Changeset 2e3e271

Timestamp:

03/21/2008 08:44:45 PM (16 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

0f10bc0

Parents:

dce1ca8

Message:

Updated to Heimdal-1.1; removed the Heimdal-Cracklib patches from both packages as Heimdal has been converted to use Cracklib differently; created a patch to change the names of some installed files so they don't conflict with the E2fsprogs package

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7295 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (2 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/cracklib.xml (modified) (4 diffs)
• postlfs/security/heimdal.xml (modified) (16 diffs)

general.ent

@@ -4 +4 @@
 -->
 
-<!ENTITY day          "20">                   <!-- Always 2 digits -->
+<!ENTITY day          "22">                   <!-- Always 2 digits -->
 <!ENTITY month        "03">                   <!-- Always 2 digits -->
 <!ENTITY year         "2008">
 <!ENTITY version      "svn-&year;&month;&day;">
-<!ENTITY releasedate  "March &day;th, &year;">
+<!ENTITY releasedate  "March &day;nd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
@@ -65 +65 @@
 <!ENTITY gnupg2-version               "2.0.8">
 <!ENTITY tripwire-version             "2.4.0.1">
-<!ENTITY heimdal-version              "0.8.1">
+<!ENTITY heimdal-version              "1.1">
 <!ENTITY mitkrb-version               "1.6">
 <!ENTITY cyrus-sasl-version           "2.1.22">

introduction/welcome/changelog.xml

@@ -42 +42 @@
 -->
 
+    <listitem>
+      <para>March 22nd, 2008</para>
+      <itemizedlist>
+        <listitem>
+          <para>[randy] - Updated to Heimdal-1.1. Removed the
+          Heimdal-Cracklib patches from both packages as Heimdal has been
+          converted to use Cracklib differently. Created a patch to change
+          the names of some installed files so they don't conflict with the
+          E2fsprogs package.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
      <listitem>
       <para>March 20th, 2008</para>
       <itemizedlist>
         <listitem>
-          <para>[thomas] - Added page in chapter 16 about NFS client tools. Upgrade to
-          nfs-utils-1.1.2 and change the download location.</para>
+          <para>[thomas] - Added page in chapter 16 about NFS client tools.
+          Upgrade to nfs-utils-1.1.2 and change the download location.</para>
         </listitem>
       </itemizedlist>

postlfs/security/cracklib.xml

@@ -67 +67 @@
         <ulink url="&crackdict-download;"/></para>
       </listitem>
-      <listitem>
+      <!-- <listitem>
         <para>Required patch to create a library used with the Heimdal
         Kerberos 5 package: <ulink
         url="&patch-root;/cracklib-&cracklib-version;-heimdal-2.patch"/></para>
-      </listitem>
+      </listitem> -->
     </itemizedlist>
 
@@ -112 +112 @@
     <title>Installation of CrackLib</title>
 
-    <para>If desired, apply the <application>Heimdal</application> patch
+    <!-- <para>If desired, apply the <application>Heimdal</application> patch
     (note that with this patch the original library is not affected; this patch
     only creates an additional library used by the
@@ -118 +118 @@
 
 <screen><userinput>patch -Np1 -i ../cracklib-&cracklib-version;-heimdal-2.patch</userinput></screen>
+    -->
 
     <para>Install <application>CrackLib</application> by running the following
@@ -219 +220 @@
         <seg>cracklib-check, cracklib-format, cracklib-packer,
         cracklib-unpacker and create-cracklib-dict</seg>
-        <seg>libcrack.{so,a} and optionally, libcrack_heimdal.{so,a} and
-        the cracklibmodule.{so,a} <application>Python</application> module</seg>
+        <seg>libcrack.{so,a} and the cracklibmodule.{so,a}
+        <application>Python</application> module</seg>
         <seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
       </seglistitem>

postlfs/security/heimdal.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
+  <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
   <!ENTITY heimdal-download-ftp  "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
-  <!ENTITY heimdal-md5sum        "7ff8c4850bce9702d9d3cf9eff05abaa">
-  <!ENTITY heimdal-size          "3.1 MB">
-  <!ENTITY heimdal-buildsize     "127 MB">
-  <!ENTITY heimdal-time          "3.7 SBU (additional 1.5 SBU to run the test suite)">
+  <!ENTITY heimdal-md5sum        "7892e97b346534cc9afeeee461fe3bab">
+  <!ENTITY heimdal-size          "3.6 MB">
+  <!ENTITY heimdal-buildsize     "136 MB">
+  <!ENTITY heimdal-time          "4.0 SBU (additional 1.5 SBU to run the test suite)">
 ]>
 
