Changeset d156225

Timestamp:

07/26/2005 02:25:33 AM (19 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

49f07aad

Parents:

1ae5e7f

Message:

Updated to Heimdal-0.7

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4780 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (3 diffs)
• introduction/welcome/changelog.xml (modified) (2 diffs)
• postlfs/security/heimdal.xml (modified) (18 diffs)

general.ent

@@ -30 +30 @@
 
 <!-- Chapter 4 -->
+
+<!-- Ensure you check the library version number and update the
+     Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
 <!ENTITY openssl-version              "0.9.7g">
+<!-- End special note about Heimdal -->
+
 <!ENTITY cracklib-version             "2.8.3">
 <!ENTITY Linux_PAM-version            "0.80">
@@ -37 +42 @@
 <!ENTITY gnupg-version                "1.4.1">
 <!ENTITY tripwire-version             "portable-0.9">
-<!ENTITY heimdal-version              "0.6.3">
+<!ENTITY heimdal-version              "0.7">
 <!ENTITY mitkrb-version               "1.4">
 <!ENTITY cyrus-sasl-version           "2.1.21">
@@ -281 +286 @@
 
 <!-- Chapter 23 -->
+
+<!-- Ensure you check the library version number and update the
+     Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
 <!ENTITY db-version                   "4.3.28">
+<!-- End special note about Heimdal -->
+
 <!ENTITY mysql-version                "4.1.12">
 <!ENTITY postgresql-version           "8.0.3">

introduction/welcome/changelog.xml

@@ -26 +26 @@
     
     <listitem>
+      <para>July 25th 2005 [randy]: Updated to Heimdal-0.7.</para>
+    </listitem>
+
+    <listitem>
       <para>July 25th 2005 [djensen]: Updated to Imlib2-1.2.1.</para>
     </listitem>
@@ -33 +37 @@
     </listitem>
 
-        <listitem>
-                <para>July 25th 2005 [tushar]: Added optional defines to xorg to
-                allow installation into standard directories.</para>
-        </listitem>
+    <listitem>
+      <para>July 25th 2005 [tushar]: Added optional defines to xorg to
+      allow installation into standard directories.</para>
+    </listitem>
 
     <listitem>

postlfs/security/heimdal.xml

@@ -7 +7 @@
   <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
   <!ENTITY heimdal-download-ftp  "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
-  <!ENTITY heimdal-md5sum        "2265fd2d4573dd3a8da45ce62519e48b">
-  <!ENTITY heimdal-size          "3.3 MB">
-  <!ENTITY heimdal-buildsize     "71 MB">
-  <!ENTITY heimdal-time          "2.06 SBU">
+  <!ENTITY heimdal-md5sum        "0a8097a8772d5d2de8c5539d3182b82a">
+  <!ENTITY heimdal-size          "4.5 MB">
+  <!ENTITY heimdal-buildsize     "91 MB">
+  <!ENTITY heimdal-time          "2.4 SBU">
 ]>
 
@@ -31 +31 @@
 
     <para><application>Heimdal</application> is a free implementation
-    of Kerberos 5, that aims to be compatible with MIT krb5 and is
+    of Kerberos 5 that aims to be compatible with MIT krb5 and is
     backwards compatible with krb4. Kerberos is a network authentication
     protocol. Basically it preserves the integrity of passwords in any
     untrusted network (like the Internet). Kerberized applications work
     hand-in-hand with sites that support Kerberos to ensure that passwords
-    cannot be stolen. A Kerberos installation will make changes to the
-    authentication mechanisms on your network and will overwrite several
+    cannot be stolen or compromised. A Kerberos installation will make changes
+    to the authentication mechanisms on your network and will overwrite several
     programs and daemons from the <application>Coreutils</application>,
     <application>Inetutils</application>, <application>Qpopper</application>
@@ -71 +71 @@
       </listitem>
       <listitem>
-        <para>Required patch for <application>cracklib</application>: <ulink
+        <para>Required patch for <application>CrackLib</application> support: <ulink
         url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
       </listitem>
@@ -86 +86 @@
     <xref linkend="openldap"/>,
     X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
-    <xref linkend="cracklib"/> and
+    <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
+    patch) and
     <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
 
@@ -106 +107 @@
     <command>ftp</command> program to connect to non-kerberized ftp servers may
     not work properly. It will allow you to connect (letting you know that
-    transmission of the password is clear text) but will have problems doing puts
-    and gets. Issue the following command as the <systemitem
-    class="username">root</systemitem> user.</para>
+    transmission of the password is clear text) but will have problems doing
+    puts and gets. Issue the following command as the
+    <systemitem class="username">root</systemitem> user.</para>
 
 <screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
 
     <para>If you wish the <application>Heimdal</application> package to
-    link against the <application>cracklib</application> library, you
-    must apply a patch:</para>
+    link against the <application>CrackLib</application> library (requires
+    <xref linkend="cracklib"/> installed with the <filename>heimdal</filename>
+    patch), you must apply a patch:</para>
 
 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
@@ -122 +124 @@
 
 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
-./configure --prefix=/usr --sysconfdir=/etc/heimdal \
-    --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
-    --libexecdir=/usr/sbin --enable-shared \
-    --with-openssl=/usr --with-readline=/usr &amp;&amp;
+./configure --prefix=/usr \
+            --sysconfdir=/etc/heimdal \
+            --libexecdir=/usr/sbin \
+            --datadir=/var/lib/heimdal \
+            --localstatedir=/var/lib/heimdal \
+            --enable-shared \
+            --with-readline=/usr &amp;&amp;
 make</userinput></screen>
 
