Changeset d156225
- Timestamp:
- 07/26/2005 02:25:33 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 49f07aad
- Parents:
- 1ae5e7f
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r1ae5e7f rd156225 30 30 31 31 <!-- Chapter 4 --> 32 33 <!-- Ensure you check the library version number and update the 34 Heimdal instructions (postlfs/security/heimdal.xml) if necessary --> 32 35 <!ENTITY openssl-version "0.9.7g"> 36 <!-- End special note about Heimdal --> 37 33 38 <!ENTITY cracklib-version "2.8.3"> 34 39 <!ENTITY Linux_PAM-version "0.80"> … … 37 42 <!ENTITY gnupg-version "1.4.1"> 38 43 <!ENTITY tripwire-version "portable-0.9"> 39 <!ENTITY heimdal-version "0. 6.3">44 <!ENTITY heimdal-version "0.7"> 40 45 <!ENTITY mitkrb-version "1.4"> 41 46 <!ENTITY cyrus-sasl-version "2.1.21"> … … 281 286 282 287 <!-- Chapter 23 --> 288 289 <!-- Ensure you check the library version number and update the 290 Heimdal instructions (postlfs/security/heimdal.xml) if necessary --> 283 291 <!ENTITY db-version "4.3.28"> 292 <!-- End special note about Heimdal --> 293 284 294 <!ENTITY mysql-version "4.1.12"> 285 295 <!ENTITY postgresql-version "8.0.3"> -
introduction/welcome/changelog.xml
r1ae5e7f rd156225 26 26 27 27 <listitem> 28 <para>July 25th 2005 [randy]: Updated to Heimdal-0.7.</para> 29 </listitem> 30 31 <listitem> 28 32 <para>July 25th 2005 [djensen]: Updated to Imlib2-1.2.1.</para> 29 33 </listitem> … … 33 37 </listitem> 34 38 35 36 37 38 39 <listitem> 40 <para>July 25th 2005 [tushar]: Added optional defines to xorg to 41 allow installation into standard directories.</para> 42 </listitem> 39 43 40 44 <listitem> -
postlfs/security/heimdal.xml
r1ae5e7f rd156225 7 7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz"> 8 8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz"> 9 <!ENTITY heimdal-md5sum " 2265fd2d4573dd3a8da45ce62519e48b">10 <!ENTITY heimdal-size " 3.3MB">11 <!ENTITY heimdal-buildsize " 71 MB">12 <!ENTITY heimdal-time "2. 06SBU">9 <!ENTITY heimdal-md5sum "0a8097a8772d5d2de8c5539d3182b82a"> 10 <!ENTITY heimdal-size "4.5 MB"> 11 <!ENTITY heimdal-buildsize "91 MB"> 12 <!ENTITY heimdal-time "2.4 SBU"> 13 13 ]> 14 14 … … 31 31 32 32 <para><application>Heimdal</application> is a free implementation 33 of Kerberos 5 ,that aims to be compatible with MIT krb5 and is33 of Kerberos 5 that aims to be compatible with MIT krb5 and is 34 34 backwards compatible with krb4. Kerberos is a network authentication 35 35 protocol. Basically it preserves the integrity of passwords in any 36 36 untrusted network (like the Internet). Kerberized applications work 37 37 hand-in-hand with sites that support Kerberos to ensure that passwords 38 cannot be stolen . A Kerberos installation will make changes to the39 authentication mechanisms on your network and will overwrite several38 cannot be stolen or compromised. A Kerberos installation will make changes 39 to the authentication mechanisms on your network and will overwrite several 40 40 programs and daemons from the <application>Coreutils</application>, 41 41 <application>Inetutils</application>, <application>Qpopper</application> … … 71 71 </listitem> 72 72 <listitem> 73 <para>Required patch for <application> cracklib</application>: <ulink73 <para>Required patch for <application>CrackLib</application> support: <ulink 74 74 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para> 75 75 </listitem> … … 86 86 <xref linkend="openldap"/>, 87 87 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), 88 <xref linkend="cracklib"/> and 88 <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename> 89 patch) and 89 90 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para> 90 91 … … 106 107 <command>ftp</command> program to connect to non-kerberized ftp servers may 107 108 not work properly. It will allow you to connect (letting you know that 108 transmission of the password is clear text) but will have problems doing puts109 and gets. Issue the following command as the <systemitem110 class="username">root</systemitem> user.</para>109 transmission of the password is clear text) but will have problems doing 110 puts and gets. Issue the following command as the 111 <systemitem class="username">root</systemitem> user.</para> 111 112 112 113 <screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen> 113 114 114 115 <para>If you wish the <application>Heimdal</application> package to 115 link against the <application>cracklib</application> library, you 116 must apply a patch:</para> 116 link against the <application>CrackLib</application> library (requires 117 <xref linkend="cracklib"/> installed with the <filename>heimdal</filename> 118 patch), you must apply a patch:</para> 117 119 118 120 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen> … … 122 124 123 125 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch && 124 ./configure --prefix=/usr --sysconfdir=/etc/heimdal \ 125 --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \ 126 --libexecdir=/usr/sbin --enable-shared \ 127 --with-openssl=/usr --with-readline=/usr && 126 ./configure --prefix=/usr \ 127 --sysconfdir=/etc/heimdal \ 128 --libexecdir=/usr/sbin \ 129 --datadir=/var/lib/heimdal \ 130 --localstatedir=/var/lib/heimdal \ 131 --enable-shared \ 132 --with-readline=/usr && 128 133 make</userinput></screen> 129 134 135 <para>To test the results, issue: <command>make check</command>.</para> 136 130 137 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 131 138 132 139 <screen role="root"><userinput>make install && 140 install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation && 141 install -v -m644 doc/{init-creds,layman.asc} \ 142 /usr/share/doc/heimdal-&heimdal-version; && 143 install -v -m644 doc/standardisation/* \ 144 /usr/share/doc/heimdal-&heimdal-version;/standardisation && 133 145 mv -v /bin/login /bin/login.shadow && 134 146 mv -v /bin/su /bin/su.shadow && 135 147 mv -v /usr/bin/{login,su} /bin && 136 148 ln -v -sf ../../bin/login /usr/bin && 137 mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \ 138 /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib && 139 ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \ 140 /usr/lib && 141 ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \ 142 /usr/lib && 143 ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \ 144 /usr/lib && 149 mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \ 150 /usr/lib/libdb-4.3.so /lib && 151 ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so && 152 ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so && 153 for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \ 154 asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7 155 do 156 ln -v -sf ../../lib/lib$SYMLINK \ 157 /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so 158 done 145 159 ldconfig</userinput></screen> 146 160 … … 154 168 <filename class="directory">/usr/sbin</filename>.