@@ -31 +31 @@
 
     <para><application>Heimdal</application> is a free implementation
-    of Kerberos 5 that aims to be compatible with MIT krb5 and is
-    backward compatible with krb4. Kerberos is a network authentication
+    of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
+    backward compatible with Kerberos 4. Kerberos is a network authentication
     protocol. Basically it preserves the integrity of passwords in any
     untrusted network (like the Internet). Kerberized applications work
@@ -38 +38 @@
     cannot be stolen or compromised. A Kerberos installation will make changes
     to the authentication mechanisms on your network and will overwrite several
-    programs and daemons from the <application>Coreutils</application>,
-    <application>Inetutils</application>, <application>Qpopper</application>
-    and <application>Shadow</application> packages.</para>
+    programs and daemons from the <application>Shadow</application>,
+    <application>Inetutils</application> and
+    <application>Qpopper</application> packages. See
+    <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
+    all the files and commands to rename each of them.</para>
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -66 +68 @@
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
-      <!-- <listitem>
+      <listitem>
         <para>Required Patch: <ulink
-        url="ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"/></para>
+        url="&patch-root;/heimdal-&heimdal-version;-blfs_docs-1.patch"/></para>
       </listitem>
       <listitem>
         <para>Required Patch: <ulink
-        url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
-      </listitem> -->
-      <listitem>
-        <para>Required patch for <application>CrackLib</application> support: <ulink
-        url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
+        url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
       </listitem>
     </itemizedlist>
@@ -94 +92 @@
     <para role="optional"><xref linkend="linux-pam"/>,
     <xref linkend="openldap"/>,
-    <xref linkend="x-window-system"/>,
-    <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename> patch),
-    <ulink url="http://packages.debian.org/stable/source/libcap">libcap</ulink>, and
-    <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
+    <xref linkend="x-window-system"/>, and
+    <ulink url="http://packages.debian.org/stable/source/libcap">libcap</ulink></para>
 
     <note>
@@ -114 +110 @@
     <title>Installation of Heimdal</title>
 
-    <!-- This doesn't appear to be needed any longer as testing has
-         shown that the ftp client now works without issues
-
-    <para>Before installing the package, you may want to preserve the
-    <command>ftp</command> program from the <application>Inetutils</application>
-    package. This is because using the <application>Heimdal</application>
-    <command>ftp</command> program to connect to non-kerberized ftp servers may
-    not work properly. It will allow you to connect (letting you know that
-    transmission of the password is clear text) but will have problems doing
-    puts and gets. Issue the following command as the
-    <systemitem class="username">root</systemitem> user.</para>
-
-<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
-    -->
-
     <warning>
       <para>Ensure you really need a Kerberos installation before you decide
@@ -135 +116 @@
     </warning>
 
-    <para>If you wish the <application>Heimdal</application> package to
-    link against the <application>CrackLib</application> library to provide
-    enforcement of strong passwords (requires <xref linkend="cracklib"/>
-    installed with the <filename>heimdal</filename> patch), you must apply a
-    patch:</para>
-
-<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
-
     <para>Install <application>Heimdal</application> by running the following
     commands:</para>
 
-<screen><userinput>sed -i 's|/var/heimdal|/var/lib/heimdal|' $(grep -lr /var/heimdal *) &amp;&amp;
-./configure --prefix=/usr \
+<screen><userinput>./configure --prefix=/usr \
             --sysconfdir=/etc/heimdal \
             --libexecdir=/usr/sbin \
+            --localstatedir=/var/lib/heimdal \
             --datadir=/var/lib/heimdal \
-            --localstatedir=/var/lib/heimdal \
+            --with-hdbdir=/var/lib/heimdal \
             --with-readline=/usr \
             --enable-kcm &amp;&amp;
 make</userinput></screen>
 
