r3345 - in trunk: BOOK BOOK/appendices BOOK/introduction/welcome BOOK/postlfs/security patches

randy at linuxfromscratch.org randy at linuxfromscratch.org
Thu Jan 27 07:36:16 PST 2005


Author: randy
Date: 2005-01-27 08:36:13 -0700 (Thu, 27 Jan 2005)
New Revision: 3345

Added:
   trunk/patches/heimdal-0.6.3-cracklib-1.patch
   trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch
Removed:
   trunk/patches/heimdal-0.6.2-cracklib-1.patch
   trunk/patches/heimdal-0.6.2-fhs_compliance-1.patch
Modified:
   trunk/BOOK/appendices/glossary.xml
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/heimdal.xml
   trunk/patches/cracklib,2.7-heimdal-1.patch
Log:
Updated to Heimdal-0.6.3; updated Glossary

Modified: trunk/BOOK/appendices/glossary.xml
===================================================================
--- trunk/BOOK/appendices/glossary.xml	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/BOOK/appendices/glossary.xml	2005-01-27 15:36:13 UTC (rev 3345)
@@ -48,6 +48,9 @@
 <glossentry id="gASCII"><glossterm><acronym>ASCII</acronym></glossterm>
 <glossdef><para>American Standard Code for Information Interchange</para></glossdef></glossentry>
 
+<glossentry id="gASN"><glossterm><acronym>ASN</acronym></glossterm>
+<glossdef><para>Abstract Syntax Notation</para></glossdef></glossentry>
+
 <glossentry id="gASF"><glossterm><acronym>ASF</acronym></glossterm>
 <glossdef><para>Advanced Streaming Format</para></glossdef></glossentry>
 
@@ -66,6 +69,9 @@
 <glossentry id="gAWT"><glossterm><acronym>AWT</acronym></glossterm>
 <glossdef><para>Abstract Window Toolkit</para></glossdef></glossentry>
 
+<glossentry id="gBER"><glossterm><acronym>BER</acronym></glossterm>
+<glossdef><para>Basic Encoding Rules</para></glossdef></glossentry>
+
 <glossentry id="gBIC"><glossterm><acronym>BICS</acronym></glossterm>
 <glossdef><para>Berkeley/IRCAM/CARL</para></glossdef></glossentry>
 
@@ -124,6 +130,9 @@
 <glossentry id="gDEC"><glossterm><acronym>DEC</acronym></glossterm>
 <glossdef><para>Digital Equipment Corporation</para></glossdef></glossentry>
 
+<glossentry id="gDER"><glossterm><acronym>DER</acronym></glossterm>
+<glossdef><para>Distinguished Encoding Rules</para></glossdef></glossentry>
+
 <glossentry id="gDES"><glossterm><acronym>DES</acronym></glossterm>
 <glossdef><para>Data Encryption Standard</para></glossdef></glossentry>
 
@@ -244,6 +253,12 @@
 <glossentry id="gGPM"><glossterm><acronym>GPM</acronym></glossterm>
 <glossdef><para>General Purpose Mouse</para></glossdef></glossentry>
 
+<glossentry id="gGSS"><glossterm><acronym>GSS</acronym></glossterm>
+<glossdef><para>Generic Security Service</para></glossdef></glossentry>
+
+<glossentry id="gGSSAPI"><glossterm><acronym>GSSAPI</acronym></glossterm>
+<glossdef><para>Generic Security Service Application Programming Interface</para></glossdef></glossentry>
+
 <glossentry id="gGTK"><glossterm><acronym>GTK</acronym></glossterm>
 <glossdef><para><acronym>GIMP</acronym> ToolKit</para></glossdef></glossentry>
 

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/BOOK/general.ent	2005-01-27 15:36:13 UTC (rev 3345)
@@ -1,4 +1,4 @@
-<!ENTITY day          "26">
+<!ENTITY day          "27">
 <!ENTITY month        "01">
 <!ENTITY year         "2005">
 <!ENTITY version      "svn-&year;&month;&day;">
@@ -35,7 +35,7 @@
 <!ENTITY iptables-version             "1.2.11"> 
 <!ENTITY gnupg-version                "1.4.0">  
 <!ENTITY tripwire-version             "portable-0.9">   
-<!ENTITY heimdal-version              "0.6.2">   
+<!ENTITY heimdal-version              "0.6.3">   
 <!ENTITY mitkrb-version               "1.3.6"> 
 <!ENTITY cyrus-sasl-version           "2.1.20"> 
 <!ENTITY stunnel-version              "4.07"> 

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-01-27 15:36:13 UTC (rev 3345)
@@ -22,6 +22,9 @@
 
 <itemizedlist>
 
+<listitem><para>January 27th, 2005 [randy]: Updated to 
+Heimdal-0.6.3; updated Glossary.</para></listitem>
+
 <listitem><para>January 26th, 2005 [randy]: Updated J2SDK binary version to 
 1.4.2_07; updated J2SDK build entities; added download location and build 
 entities to Shadow instructions.</para></listitem>

