cvs commit: BLFS/BOOK/postlfs/security/heimdal heimdal-config.xml heimdal-intro.xml

igor at linuxfromscratch.org igor at linuxfromscratch.org
Thu Apr 29 14:53:08 PDT 2004


igor        04/04/29 15:53:08

  Modified:    BOOK     index.xml
               BOOK/introduction/welcome changelog.xml
               BOOK/postlfs/security/heimdal heimdal-config.xml
                        heimdal-intro.xml
  Log:
  more heimdal fixes
  
  Revision  Changes    Path
  1.445     +3 -3      BLFS/BOOK/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/index.xml,v
  retrieving revision 1.444
  retrieving revision 1.445
  diff -u -r1.444 -r1.445
  --- index.xml	28 Apr 2004 15:22:03 -0000	1.444
  +++ index.xml	29 Apr 2004 21:53:08 -0000	1.445
  @@ -2,9 +2,9 @@
   <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" 
   			"/usr/share/docbook/docbookx.dtd" [
   
  -<!ENTITY version "CVS-20040428">
  -<!ENTITY releasedate "April 28th, 2004">
  -<!ENTITY pubdate "2004-04-28">
  +<!ENTITY version "CVS-20040429">
  +<!ENTITY releasedate "April 29th, 2004">
  +<!ENTITY pubdate "2004-04-29">
   <!ENTITY blfs-version "cvs">
   
   <!ENTITY % book SYSTEM "book/book.ent">
  
  
  
  1.1097    +4 -0      BLFS/BOOK/introduction/welcome/changelog.xml
  
  Index: changelog.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/introduction/welcome/changelog.xml,v
  retrieving revision 1.1096
  retrieving revision 1.1097
  diff -u -r1.1096 -r1.1097
  --- changelog.xml	28 Apr 2004 15:22:03 -0000	1.1096
  +++ changelog.xml	29 Apr 2004 21:53:08 -0000	1.1097
  @@ -11,6 +11,10 @@
   
   <itemizedlist>
   
  +<listitem><para>April 29th, 2004 [igor]: Fixed various errors in
  +Heimdal instructions, caught by Randy, Larry, DJ and
  +Nathan.</para></listitem>
  +
   <listitem><para>April 28th, 2004 [igor]: Finished the Heimdal
   addition.</para></listitem>
   
  
  
  
  1.3       +118 -1    BLFS/BOOK/postlfs/security/heimdal/heimdal-config.xml
  
  Index: heimdal-config.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-config.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- heimdal-config.xml	29 Apr 2004 17:38:12 -0000	1.2
  +++ heimdal-config.xml	29 Apr 2004 21:53:08 -0000	1.3
  @@ -13,7 +13,7 @@
   Create the Kerberos configuration file with the following command:
   </para>
   
  -<screen><userinput><command>mkdir /etc/heimdal &&
  +<screen><userinput><command>install -d /etc/heimdal &&
   cat > /etc/heimdal/krb5.conf << "EOF"</command>
   # Begin /etc/heimdal/krb5.conf
           
  @@ -25,6 +25,7 @@
       <replaceable>[LFS.ORG]</replaceable> = {
           kdc = <replaceable>[belgarath.lfs.org]</replaceable>
           admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
  +        kpasswd_server = <replaceable>[belgarath.lfs.org]</replaceable>
       }
   
   [domain_realm]
  @@ -173,11 +174,127 @@
   fairly confident in the installation and configuration of the package.
   </para>
   
  +<!--
   <para>Install <filename>/etc/rc.d/init.d/heimdal</filename> init script
   included in the <xref linkend="intro-important-bootscripts"/>
   package.</para>
   
