cvs commit: BLFS/BOOK/postlfs/security/heimdal heimdal-config.xml heimdal-exp.xml heimdal-inst.xml heimdal-intro.xml

igor at linuxfromscratch.org igor at linuxfromscratch.org
Thu Apr 29 10:38:12 PDT 2004


igor        04/04/29 11:38:12

  Modified:    BOOK/basicnet/netprogs ntp.xml
               BOOK/postlfs/security/heimdal heimdal-config.xml
                        heimdal-exp.xml heimdal-inst.xml heimdal-intro.xml
  Log:
  various heimdal fixes (more to come)
  
  Revision  Changes    Path
  1.2       +1 -2      BLFS/BOOK/basicnet/netprogs/ntp.xml
  
  Index: ntp.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/basicnet/netprogs/ntp.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ntp.xml	29 Sep 2003 04:06:53 -0000	1.1
  +++ ntp.xml	29 Apr 2004 17:38:11 -0000	1.2
  @@ -1,4 +1,4 @@
  -<sect1 id="ntp" xreflabel="ntp-&ntp-version;">
  +<sect1 id="ntp" xreflabel="NTP-&ntp-version;">
   <?dbhtml filename="ntp.html" dir="basicnet"?>
   <title>NTP-&ntp-version;</title>
   
  @@ -8,4 +8,3 @@
   &ntp-desc;
   
   </sect1>
  -
  
  
  
  1.2       +18 -13    BLFS/BOOK/postlfs/security/heimdal/heimdal-config.xml
  
  Index: heimdal-config.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-config.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- heimdal-config.xml	27 Apr 2004 20:26:14 -0000	1.1
  +++ heimdal-config.xml	29 Apr 2004 17:38:12 -0000	1.2
  @@ -7,25 +7,28 @@
   
   <sect3><title>Configuration Information</title>
   
  +<sect4><title>Master KDC Server Configuration</title>
  +
   <para>
   Create the Kerberos configuration file with the following command:
   </para>
   
  -<screen><userinput><command>cat > /etc/heimdal/krb5.conf << "EOF"</command>
  +<screen><userinput><command>mkdir /etc/heimdal &&
  +cat > /etc/heimdal/krb5.conf << "EOF"</command>
   # Begin /etc/heimdal/krb5.conf
           
   [libdefaults]
  -    default_realm = LFS.ORG
  +    default_realm = <replaceable>[LFS.ORG]</replaceable>
       encrypt = true
   
   [realms]
  -    LFS.ORG = {
  -        kdc = belgarath.lfs.org
  -        admin_server = belgarath.lfs.org
  +    <replaceable>[LFS.ORG]</replaceable> = {
  +        kdc = <replaceable>[belgarath.lfs.org]</replaceable>
  +        admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
       }
   
   [domain_realm]
  -    .lfs.org = LFS.ORG
  +    .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
   
   [logging]
       kdc = FILE:/var/log/kdc.log
  @@ -81,28 +84,28 @@
   <userinput>kadmin></userinput> prompt, issue the following statement:
   </para>
   
  -<screen><userinput><command>init LFS.ORG</command></userinput></screen>
  +<screen><userinput><command>init <replaceable>[LFS.ORG]</replaceable></command></userinput></screen>
   
   <para>
   Now we need to populate the database with principles (users). For now,
   just use your regular login name or root. 
   </para>
   
  -<screen><userinput><command>add loginname</command></userinput></screen>
  +<screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
   
   <para>
   The <acronym>KDC</acronym> server and any machine running kerberized
   server daemons must have a host key installed:
   </para>
   
  -<screen><userinput><command>add --random-key host/belgarath.lfs.org</command></userinput></screen>
  +<screen><userinput><command>add --random-key host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
   
   <para>
   After choosing the defaults when prompted, you will have to export the
   data to a keytab file:
   </para>
   
  -<screen><userinput><command>ext host/belgarath.lfs.org</command></userinput></screen>
  +<screen><userinput><command>ext host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
   
   <para>
   This should have created two files in
  @@ -119,13 +122,13 @@
   created the host principles. Below is an example:
   </para>
   
  -<screen><userinput><command>add --random-key ftp/belgarath.lfs.org</command></userinput></screen>
  +<screen><userinput><command>add --random-key ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
   
   <para>
   (choose the defaults)
   </para>
   
  -<screen><userinput><command>ext ftp/belgarath.lfs.org</command></userinput></screen>
  +<screen><userinput><command>ext ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
   