</para> 155 169 156 < note>170 <tip> 157 171 <para>If you want to preserve all your existing 158 172 <application>Inetutils</application> package daemons, install the … … 167 181 some of the user programs (such as <command>kadmin</command>) to 168 182 <filename class="directory">/usr/sbin</filename> manually so they'll be 169 in the privileged user's default path.</para>170 </ note>183 in the privileged user's default <envar>PATH</envar>.</para> 184 </tip> 171 185 172 186 <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>: … … 179 193 preserved before the move to keep things sane should breaks occur.</para> 180 194 181 <para><command>mv ... /lib; ln - sf ../../lib/lib... /usr/lib</command>:195 <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>: 182 196 The <command>login</command> and <command>su</command> programs installed 183 197 by <application>Heimdal</application> link against … … 187 201 libraries are moved to <filename class="directory">/lib</filename> to be 188 202 FHS compliant and also in case 189 <filename class="directory">/usr</filename> is located on a separate partition190 which may not always be mounted.</para>203 <filename class="directory">/usr</filename> is located on a separate 204 partition which may not always be mounted.</para> 191 205 192 206 </sect2> … … 209 223 <title>Configuration Information</title> 210 224 225 <note> 226 <para>All the configuration steps shown below must be accomplished 227 by the <systemitem class='username'>root</systemitem> user unless 228 otherwise noted.</para> 229 </note> 230 211 231 <sect4> 212 232 <title>Master KDC Server Configuration</title> … … 215 235 following commands:</para> 216 236 217 <screen role="root"><userinput>install -v - d /etc/heimdal &&237 <screen role="root"><userinput>install -v -m755 -d /etc/heimdal && 218 238 cat > /etc/heimdal/krb5.conf << "EOF" 219 239 <literal># Begin /etc/heimdal/krb5.conf … … 239 259 240 260 # End /etc/heimdal/krb5.conf</literal> 241 EOF</userinput></screen> 261 EOF 262 chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen> 242 263 243 264 <para>You will need to substitute your domain and proper hostname … … 265 286 commands:</para> 266 287 267 <screen role="root"><userinput>install - d -m 755/var/lib/heimdal &&288 <screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal && 268 289 kstash</userinput></screen> 269 290 … … 272 293 <screen role="root"><userinput>kadmin -l</userinput></screen> 273 294 274 <para>Choose the defaults for now. You can go in later and change the 275 defaults, should you feel the need. At the <prompt>kadmin></prompt> 276 prompt, issue the following statement:</para> 295 <para>The commands below will prompt you for information about the 296 principles. Choose the defaults for now unless you know what you are 297 doing and need to specify different values. You can go in later and 298 change the defaults, should you feel the need. You may use the up and 299 down arrow keys to use the history feature of <command>kadmin</command> 300 in a similar manner as the <command>bash</command> history 301 feature.</para> 302 303 <para>At the <prompt>kadmin></prompt> prompt, issue the following 304 statement:</para> 277 305 278 306 <screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen> … … 341 369 342 370 <para>At this point, if everything has been successful so far, you 343 can feel fairly confident in the installation and configuration of 344 the package.</para> 371 can feel fairly confident in the installation, setup and configuration 372 of your new <application>Heimdal</application> Kerberos 5 373 installation.</para> 345 374 346 375 <para id="heimdal-init">Install the … … 407 436 <seglistitem> 408 437 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, 409 ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, 410 kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, 411 login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp, 412 replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet, 413 telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock</seg> 414 <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], 415 libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], 416 libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]</seg> 417 <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss, and 418 /var/lib/heimdal</seg> 438 ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd, 439 kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, 440 ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, 441 push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, 442 telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf 443 and xnlock</seg> 444 <seg>libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a], 445 libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], 446 libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a] 447 and libss.[so,a]</seg> 448 <seg>/etc/heimdal, /usr/include/kadm5, 449 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg> 419 450 </seglistitem> 420 451 </segmentedlist> … … 527 558 <term><command>kauth</command></term> 528 559 <listitem> 529 <para>is a symbolic link to the <command>kinit</command> program.</para> 560 <para>is a symbolic link to the <command>kinit</command> 561 program.</para> 530 562 <indexterm zone="heimdal kauth"> 531 563 <primary sortas="g-kauth">kauth</primary> 564 </indexterm> 565 </listitem> 566 </varlistentry> 567 568 <varlistentry id="kcm"> 569 <term><command>kcm</command></term> 570 <listitem> 571 <para>is a process based credential cache for Kerberos 572 tickets.</para> 573 <indexterm zone="heimdal kcm"> 574 <primary sortas="b-kcm">kcm</primary> 532 575 </indexterm> 533 576 </listitem>
Note:
See TracChangeset
for help on using the changeset viewer.