   <screen><userinput><command>make install-heimdal</command></userinput></screen>
  +-->
  +
  +<para>
  +To automate the running of Kerberos server and 
  +<command>kpasswdd</command> daemon, use the following command to create
  +the init.d script:
  +</para>
  +
  +<screen><userinput><command>cat > /etc/rc.d/init.d/heimdal << "EOF"</command>
  +#!/bin/sh
  +# Begin $rc_base/init.d/heimdal
  +
  +# Based on sysklogd script from LFS-3.1 and earlier.
  +# Rewritten by Gerard Beekmans  - gerard at linuxfromscratch.org
  +# Heimdal bootscript submitted by Randy McMurchy - LFS-User at mcmurchy.com
  +
  +. /etc/sysconfig/rc
  +. $rc_functions
  +
  +case "$1" in
  +        start)  
  +                echo "Starting KDC Server Daemon..."
  +                if test -f "/var/run/kdc.pid"
  +                then
  +                        print_status warning running
  +                else
  +                        /usr/sbin/kdc &
  +                        sleep 1
  +                        if test -f "/var/run/kdc.pid"
  +                        then
  +                                print_status success
  +                        else
  +                                print_status failure
  +                        fi
  +                fi
  +                echo "Starting KDC kpasswdd Daemon..."
  +                if test -f "/var/run/kpasswdd.pid"
  +                then
  +                        print_status warning running
  +                else
  +                        /usr/sbin/kpasswdd &
  +                        sleep 1
  +                        if test -f "/var/run/kpasswdd.pid"
  +                        then
  +                                print_status success
  +                        else
  +                                print_status failure
  +                        fi
  +                fi
  +                ;;
  +
  +        stop)   
  +                echo "Stopping KDC kpasswdd Daemon..."
  +                killproc /usr/sbin/kpasswdd
  +                echo "Stopping KDC Server Daemon..."
  +                killproc /usr/sbin/kdc
  +                ;;
  +
  +        restart)
  +                $0 stop
  +                sleep 1
  +                $0 start
  +                ;;
  +
  +        status)
  +                statusproc /usr/sbin/kdc
  +                statusproc /usr/sbin/kpasswdd
  +                ;;
  +
  +        *)
  +                echo "Usage: $0 {start|stop|restart|status}"
  +                exit 1
  +                ;;
  +esac
  +
  +# End $rc_base/init.d/heimdal
  +<command>EOF</command></userinput></screen>
  +
  +<para>
  +Create the symbolic links to this file in the relevant <filename
  +class="directory">rc.d</filename> directory with the following commands:
  +</para>
  +
  +<screen><userinput><command>cd /etc/rc.d/init.d &&
  +ln -sf ../init.d/heimdal ../rc0.d/K42heimdal &&
  +ln -sf ../init.d/heimdal ../rc1.d/K42heimdal &&
  +ln -sf ../init.d/heimdal ../rc2.d/K42heimdal &&
  +ln -sf ../init.d/heimdal ../rc3.d/S28heimdal &&
  +ln -sf ../init.d/heimdal ../rc4.d/S28heimdal &&
  +ln -sf ../init.d/heimdal ../rc5.d/S28heimdal &&
  +ln -sf ../init.d/heimdal ../rc6.d/K42heimdal</command></userinput></screen>
  +
  +</sect4>
  +
  +<sect4><title>Using Kerberized Client Programs</title>
  +
  +<para>
  +To use the kerberized client programs (<command>telnet</command>,
  +<command>ftp</command>, <command>rsh</command>,
  +<command>rxterm</command>, <command>rxtelnet</command>,
  +<command>rcp</command>, <command>xnlock</command>), you first must get
  +an authentication ticket. Use the <command>kinit</command> program to
  +get the ticket. After you've acquired the ticket, you can use the
  +kerberized programs to connect to any kerberized server on the network.
  +You will not be prompted for authentication until your ticket expires
  +(default is one day), unless you specify a different user as a command
  +line argument to the program.
  +</para>
  +
  +<para>
  +The kerberized programs will connect to non kerberized daemons, warning
  +you that authentication is not encrypted. As mentioned earlier, only the
  +<command>ftp</command> program gives any trouble connecting to non
  +kerberized daemons.
  +</para>
   
   </sect4>
   
  
  
  
  1.3       +2 -3      BLFS/BOOK/postlfs/security/heimdal/heimdal-intro.xml
  
  Index: heimdal-intro.xml
  ===================================================================
  RCS file: /home/cvsroot/BLFS/BOOK/postlfs/security/heimdal/heimdal-intro.xml,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- heimdal-intro.xml	29 Apr 2004 17:38:12 -0000	1.2
  +++ heimdal-intro.xml	29 Apr 2004 21:53:08 -0000	1.3
  @@ -10,8 +10,8 @@
   applications work hand-in-hand with sites that support Kerberos to
   ensure that passwords cannot be stolen. A Kerberos installation will
   make changes to the authentication mechanisms on your network and will
  -overwrite several programs and daemons from the Coreutils, Inetutils and
  -Shadow packages.
  +overwrite several programs and daemons from the Coreutils, Inetutils,
  +Qpopper and Shadow packages.
   </para>
   
   <sect3><title>Package information</title>
  @@ -40,7 +40,6 @@
   </para></sect4>
   <sect4><title>Optional</title>
   <para>
  -<xref linkend="tcpwrappers"/>,
   <xref linkend="readline"/>,
   <xref linkend="Linux_PAM"/>,
   <xref linkend="xorg"/> or
  
  
  



More information about the blfs-book mailing list