-    <!-- Docs building is broken - when fixec, insert hyphens in the makeinfo commands
     <para>If you have <xref linkend="tetex"/> installed and wish to create
-    alternate forms of the documentation, issue any or all of the following
-    commands:</para>
-
-<screen><userinput>make -C doc html &amp;&amp;
-mv doc/heimdal.html doc/html &amp;&amp;
-make -C doc pdf &amp;&amp;
-make -C doc ps &amp;&amp;
-makeinfo -html -no-split -o doc/heimdal.html doc/heimdal.texi &amp;&amp;
-makeinfo -plaintext       -o doc/heimdal.txt  doc/heimdal.texi</userinput></screen>
-    -->
-
-    <para>To test the results, issue: <command>make check</command>.</para>
+    alternate forms of the documentation, change into the
+    <filename class='directory'>doc</filename> directory and issue any or all
+    of the following commands:</para>
+
+<screen><userinput>pushd doc                                        &amp;&amp;
+
+make html                                        &amp;&amp; 
+
+texi2pdf                            heimdal.texi &amp;&amp;
+texi2dvi                            heimdal.texi &amp;&amp;
+dvips                -o heimdal.ps  heimdal.dvi  &amp;&amp;
+makeinfo --plaintext -o heimdal.txt heimdal.texi &amp;&amp;
+
+texi2pdf                            hx509.texi   &amp;&amp;
+texi2dvi                            hx509.texi   &amp;&amp;
+dvips                -o hx509.ps    hx509.dvi    &amp;&amp;
+makeinfo --plaintext -o hx509.txt   hx509.texi   &amp;&amp;
+
+popd</userinput></screen>
+
+    <para>To test the results, issue: <command>make -k check</command>. The
+    <command>ipropd</command> test is known to fail but all others should
+    pass.</para>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/ss/ss.h   /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
+<!-- <screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/ss/ss.h   /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
 mv -v /usr/lib/libss.a       /usr/lib/libss.a.e2fsprogs &amp;&amp;
 mv -v /usr/lib/libss.so      /usr/lib/libss.so.e2fsprogs &amp;&amp;
 mv -v /usr/bin/mk_cmds       /usr/bin/mk_cmds.e2fsprogs &amp;&amp;
-
-make install &amp;&amp;
-
-mv -v /usr/include/ss/ss.h            /usr/include/ss/ss.h.heimdal &amp;&amp;
+-->
+
+<screen role="root"><userinput>make install &amp;&amp;
+
+install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
+install -v -m644    doc/{init-creds,layman.asc} \
+                    /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
+
+ln -sfv         mech.5 /usr/share/man/man5/qop.5  &amp;&amp;
+ln -sfv ../man5/mech.5 /usr/share/man/cat5/qop.5  &amp;&amp;
+ln -sfv ../man5/mech.5 /usr/share/man/cat5        &amp;&amp;
+
+mv -v /bin/login          /bin/login.SHADOW &amp;&amp;
+mv -v /bin/su             /bin/su.SHADOW    &amp;&amp;
+mv -v /usr/bin/{login,su} /bin              &amp;&amp;
+ln -v -sf ../../bin/login /usr/bin          &amp;&amp;
+
+for LINK in   lib{otp,kafs,krb5,hx509,asn1,roken,crypto}; do
+    mv -v     /usr/lib/${LINK}.so.* /lib &amp;&amp;
+    ln -v -sf ../../lib/$(readlink  /usr/lib/${LINK}.so) \
+              /usr/lib/${LINK}.so
+done &amp;&amp;
+
+mv -v     /usr/lib/$(readlink /usr/lib/libdb.so) \
+          /usr/lib/libdb-?.so \
+          /lib &amp;&amp;
+ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
+          /usr/lib/libdb.so &amp;&amp;
+
+ldconfig</userinput></screen>
+
+<!-- mv -v /usr/include/ss/ss.h            /usr/include/ss/ss.h.heimdal &amp;&amp;
 mv -v /usr/include/ss/ss.h.e2fsprogs  /usr/include/ss/ss.h &amp;&amp;
 mv -v /usr/lib/libss.a                /usr/lib/libss.a.heimdal &amp;&amp;
@@ -188 +199 @@
 mv -v /usr/lib/libss.la               /usr/lib/libss.la.heimdal &amp;&amp;
 mv -v /usr/bin/mk_cmds                /usr/bin/mk_cmds.heimdal &amp;&amp;
-mv -v /usr/bin/mk_cmds.e2fsprogs      /usr/bin/mk_cmds &amp;&amp;
-
-mv -v /bin/login          /bin/login.shadow &amp;&amp;
-mv -v /bin/su             /bin/su.shadow &amp;&amp;
-mv -v /usr/bin/{login,su} /bin &amp;&amp;
-ln -v -sf ../../bin/login /usr/bin &amp;&amp;
-
-for LINK in   lib{otp,kafs,krb5,hx509,asn1,roken,crypto}; do
-    mv -v     /usr/lib/${LINK}.so.* /lib &amp;&amp;
-    ln -v -sf ../../lib/$(readlink  /usr/lib/${LINK}.so) \
-              /usr/lib/${LINK}.so
-done &amp;&amp;
-
-mv -v     /usr/lib/$(readlink /usr/lib/libdb.so) \
-          /usr/lib/libdb-?.so \
-          /lib &amp;&amp;
-ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
-          /usr/lib/libdb.so &amp;&amp;
-
-ldconfig</userinput></screen>
-
-    <!-- <para>If you built any of the alternate forms of documentation, install it
+mv -v /usr/bin/mk_cmds.e2fsprogs      /usr/bin/mk_cmds &amp;&amp; -->
+
+    <para>If you built any of the alternate forms of documentation, install it
     using the following commands as the
     <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
-install -v -m644    doc/html/* \
-                    /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
-install -v -m644    doc/heimdal.{dvi,ps,pdf,html,txt} \
-                    /usr/share/doc/heimdal-&heimdal-version;</userinput></screen> -->
+<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf,html,txt} \
+                 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
+
+    <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
+    strong passwords in the KDC database, issue the following commands as the
+    <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
+    -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
+    -e 's|/var/heimdal|/var/lib/heimdal|' \
+        lib/kadm5/check-cracklib.pl \
+    > /bin/krb5-check-cracklib.pl &amp;&amp;
+
+chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
 