   <para>
   Exit the <command>kadmin</command> program (use <command>quit</command>
  @@ -140,7 +143,7 @@
   Attempt to get a ticket with the following command:
   </para>
   
  -<screen><userinput><command>kinit loginname</command></userinput></screen>
  +<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
   
   <para>
   You will be prompted for the password you created. After you get your
  @@ -175,6 +178,8 @@
   package.</para>
   
   <screen><userinput><command>make install-heimdal</command></userinput></screen>
  +
  +</sect4>
   
   </sect3>
   
  
  
  
  1.3       +7 -7      BLFS/BOOK/postlfs/security/heimdal/heimdal-exp.xml
  
  Index: heimdal-exp.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-exp.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- heimdal-exp.xml	28 Apr 2004 15:22:03 -0000	1.2
  +++ heimdal-exp.xml	29 Apr 2004 17:38:12 -0000	1.3
  @@ -23,22 +23,22 @@
   <para>
   <screen><command>mv /bin/login /bin/login.shadow
   mv /bin/su /bin/su.coreutils
  -cp /usr/bin/login /bin
  -mv /usr/bin/su /bin</command></screen>
  +mv /usr/bin/{login,su} /bin
  +ln -sf ../../bin/login /usr/bin</command></screen>
   The <command>login</command> and <command>su</command> programs
   installed by Heimdal belong in <filename
   class="directory">/bin</filename> directory. The
  -<command>login</command> program is copied because Heimdal is expecting
  +<command>login</command> program is symlinked because Heimdal is expecting
   to find it in <filename class="directory">/usr/bin</filename>. We
   preserve the old executables before the move to keep things sane should
   breaks occur.
   </para>
   
   <para>
  -<screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib
  -mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib
  -mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib
  -mv /usr/lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /usr/lib
  +<screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
  +mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
  +mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
  +mv /usr/lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /lib
   ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib
   ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib
   ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib
  
  
  
  1.3       +8 -7      BLFS/BOOK/postlfs/security/heimdal/heimdal-inst.xml
  
  Index: heimdal-inst.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-inst.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- heimdal-inst.xml	28 Apr 2004 15:22:03 -0000	1.2
  +++ heimdal-inst.xml	29 Apr 2004 17:38:12 -0000	1.3
  @@ -23,15 +23,16 @@
   make install &&
   mv /bin/login /bin/login.shadow &&
   mv /bin/su /bin/su.coreutils &&
  -cp /usr/bin/login /bin &&
  -mv /usr/bin/su /bin &&
  -mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib &&
  -mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib &&
  -mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib &&
  -mv /usr/lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /usr/lib &&
  +mv /usr/bin/{login,su} /bin &&
  +ln -sf ../../bin/login /usr/bin &&
  +mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &&
  +mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &&
  +mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &&
  +mv /usr/lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /lib &&
   ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib &&
   ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib &&
   ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib &&
  -ln -sf ../../lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /usr/lib</command></userinput></screen>
  +ln -sf ../../lib/lib{com_err.so.1,com_err.so.1.1.1,db-4.1.so} /usr/lib &&
  +ldconfig</command></userinput></screen>
   
   </sect2>
  
  
  
  1.2       +13 -3     BLFS/BOOK/postlfs/security/heimdal/heimdal-intro.xml
  
  Index: heimdal-intro.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-intro.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- heimdal-intro.xml	27 Apr 2004 20:26:14 -0000	1.1
  +++ heimdal-intro.xml	29 Apr 2004 17:38:12 -0000	1.2
  @@ -42,10 +42,20 @@
   <para>
   <xref linkend="tcpwrappers"/>,
   <xref linkend="readline"/>,
  -<xref linkend="Linux_PAM"/> and
  +<xref linkend="Linux_PAM"/>,
   <xref linkend="xorg"/> or
  -<xref linkend="xfree86"/>
  -</para></sect4>
  +<xref linkend="xfree86"/>,
  +<xref linkend="openldap"/> and
  +<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
  +</para>
  +
  +<note><para>
  +Some sort of time synchronization facility on your system (like <xref
  +linkend="ntp"/>) is required since Kerberos won't authenticate if the
  +time differential between a kerberized client and the
  +<acronym>KDC</acronym> server is more than 5 minutes.</para></note> 
  +</sect4>
  +
   </sect3>
   
   </sect2>
  
  
  



More information about the blfs-book mailing list