contain more information on
these changes.
- The Default SGI compilers upgraded from 7.1 to
7.2. The new compilers are license managed and require you to have
tokens.
- The supported GCC release is FSF version
2.8.1; we are no longer using the Cygnus supported version of
GCC.
In addition to the changes listed below and elsewhere in this document,
private workstation owners should be sure to see the Athena 8.2 System Release Notes for details of the many changes
involved in the release. The items here include only highlights:
- Kermit 6.0 is now included in the Athena release.
- There have been a variety of changes to the login
system.
- The Athena login, telnetd, and ftpd programs have been updated
to the Kerberos 5 versions.
- A Kerberized rlogin connection will perform an Athena login.
(As before, an rsh connection will not perform a login at all.)
- If the file /etc/athena/access exists, it is used instead of
/etc/noremote, /etc/nocreate and the passwd file to decide which users
are authorized to log into a machine. The access file can also
specify that a user's account is local and Athena-specific login
activities for that account should be suppressed. See access(5) for
the file format. The access file information overrides the rc.conf
variables NOREMOTE and NOCREATE. However, /etc/noremote and nocreate
will be honored if /etc/athena/access does not exist.
- SSH (the secure shell) is now supported on mkserv
remote machines. The Secure Shell, both client and server, is
now supported in the Athena release. The server is enabled
automatically on mkserv remote machines, and it can
be enabled manually by setting the SSHD variable in
/etc/athena/rc.conf and running ssh-keygen -b 1024 -f
/etc/ssh_host_key -N. In addition to true or
false, the value of SSHD can be
switched, in which case sshd will run only when the
workstation is access_on. By default sshd is configured to accept only
Kerberos 5 or password authentication, since RSA authentication cannot
be used to conduct a login with credentials.
- Remote Access features added to mkserv remote.
A configuration where users can run access_off to disable remote
access is now supported through mkserv remote.
The default is the same as before (access_off will have no
effect). As part of this support, a new rc.conf variable ACCESSON sets
the default access state of a workstation. The default value is false,
corresponding to the previous workstation default of being access_off.
- New encryption option in mkserv remote..
mkserv remote will now ask: "Do you wish to require encrypted
passwords on remote connections?" If you answer yes, the workstation
will be configured to not allow users to log in with cleartext
passwords. (The default is currently no, but use of this option is
encouraged, given the prevalence of machines that have been cracked
and had sniffers installed.) If your workstation is already mkserv
remote, the easiest way to enable this is (once your machine has been
update to Athena 8.2) log in as root and run 'mkserv remote' again.
This will re-prompt you about various things and allow you to change
the defaults (this is also a reasonable way to change the ACCESSON
default). As always, you must reboot after running mkserv.
- Default passwd command updated. The
default passwd command is now a program which selects
between the Kerberos and local password-changing programs.
- Kerberos 5 upgrade issues:
- Kerberized server processes will look for a Kerberos 5 keytab
in /etc/krb5.keytab and, if that does not exist, will look for a
Kerberos 4 srvtab in /etc/athena/srvtab. So system administrators are
not required to do anything differently with regard to their srvtab
files, although they are encouraged to use Kerberos 5 keytab files.
- Kerberized login daemons will look for a .k5login with Kerberos
5 principals in it and if that does not exist, will look for a .klogin
with Kerberos 4 principals. This behavior has actually been in place
in the 8.1 release since January 1998 but was not well-advertised. A
change in the Athena 8.2 release is that the ksu
program will not work with a .klogin file; you must convert to a
.k5login file (changing dots to slashes in the process). Apart from
the problem with ksu, system administrators and
account owners are not required to do anything differently with regard
to .klogin files, but are encouraged to use .k5login files.
- By default the Athena 8.2 version of telnetd will try to negotiate
Kerberos 5 authentication. The current version of Host Explorer can only
deal with Kerberos 4 logins. An updated version should be available in
the near future (see http://web.mit.edu/is/pubs/ns-55/ for updates and
information).
If you need to allow remote access to your private Athena 8.2 workstation
to users of the current Host Explorer you can disable Kerberos 5 athentication.
You will need to edit the file /etc/athena/inetd.conf and change the line:
telnet stream tcp nowait unswitched root /etc/athena/telnetd telnetd
-a cred
to:
telnet stream tcp nowait unswitched root /etc/athena/telnetd telnetd
-a cred -X KERBEROS_V5
then reboot or restart /etc/athena/inetd. Note that the machine needs to
already have been configured for remote access before you make the above
changes.
- Sendmail configuration changes.
- Addresses of the form
username@machinename.mit.edu are no longer
rewritten to username@mit.edu in the From: and envelope from
addresses of messages. This rewriting, although a convenient safety net for
MUAs which assumed that username@hostname was a
correct way of writing an email address, was causing difficulty for mailing
lists administered on Athena workstations. (Bounces would go to
owner-listname@mit.edu instead of
owner-listname@hostname.mit.edu because of the rewriting of
the envelope from address.)
- Mail for root is no longer thrown away in sendmail.cf. A new
class, E, has been introduced to indicate people whose mail should be
delivered locally, and root's mail is now thrown away in an alias
entry which can be modified by the machine administrator.
- Non-MIT hostnames are no longer canonicalized on the client before
mail is sent to the MIT mailhubs. This change makes it less likely
that transient DNS errors will cause mail to be queued on Athena
workstations.
- Mail to programs no longer bashes the case of the line they execute.
- at is no longer translated to @ by
the client sendmail. It is still translated at the mailhubs, though.
[Strictly speaking, changes to locker software are not "Athena
release changes," because this software is not tied in with the basic Athena
release. Instead, locker changes are simply "changes to Athena application
software." These changes are listed here because they happen to coincide with
the Athena 8.2 Release.]
Many of the major locker-based Athena applications (MATLAB, Maple,
Netscape, Frame Maker, and Xess) are being upgraded over the summer:
the newest versions of each of these will become the default on Athena
by the end of the summer. For more information on Third party
software, see the following:
http://web.mit.edu/acs/www/3partysw.html
The significant changes to the third-party software suite include:
Last modified: Tue Jul 28 21:54:26 1998
MIT Information
Systems