+    <para>To test the results, issue: <command>make check</command>.</para>
+
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &amp;&amp;
+install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
+install -v -m644 doc/{init-creds,layman.asc} \
+    /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
+install -v -m644 doc/standardisation/* \
+    /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
 mv -v /bin/login /bin/login.shadow &amp;&amp;
 mv -v /bin/su /bin/su.shadow &amp;&amp;
 mv -v /usr/bin/{login,su} /bin &amp;&amp;
 ln -v -sf ../../bin/login /usr/bin &amp;&amp;
-mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
-   /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &amp;&amp;
-ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
-    /usr/lib &amp;&amp;
-ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
-    /usr/lib &amp;&amp;
-ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
-    /usr/lib &amp;&amp;
+mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
+      /usr/lib/libdb-4.3.so /lib &amp;&amp;
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &amp;&amp;
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &amp;&amp;
+for SYMLINK in otp.so.0.1.3  kafs.so.0.4.1   krb5.so.17.4.0 \
+               asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
+do
+    ln -v -sf ../../lib/lib$SYMLINK \
+        /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
+done
 ldconfig</userinput></screen>
 
@@ -154 +168 @@
     <filename class="directory">/usr/sbin</filename>.</para>
 
-    <note>
+    <tip>
       <para>If you want to preserve all your existing
       <application>Inetutils</application> package daemons, install the
@@ -167 +181 @@
       some of the user programs (such as <command>kadmin</command>) to
       <filename class="directory">/usr/sbin</filename> manually so they'll be
-      in the privileged user's default path.</para>
-    </note>
+      in the privileged user's default <envar>PATH</envar>.</para>
+    </tip>
 
     <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
@@ -179 +193 @@
     preserved before the move to keep things sane should breaks occur.</para>
 
-    <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>:
+    <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
     The <command>login</command> and <command>su</command> programs installed
     by <application>Heimdal</application> link against
@@ -187 +201 @@
     libraries are moved to <filename class="directory">/lib</filename> to be
     FHS compliant and also in case
-    <filename class="directory">/usr</filename> is located on a separate partition
-    which may not always be mounted.</para>
+    <filename class="directory">/usr</filename> is located on a separate
+    partition which may not always be mounted.</para>
 
   </sect2>
@@ -209 +223 @@
       <title>Configuration Information</title>
 
+        <note>
+          <para>All the configuration steps shown below must be accomplished
+          by the <systemitem class='username'>root</systemitem> user unless
+          otherwise noted.</para>
+        </note>
+
       <sect4>
         <title>Master KDC Server Configuration</title>
@@ -215 +235 @@
         following commands:</para>
 
-<screen role="root"><userinput>install -v -d /etc/heimdal &amp;&amp;
+<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
 cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
 <literal># Begin /etc/heimdal/krb5.conf
@@ -239 +259 @@
 
 # End /etc/heimdal/krb5.conf</literal>
-EOF</userinput></screen>
+EOF
+chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
 
         <para>You will need to substitute your domain and proper hostname
@@ -265 +286 @@
         commands:</para>
 
-<screen role="root"><userinput>install -d -m 755 /var/lib/heimdal &amp;&amp;
+<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
 kstash</userinput></screen>
 
@@ -272 +293 @@
 <screen role="root"><userinput>kadmin -l</userinput></screen>
 
-        <para>Choose the defaults for now. You can go in later and change the
-        defaults, should you feel the need. At the <prompt>kadmin&gt;</prompt>
-        prompt, issue the following statement:</para>
+        <para>The commands below will prompt you for information about the
+        principles. Choose the defaults for now unless you know what you are
+        doing and need to specify different values. You can go in later and
+        change the defaults, should you feel the need. You may use the up and
+        down arrow keys to use the history feature of <command>kadmin</command>
+        in a similar manner as the <command>bash</command> history
+        feature.</para>
+
+        <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
+        statement:</para>
 
 <screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen>
@@ -341 +369 @@
 
         <para>At this point, if everything has been successful so far, you
-        can feel fairly confident in the installation and configuration of
-        the package.</para>
+        can feel fairly confident in the installation, setup and configuration
+        of your new <application>Heimdal</application> Kerberos 5
+        installation.</para>
 
         <para id="heimdal-init">Install the
@@ -407 +436 @@
       <seglistitem>
         <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
-        ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred,
-        kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd,
-        login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp,
-        replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet,
-        telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock</seg>
-        <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
-        libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
-        libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]</seg>
-        <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss, and
-        /var/lib/heimdal</seg>
+        ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
+        kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
+        ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
+        push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
+        telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
+        and xnlock</seg>
+        <seg>libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a],
+        libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a],
+        libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a]
+        and libss.[so,a]</seg>
+        <seg>/etc/heimdal, /usr/include/kadm5,
+        /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
       </seglistitem>
     </segmentedlist>
@@ -527 +558 @@
         <term><command>kauth</command></term>
         <listitem>
-          <para>is a symbolic link to the <command>kinit</command> program.</para>
+          <para>is a symbolic link to the <command>kinit</command>
+          program.</para>
           <indexterm zone="heimdal kauth">
             <primary sortas="g-kauth">kauth</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="kcm">
+        <term><command>kcm</command></term>
+        <listitem>
+          <para>is a process based credential cache for Kerberos
+          tickets.</para>
+          <indexterm zone="heimdal kcm">
+            <primary sortas="b-kcm">kcm</primary>
           </indexterm>
         </listitem>