   </sect2>
@@ -224 +225 @@
     <title>Command Explanations</title>
 
-    <para><command>sed -i '...' $(grep -lr /var/heimdal *)</command>:
-    This command is used to change all occurances of hard-coded
-    <filename class='directory'>/var/heimdal</filename> to
-    <filename class='directory'>/var/lib/heimdal</filename> so the
-    installation will be FHS compliant.</para>
-
-    <para><command>mv -v /usr/include/...</command>,
+    <!-- <para><command>mv -v /usr/include/...</command>,
     <command>mv -v /usr/lib/libss.* ...</command> and
     <command>mv -v /usr/bin/mk_cmds ...</command>: The
@@ -239 +234 @@
     original files before the installation, and then restore them (after
     renaming the new <application>Heimdal</application> files) after the
-    installation.</para>
+    installation.</para> -->
 
     <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
@@ -261 +256 @@
     </tip>
 
-    <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
-    The <command>login</command> and <command>su</command> programs installed by
+    <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
+    <parameter>--datadir=/var/lib/heimdal</parameter> and
+    <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
+    are used so that the KDC database and associated files will all reside
+    in <filename class='directory'>/var/lib/heimdal</filename>.</para>
+
+    <para><parameter>--with-readline=/usr</parameter>: This parameter must be
+    used so that the <command>configure</command> script properly locates the
+    installed <application>Readline</application> package.</para>
+
+    <para><parameter>--enable-kcm</parameter>: This parameter enables building
+    the Kerberos Credentials Manager.</para>
+
+    <para><command>ln -sfv .../mech.5 /usr/share/man/...</command>: These
+    commands are used to fix some broken symbolic links.</para>
+
+    <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
+    and <command> ln ... /usr/bin</command>: The <command>login</command>
+    and <command>su</command> programs installed by
     <application>Heimdal</application> belong in the
     <filename class="directory">/bin</filename> directory. The
     <command>login</command> program is symlinked because
     <application>Heimdal</application> is expecting to find it in
-    <filename class="directory">/usr/bin</filename>. The old executables are
-    preserved before the move so that they can be restored if you experience
-    problems logging into the system after the
-    <application>Heimdal</application> package is installed and
-    configured.</para>
-
-    <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
-    The <command>login</command> and <command>su</command> programs installed
-    by <application>Heimdal</application> link against
+    <filename class="directory">/usr/bin</filename>. The old executables from
+    the <application>Shadow</application> package are preserved before the move
+    so that they can be restored if you experience problems logging into the
+    system after the <application>Heimdal</application> package is installed
+    and configured.</para>
+
+    <para><command>for LINK in ...; do ...; done</command>,
+    <command>mv ... /lib</command> and
+    <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
+    and <command>su</command> programs previously moved into the
+    <filename class='directory'>/lib</filename> directory link against
     <application>Heimdal</application> libraries as well as libraries provided
     by the <application>OpenSSL</application> and
     <application>Berkeley DB</application> packages. These
-    libraries are moved to <filename class="directory">/lib</filename> to be
-    FHS compliant and also in case
+    libraries are also moved to <filename class="directory">/lib</filename>
+    so they are FHS compliant and also in case
     <filename class="directory">/usr</filename> is located on a separate
     partition which may not always be mounted.</para>
@@ -312 +326 @@
         <title>Master KDC Server Configuration</title>
 