Modified: trunk/BOOK/postlfs/security/heimdal.xml
===================================================================
--- trunk/BOOK/postlfs/security/heimdal.xml	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/BOOK/postlfs/security/heimdal.xml	2005-01-27 15:36:13 UTC (rev 3345)
@@ -6,9 +6,9 @@
 
   <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
   <!ENTITY heimdal-download-ftp  "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
-  <!ENTITY heimdal-size          "3.2 MB">
-  <!ENTITY heimdal-buildsize     "142 MB">
-  <!ENTITY heimdal-time          "2.55 SBU">
+  <!ENTITY heimdal-size          "3.3 MB">
+  <!ENTITY heimdal-buildsize     "70 MB">
+  <!ENTITY heimdal-time          "2.18 SBU">
 ]>
 
 <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
@@ -18,6 +18,9 @@
 </sect1info>
 <?dbhtml filename="heimdal.html"?>
 <title>Heimdal-&heimdal-version;</title>
+<indexterm zone="heimdal">
+<primary sortas="a-Heimdal">Heimdal</primary>
+</indexterm>
 
 <sect2>
 <title>Introduction to <application>Heimdal</application></title>
@@ -61,21 +64,20 @@
 
 <sect3><title><application>Heimdal</application> dependencies</title>
 <sect4><title>Required</title>
-<para><xref linkend="openssl"/> and
+<para><xref linkend="openssl"/> and 
 <xref linkend="db"/></para>
 </sect4>
+
 <sect4><title>Optional</title>
-<para><xref linkend="Linux_PAM"/>,
-<xref linkend="openldap"/>,
-X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
-<xref linkend="cracklib"/> and
-<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
-</para>
+<para><xref linkend="Linux_PAM"/>, 
+<xref linkend="openldap"/>, 
+X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), 
+<xref linkend="cracklib"/> and 
+<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
 
-<note><para>
-Some sort of time synchronization facility on your system (like <xref
-linkend="ntp"/>) is required since Kerberos won't authenticate if the
-time differential between a kerberized client and the
+<note><para>Some sort of time synchronization facility on your system (like 
+<xref linkend="ntp"/>) is required since Kerberos won't authenticate if the 
+time differential between a kerberized client and the 
 <acronym>KDC</acronym> server is more than 5 minutes.</para></note> 
 </sect4>
 
@@ -86,49 +88,47 @@
 <sect2>
 <title>Installation of <application>Heimdal</application></title>
 
-<para>
-Before installing the package, you may want to preserve the
+<para>Before installing the package, you may want to preserve the
 <command>ftp</command> program from the <application>Inetutils</application> 
 package. This is because using the <application>Heimdal</application> 
 <command>ftp</command> program to connect to non-kerberized ftp servers may 
 not work properly. It will allow you to connect (letting you know that 
 transmission of the password is clear text) but will have problems doing puts 
-and gets.
-</para>
+and gets. Issue the following command as the root user.</para>
 
-<screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
+<screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
 
-<para>
-If you wish the <application>Heimdal</application> package to link against the 
-<application>cracklib</application> library, you must apply a patch:
-</para>
+<para>If you wish the <application>Heimdal</application> package to link 
+against the <application>cracklib</application> library, you must apply a 
+patch:</para>
 
 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
 
-<para>Install <application>Heimdal</application> by running the following commands:</para>
+<para>Install <application>Heimdal</application> by running the following 
+commands:</para>
 
 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
 ./configure --prefix=/usr --sysconfdir=/etc/heimdal \
-    --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \
-    --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \
-    --enable-shared --with-openssl=/usr &&
-make &&
-make install &&
+    --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
+    --libexecdir=/usr/sbin --enable-shared \
+    --with-openssl=/usr --with-readline=/usr &&
+make</command></userinput></screen>
+
+<para>Now, as the root user:</para>
+
+<screen><userinput role='root'><command>make install &&
 mv /bin/login /bin/login.shadow &&
-mv /bin/su /bin/su.coreutils &&
+mv /bin/su /bin/su.shadow &&
 mv /usr/bin/{login,su} /bin &&
 ln -sf ../../bin/login /usr/bin &&
-mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &&
-mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &&
-mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &&
-mv /usr/lib/libdb-4.1.so /lib &&
-ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
+mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
+   /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &&
+ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
     /usr/lib &&
-ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
+ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
     /usr/lib &&
-ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
+ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
     /usr/lib &&
-ln -sf ../../lib/libdb-4.1.so /usr/lib &&
 ldconfig</command></userinput></screen>
 
