Changeset a2ed79b for postlfs/security

Timestamp:

07/13/2004 07:42:02 PM (20 years ago)

Author:

Larry Lawrence <larry@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

3b5a5cc

Parents:

d9384404

Message:

update to MIT krb5-1.3.4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2456 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/mitkrb.xml (modified) (13 diffs)

postlfs/security/mitkrb.xml

@@ -8 +8 @@
   <!ENTITY mitkrb-download-ftp " ">
   <!ENTITY mitkrb-size "6.2 MB">
-  <!ENTITY mitkrb-buildsize "137.4 MB">
+  <!ENTITY mitkrb-buildsize "138.4 MB">
   <!ENTITY mitkrb-time "2.55 SBU">
 ]>
@@ -15 +15 @@
 <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
 <?dbhtml filename="mitkrb.html"?>
-<title>MIT krb5-&mitkrb-version;</title>
+<title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
 
 <sect2>
@@ -21 +21 @@
 
 <para>
-<application>MIT krb5</application> is a free implementation of Kerberos
-5. Kerberos is a network authentication protocol. It centralizes the
-authentication database and uses kerberized applications to work with 
-servers or services that support Kerberos allowing single logins and
-encrypted communication over internal networks or the Internet.</para>
+<application><acronym>MIT</acronym> krb5</application> is a free
+implementation of Kerberos 5. Kerberos is a network authentication
+protocol. It centralizes the authentication database and uses kerberized
+applications to work with servers or services that support Kerberos
+allowing single logins and encrypted communication over internal
+networks or the Internet.
+</para>
 
 <sect3><title>Package information</title>
@@ -56 +58 @@
 
 <sect2>
-<title>Installation of <application>MIT krb5</application></title>
-
-<para>Install <application>MIT krb5</application> by running the following commands:</para>
-
-<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
+<title>Installation of <application><acronym>MIT</acronym> krb5</application></title>
+
+<para>
+<application><acronym>MIT</acronym> krb5</application> is
+distributed in an <acronym>TAR</acronym> file
+containing a compressed <acronym>TAR</acronym> package and a
+detached <acronym>PGP</acronym> <filename
+class="extension">ASC</filename> file.
+</para>
+
+<para>
+If you have installed <xref linkend="gnupg"/>, you can
+authenticate the package with the following command:
+</para>
+
+<screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</command></userinput></screen>
+
+<para>
+Build <application><acronym>MIT</acronym> krb5</application> by running the following commands:
+</para>
+
+<screen><userinput><command>cd src &amp;&amp;
+./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib --enable-dns --enable-shared --mandir=/usr/share/man &amp;&amp;
-make &amp;&amp;
-make install &amp;&amp;
+make</command></userinput></screen>
+
+<para>
+Install <application><acronym>MIT</acronym> krb5</application> by
+running the following commands as root:
+</para>
+
+<screen><userinput><command>make install &amp;&amp;
 mv /bin/login /bin/login.shadow &amp;&amp;
 cp /usr/sbin/login.krb5 /bin/login &amp;&amp;
@@ -84 +110 @@
 <title>Command explanations</title>
 
-<para><parameter>--enable-dns</parameter>: This switch allows realms to
-be resolved using the <acronym>DNS</acronym> server.</para>
-
-<para><screen><command>mv /bin/login /bin/login.shadow
+<para>
+<parameter>--enable-dns</parameter>: This switch allows realms to
+be resolved using the <acronym>DNS</acronym> server.
+</para>
+
+<para>
+<screen><command>mv /bin/login /bin/login.shadow
 cp /usr/sbin/login.krb5 /bin/login
 mv /usr/bin/ksu /bin</command></screen>
 Preserves <application>Shadow</application>'s <command>login</command>
 command, moves <command>ksu</command> and <command>login</command> to
-the <filename class="directory">/bin</filename> directory.</para>
-
-<para><screen><command>mv /usr/lib/libkrb5.so.3* /lib
+the <filename class="directory">/bin</filename> directory.
+</para>
+
+<para>
+<screen><command>mv /usr/lib/libkrb5.so.3* /lib
 mv /usr/lib/libkrb4.so.2* /lib
 mv /usr/lib/libdes425.so.3* /lib
@@ -106 +137 @@
 The <command>login</command> and <command>ksu</command> programs
 are linked against these libraries, therefore we move these libraries to 
-<filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>.</para>
+<filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>.
+</para>
 
 </sect2>
@@ -114 +146 @@
 
 <sect3><title>Config files</title>
-<para><filename>/etc/krb5.conf</filename> and
-<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
+<para>
+<filename>/etc/krb5.conf</filename> and
+<filename>/var/lib/krb5kdc/kdc.conf</filename>
+</para>
 </sect3>
 
@@ -267 +301 @@
 </para>
 
-<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
+<para>
+Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
 included in the <xref linkend="intro-important-bootscripts"/>
-package.</para>
+package.
+</para>
 
 <screen><userinput><command>make install-kerberos</command></userinput></screen>
@@ -291 +327 @@
 <para>
 The kerberized programs will connect to non kerberized daemons, warning
-you that authentication is not encrypted.</para></sect4>
+you that authentication is not encrypted.
+</para>
+</sect4>
 
 
 <sect4><title>Using Kerberized Server Programs</title>
-
-<para>Using kerberized server programs (<command>telnetd</command>,
+<para>
+Using kerberized server programs (<command>telnetd</command>,
 <command>kpropd</command>, 
 <command>klogind</command> and <command>kshd</command>) requires two additional configuration steps.
@@ -303 +341 @@
 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename> must
 be modified for each server that will be activated, usually replacing
-the server from <application>inetutils</application>.</para></sect4>
+the server from <xref linkend="inetutils"/>.
+</para>
+</sect4>
 