-        <para>Create the Kerberos configuration file with the
-        following commands:</para>
+        <para>Many of the commands below use
+        <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
+        where you need to substitute information specific to your network.
+        Ensure you replace everything in these tags (there will be no angle
+        brackets when you are done) with your site-specific information.</para>
+
+        <para>Create the Kerberos configuration file with the following
+        commands:</para>
 
 <screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
-cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
+cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
 <literal># Begin /etc/heimdal/krb5.conf
 
@@ -349 +369 @@
         domain changed to ALL CAPS. This isn't required, but both
         <application>Heimdal</application> and <application>MIT
-        krb5</application> recommend it.</para>
+        Kerberos</application> recommend it.</para>
 
         <para><option>encrypt = true</option> provides encryption of all
@@ -355 +375 @@
         and can be left off. If you leave it off, you can encrypt all traffic
         from the client to the server using a switch on the client program
-        instead.</para>
-
-        <para>The <option>[realms]</option> parameters tell the client
-        programs where to look for the KDC authentication services.</para>
-
-        <para>The <option>[domain_realm]</option> section maps a domain
+        instead. The <option>[realms]</option> parameters tell the client
+        programs where to look for the KDC authentication services. The
+        <option>[domain_realm]</option> section maps a domain
         to a realm.</para>
 
@@ -452 +469 @@
         of your new <application>Heimdal</application> Kerberos 5
         installation.</para>
+
+        <para>If you wish to use the <xref linkend="cracklib"/> library to
+        enforce strong passwords in the KDC database, you must do two things.
+        First, add the following lines to the
+        <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
+
+<screen><literal>[password_quality]
+    policies = builtin:external-check
+    external_program = /bin/krb5-check-cracklib.pl</literal></screen>
+
+        <para>Next you must install the
+        <application>Crypt::Cracklib</application>
+        <application>Perl</application> module. Download it from the CPAN
+        site. The URL at the time of this writing is <ulink
+        url="http://cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.2.tar.gz"/>.
+        After unpacking the tarball and changing into the newly created
+        directory, issue the following command to add the BLFS
+        <application>Cracklib</application> dictionary location to one of the
+        source files:</para>
+
+<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
+
+        <para>Then use the standard <command>perl Makefile.PL</command>;
+        <command>make</command>; <command>make test</command>;
+        <command>make install</command> commands. Note that one test fails
+        due to an unknown reason.</para>
 
         <para id="heimdal-init">Install the
@@ -516 +559 @@
         ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
         kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
-        kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login,
-        mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp, rsh, rshd,
-        rxtelnet, rxterm, string2key, su, telnet, telnetd, tenletxr,
-        verify_krb5_conf and xnlock</seg>
-        <seg>libasn1.{so,a}, libeditline.{so,a}, libgssapi.{so,a},
-        libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
+        kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
+        ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
+        popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
+        telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
+
+        <seg>hdb_ldap.{so,a}, libasn1.{so,a}, libeditline.{so,a},
+        libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
         libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
         libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
-        libsl.{so,a}, libss.{so,a} and windc.{so,a}</seg>
+        libsl.{so,a}, libss-krb5.{so,a} and windc.{so,a}</seg>
+
         <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
         /usr/include/krb5, /usr/include/roken, /usr/include/ss,