r4889 - in trunk/BOOK: introduction/welcome postlfs/security

larry at linuxfromscratch.org larry at linuxfromscratch.org
Sat Aug 6 13:06:36 PDT 2005


Author: larry
Date: 2005-08-06 14:06:34 -0600 (Sat, 06 Aug 2005)
New Revision: 4889

Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/mitkrb.xml
Log:
verified instructions to MIT-krb5

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-08-06 15:51:45 UTC (rev 4888)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-08-06 20:06:34 UTC (rev 4889)
@@ -23,6 +23,9 @@
   <para>&version; – &releasedate;</para>
 
   <itemizedlist>
+
+    <listitem>August 6th, 2005 [larry]: Added dictionary file to mit
+kerberos setup and made adjusts for PAM</listitem>
     
     <listitem>
       <para>August 6th, 2005 [randy]: Updated to S-Lang-2.0.4.</para>

Modified: trunk/BOOK/postlfs/security/mitkrb.xml
===================================================================
--- trunk/BOOK/postlfs/security/mitkrb.xml	2005-08-06 15:51:45 UTC (rev 4888)
+++ trunk/BOOK/postlfs/security/mitkrb.xml	2005-08-06 20:06:34 UTC (rev 4889)
@@ -57,7 +57,7 @@
         <para>Estimated build time: &mitkrb-time;</para>
       </listitem>
     </itemizedlist>
-<!--
+
     <bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
@@ -72,7 +72,7 @@
       there is a time difference between a kerberized client and the
       KDC server.</para>
     </note>
--->
+
   </sect2>
 
   <sect2 role="installation">
@@ -84,7 +84,7 @@
     using <xref linkend='heimdal'/> to implement the functionality of this
     package.</para></note> 
     
-<!--
+
     <para><application>MIT krb5</application> is distributed in a
     TAR file containing a compressed TAR package and a detached PGP
     <filename class="extension">ASC</filename> file.</para>
@@ -106,8 +106,6 @@
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &&
-mv -v /bin/login /bin/login.shadow &&
-cp -v /usr/sbin/login.krb5 /bin/login &&
 mv -v /usr/bin/ksu /bin &&
 mv -v /usr/lib/libkrb5.so.3* /lib &&
 mv -v /usr/lib/libkrb4.so.2* /lib &&
@@ -120,13 +118,28 @@
 ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
 ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
 ldconfig</userinput></screen>
--->
+
+    <para>Without <application>Linux-Pam</application>, the following
+should be entered, also as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
+cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
+
+    <para>If <application>Cracklib</application> is installed or if any
+word list has been put in <filename class=directory>/usr/share/dict</filename>, the following
+should be entered, also as the <systemitem class="username">root</systemitem> us
+er:</para>
+
+<screen role="root"><userinput>sn -s /usr/share/dict/words
+/var/lib/krb5kdc/kadmin.dict</userinput></screen>
+
+
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
     <para></para>
-<!--
+
     <para><parameter>- -enable-dns</parameter>: This switch allows
     realms to be resolved using the DNS server.</para>
 
@@ -145,13 +158,13 @@
     are linked against these libraries, therefore we move these libraries
     to <filename class="directory">/lib</filename> to allow logins without
     mounting <filename class="directory">/usr</filename>.</para>
--->
+
   </sect2>
 
   <sect2 role="configuration">
     <title>Configuring MIT Krb5</title>
     <para></para>
-<!--
+
     <sect3 id="krb5-config">
       <title>Config Files</title>
 
@@ -230,7 +243,8 @@
         <systemitem class="username">root</systemitem>.</para>
 
 <screen role="root"><userinput>kadmin.local
-<prompt>kadmin:</prompt> addprinc <replaceable>[loginname]</replaceable></userinput></screen>
+<prompt>kadmin:</prompt> add_policy dict-only
+<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>[loginname]</replaceable></userinput></screen>
 
         <para>The KDC server and any machine running kerberized
         server daemons must have a host key installed:</para>
@@ -346,7 +360,7 @@
   <sect2 role="content">
     <title>Contents</title>
     <para></para>
-<!--
+
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
       <segtitle>Installed Libraries</segtitle>
@@ -714,7 +728,7 @@
       </varlistentry>
 
     </variablelist>
--->
+
   </sect2>
 
 </sect1>




More information about the blfs-book mailing list