 <sect4><title>Additional Information</title>
@@ -321 +361 @@
 <title>Contents</title>
 
-<para>The <application>MIT krb5</application> package contains
+<para>
+The <application>MIT krb5</application> package contains
 <command>compile-et</command>,
 <command>ftp</command>,
@@ -375 +416 @@
 <filename class="libraryfile">libkdb5</filename>,
 <filename class="libraryfile">libkrb4</filename>,
-<filename class="libraryfile">libkrb5</filename>.</para>
+<filename class="libraryfile">libkrb5</filename>.
+</para>
 
 </sect2>
@@ -382 +424 @@
 
 <sect3><title>compile_et</title>
-<para><command>compile_et</command> converts the table listing
-error-code names into a <application>C</application> source file.</para></sect3>
+<para>
+<command>compile_et</command> converts the table listing
+error-code names into a <application>C</application> source file.
+</para>
+</sect3>
 
 <sect3><title>k5srvutil</title>
-<para><command>k5srvutil</command> is a host keytable manipulation
-utility.</para></sect3>
+<para>
+<command>k5srvutil</command> is a host keytable manipulation
+utility.
+</para>
+</sect3>
 
 <sect3><title>kadmin</title>
-<para><command>kadmin</command> is an utility used to make modifications
-to the Kerberos database.</para></sect3>
+<para>
+<command>kadmin</command> is an utility used to make modifications
+to the Kerberos database.
+</para>
+</sect3>
 
 <sect3><title>kadmind</title>
-<para><command>kadmind</command> is a server for administrative access
-to Kerberos database.</para></sect3>
+<para>
+<command>kadmind</command> is a server for administrative access
+to Kerberos database.
+</para>
+</sect3>
 
 <sect3><title>kinit</title>
-<para><command>kinit</command> is used to
+<para>
+<command>kinit</command> is used to
 authenticate to the Kerberos server as principal and acquire a ticket
 granting ticket that can later be used to obtain tickets for other
-services.</para></sect3>
+services.
+</para>
+</sect3>
 
 <sect3><title>krb5kdc</title>
-<para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
+<para>
+<command>kdc</command> is a Kerberos 5 server.
+</para>
+</sect3>
 
 <sect3><title>kdestroy</title>
-<para><command>kdestroy</command> removes the current set of
-tickets.</para></sect3>
+<para>
+<command>kdestroy</command> removes the current set of
+tickets.
+</para>
+</sect3>
 
 <sect3><title>kdb5_util</title>
-<para><command>kdb5_util</command> is the <acronym>KDC</acronym>
-database utility.</para></sect3>
+<para>
+<command>kdb5_util</command> is the <acronym>KDC</acronym>
+database utility.
+</para>
+</sect3>
 
 <sect3><title>klist</title>
-<para><command>klist</command> reads and displays the current tickets in
-the credential cache.</para></sect3>
+<para>
+<command>klist</command> reads and displays the current tickets in
+the credential cache.
+</para>
+</sect3>
 
 <sect3><title>klogind</title>
-<para><command>klogind</command> is the server that responds to rlogin
-requests.</para></sect3>
+<para>
+<command>klogind</command> is the server that responds to rlogin
+requests.
+</para>
+</sect3>
 
 <sect3><title>kpasswd</title>
-<para><command>kpasswd</command> is a program for changing Kerberos 5
-passwords.</para></sect3>
+<para>
+<command>kpasswd</command> is a program for changing Kerberos 5
+passwords.
+</para>
+</sect3>
 
 <sect3><title>kprop</title>
-<para><command>kprop</command> takes a principal database in a specified
+<para>
+<command>kprop</command> takes a principal database in a specified
 format and converts it into a stream of database
-records.</para></sect3>
+records.
+</para>
+</sect3>
 
 <sect3><title>kpropd</title>
-<para><command>kpropd</command> receives a database sent by
+<para>
+<command>kpropd</command> receives a database sent by
 <command>hprop</command> and writes it as a local
-database.</para></sect3>
+database.
+</para>
+</sect3>
 
 <sect3><title>krb5-config</title>
-<para><command>krb5-config</command> gives information on how to link
-programs against libraries.</para></sect3>
+<para>
+<command>krb5-config</command> gives information on how to link
+programs against libraries.
+</para>
+</sect3>
 
 <sect3><title>ksu</title>
-<para><command>ksu</command> is the super user program using Kerberos
-protocol. Requires a properly configured
-<filename>/etc/shells</filename> and <filename>~/.k5login</filename>
-containing principals authorized to become super users.</para></sect3>
+<para>
+<command>ksu</command> is the super user program using Kerberos
+protocol. Requires a properly configured <filename class="directory">/etc/shells</filename> 
+and <filename>~/.k5login</filename> containing principals authorized to
+become super users.
+</para>
+</sect3>
 
 <sect3><title>ktutil</title>
-<para><command>ktutil</command> is a program for managing Kerberos
-keytabs.</para></sect3>
+<para>
+<command>ktutil</command> is a program for managing Kerberos
+keytabs.
+</para>
+</sect3>
 
 <sect3><title>kvno</title>
-<para><command>kvno</command> prints keyversion numbers of Kerberos
-principals.</para></sect3>
+<para>
+<command>kvno</command> prints keyversion numbers of Kerberos
+principals.
+</para>
+</sect3>