Changeset cc75bcec

Timestamp:

04/29/2004 09:53:08 PM (20 years ago)

Author:

Igor Živković <igor@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

960ed11

Parents:

619dd53

Message:

more heimdal fixes

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2076 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• index.xml (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/heimdal/heimdal-config.xml (modified) (4 diffs)
• postlfs/security/heimdal/heimdal-intro.xml (modified) (2 diffs)

index.xml

@@ -3 +3 @@
                         "/usr/share/docbook/docbookx.dtd" [
 
-<!ENTITY version "CVS-20040428">
-<!ENTITY releasedate "April 28th, 2004">
-<!ENTITY pubdate "2004-04-28">
+<!ENTITY version "CVS-20040429">
+<!ENTITY releasedate "April 29th, 2004">
+<!ENTITY pubdate "2004-04-29">
 <!ENTITY blfs-version "cvs">
 

introduction/welcome/changelog.xml

@@ -11 +11 @@
 
 <itemizedlist>
+
+<listitem><para>April 29th, 2004 [igor]: Fixed various errors in
+Heimdal instructions, caught by Randy, Larry, DJ and
+Nathan.</para></listitem>
 
 <listitem><para>April 28th, 2004 [igor]: Finished the Heimdal

postlfs/security/heimdal/heimdal-config.xml

@@ -14 +14 @@
 </para>
 
-<screen><userinput><command>mkdir /etc/heimdal &amp;&amp;
+<screen><userinput><command>install -d /etc/heimdal &amp;&amp;
 cat > /etc/heimdal/krb5.conf << "EOF"</command>
 # Begin /etc/heimdal/krb5.conf
@@ -26 +26 @@
         kdc = <replaceable>[belgarath.lfs.org]</replaceable>
         admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
+        kpasswd_server = <replaceable>[belgarath.lfs.org]</replaceable>
     }
 
@@ -174 +175 @@
 </para>
 
+<!--
 <para>Install <filename>/etc/rc.d/init.d/heimdal</filename> init script
 included in the <xref linkend="intro-important-bootscripts"/>
@@ -179 +181 @@
 
 <screen><userinput><command>make install-heimdal</command></userinput></screen>
+-->
+
+<para>
+To automate the running of Kerberos server and 
+<command>kpasswdd</command> daemon, use the following command to create
+the init.d script:
+</para>
+
+<screen><userinput><command>cat > /etc/rc.d/init.d/heimdal << "EOF"</command>
+#!/bin/sh
+# Begin $rc_base/init.d/heimdal
+
+# Based on sysklogd script from LFS-3.1 and earlier.
+# Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org
+# Heimdal bootscript submitted by Randy McMurchy - LFS-User@mcmurchy.com
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+case "$1" in
+        start)  
+                echo "Starting KDC Server Daemon..."
+                if test -f "/var/run/kdc.pid"
+                then
+                        print_status warning running
+                else
+                        /usr/sbin/kdc &
+                        sleep 1
+                        if test -f "/var/run/kdc.pid"
+                        then
+                                print_status success
+                        else
+                                print_status failure
+                        fi
+                fi
+                echo "Starting KDC kpasswdd Daemon..."
+                if test -f "/var/run/kpasswdd.pid"
+                then
+                        print_status warning running
+                else
+                        /usr/sbin/kpasswdd &
+                        sleep 1
+                        if test -f "/var/run/kpasswdd.pid"
+                        then
+                                print_status success
+                        else
+                                print_status failure
+                        fi
+                fi
+                ;;
+
+        stop)   
+                echo "Stopping KDC kpasswdd Daemon..."
+                killproc /usr/sbin/kpasswdd
+                echo "Stopping KDC Server Daemon..."
+                killproc /usr/sbin/kdc
+                ;;
+
+        restart)
+                $0 stop
+                sleep 1
+                $0 start
+                ;;
+
+        status)
+                statusproc /usr/sbin/kdc
+                statusproc /usr/sbin/kpasswdd
+                ;;
+
+        *)
+                echo "Usage: $0 {start|stop|restart|status}"
+                exit 1
+                ;;
+esac
+
+# End $rc_base/init.d/heimdal
+<command>EOF</command></userinput></screen>
+
+<para>
+Create the symbolic links to this file in the relevant <filename
+class="directory">rc.d</filename> directory with the following commands:
+</para>
+
+<screen><userinput><command>cd /etc/rc.d/init.d &amp;&amp;
+ln -sf ../init.d/heimdal ../rc0.d/K42heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc1.d/K42heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc2.d/K42heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc3.d/S28heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc4.d/S28heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc5.d/S28heimdal &amp;&amp;
+ln -sf ../init.d/heimdal ../rc6.d/K42heimdal</command></userinput></screen>
 
 </sect4>
 
+<sect4><title>Using Kerberized Client Programs</title>
+
+<para>
+To use the kerberized client programs (<command>telnet</command>,
+<command>ftp</command>, <command>rsh</command>,
+<command>rxterm</command>, <command>rxtelnet</command>,
+<command>rcp</command>, <command>xnlock</command>), you first must get
+an authentication ticket. Use the <command>kinit</command> program to
+get the ticket. After you've acquired the ticket, you can use the
+kerberized programs to connect to any kerberized server on the network.
+You will not be prompted for authentication until your ticket expires
+(default is one day), unless you specify a different user as a command
+line argument to the program.
+</para>
+
+<para>
+The kerberized programs will connect to non kerberized daemons, warning
+you that authentication is not encrypted. As mentioned earlier, only the
+<command>ftp</command> program gives any trouble connecting to non
+kerberized daemons.
+</para>
+
+</sect4>
+
 </sect3>
 

postlfs/security/heimdal/heimdal-intro.xml

@@ -11 +11 @@
 ensure that passwords cannot be stolen. A Kerberos installation will
 make changes to the authentication mechanisms on your network and will
-overwrite several programs and daemons from the Coreutils, Inetutils and
-Shadow packages.
+overwrite several programs and daemons from the Coreutils, Inetutils,
+Qpopper and Shadow packages.
 </para>
 
@@ -41 +41 @@
 <sect4><title>Optional</title>
 <para>
-<xref linkend="tcpwrappers"/>,
 <xref linkend="readline"/>,
 <xref linkend="Linux_PAM"/>,