 </sect2>
@@ -143,73 +143,57 @@
 <note><para>
 If you want to preserve all your existing <application>Inetutils</application> 
 package daemons, install the <application>Heimdal</application> daemons into 
-<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you want).
-Since these programs will be called from <command>(x)inetd</command> or
+<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you 
+want). Since these programs will be called from <command>(x)inetd</command> or 
 <filename>rc</filename> scripts, it really doesn't matter where they are 
-installed, as long as they are correctly specified in the
-<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
+installed, as long as they are correctly specified in the 
+<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename> 
 scripts. If you choose something other than 
 <filename class="directory">/usr/sbin</filename>, you may want to move some of 
 the user programs (such as <command>kadmin</command>) to 
-<filename class="directory">/usr/sbin</filename> manually so they'll be in the
+<filename class="directory">/usr/sbin</filename> manually so they'll be in the 
 privileged user's default path.</para></note>
 
-<para>
-<screen><command>mv /bin/login /bin/login.shadow
-mv /bin/su /bin/su.coreutils
-mv /usr/bin/{login,su} /bin
-ln -sf ../../bin/login /usr/bin</command></screen>
-
-The <command>login</command> and <command>su</command> programs installed by 
+<para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The 
+<command>login</command> and <command>su</command> programs installed by 
 <application>Heimdal</application> belong in the 
-<filename class="directory">/bin</filename> directory. The
+<filename class="directory">/bin</filename> directory. The 
 <command>login</command> program is symlinked because 
 <application>Heimdal</application> is expecting to find it in 
 <filename class="directory">/usr/bin</filename>. The old executables are 
-preserved before the move to keep things sane should breaks occur.
-</para>
+preserved before the move to keep things sane should breaks occur.</para>
 
-<para>
-<screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
-mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
-mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
-mv /usr/lib/libdb-4.1.so /lib
-ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
-    /usr/lib
-ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
-    /usr/lib
-ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
-    /usr/lib
-ln -sf ../../lib/libdb-4.1.so /usr/lib</command></screen>
-
-The <command>login</command> and <command>su</command> programs
-installed by <application>Heimdal</application> link against 
+<para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The 
+<command>login</command> and <command>su</command> programs installed by 
+<application>Heimdal</application> link against 
 <application>Heimdal</application> libraries as well as libraries provided by 
-the <application>OpenSSL</application>, <application>Berkeley DB</application> 
-and <application>E2fsprogs</application> packages. These libraries are moved 
-to <filename class="directory">/lib</filename> to be <acronym>FHS</acronym>
-compliant and also in case <filename class="directory">/usr</filename> is 
-located on a separate partition which may not always be mounted.
-</para>
+the <application>Open<acronym>SSL</acronym></application> and 
+<application>Berkeley <acronym>DB</acronym></application> packages. These 
+libraries are moved to <filename class="directory">/lib</filename> to be 
+<acronym>FHS</acronym> compliant and also in case 
+<filename class="directory">/usr</filename> is located on a separate partition 
+which may not always be mounted.</para>
 
 </sect2>
 
 <sect2>
 <title>Configuring <application>Heimdal</application></title>
 
-<sect3><title>Config files</title>
+<sect3 id="heimdal-config"><title>Config files</title>
 <para><filename>/etc/heimdal/*</filename></para>
+<indexterm zone="heimdal heimdal-config">
+<primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
+</indexterm>
 </sect3>
 
 <sect3><title>Configuration Information</title>
 
 <sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
 
-<para>
-Create the Kerberos configuration file with the following commands:
-</para>
+<para>Create the Kerberos configuration file with the following 
+commands:</para>
 
-<screen><userinput><command>install -d /etc/heimdal &&
+<screen><userinput role='root'><command>install -d /etc/heimdal &&
 cat > /etc/heimdal/krb5.conf << "EOF"</command>
 # Begin /etc/heimdal/krb5.conf
 
@@ -235,193 +219,149 @@
 # End /etc/heimdal/krb5.conf
 <command>EOF</command></userinput></screen>
 
-<para>
-You will need to substitute your domain and proper hostname for the 
+<para>You will need to substitute your domain and proper hostname for the 
 occurrences of the <replaceable>[hostname]</replaceable> and 
-<replaceable>[EXAMPLE.COM]</replaceable> names.
-</para>
+<replaceable>[EXAMPLE.COM]</replaceable> names.</para>
 
-<para>
-<userinput>default_realm</userinput> should be the name of your domain changed 
-to ALL CAPS. This isn't required, but both <application>Heimdal</application> 
-and <application><acronym>MIT</acronym> krb5</application> recommend it.
-</para>
+<para><userinput>default_realm</userinput> should be the name of your domain 
+changed to ALL CAPS. This isn't required, but both 
+<application>Heimdal</application> and <application><acronym>MIT</acronym> 
+krb5</application> recommend it.</para>
 
-<para>
-<userinput>encrypt = true</userinput> provides encryption of all traffic 
+<para><userinput>encrypt = true</userinput> provides encryption of all traffic 
 between kerberized clients and servers. It's not necessary and can be left 
 off. If you leave it off, you can encrypt all traffic from the client to the 
-server using a switch on the client program instead.
-</para>
+server using a switch on the client program instead.</para>
 
-<para>
-The <userinput>[realms]</userinput> parameters tell the client programs where 
-to look for the <acronym>KDC</acronym> authentication services.
-</para>
+<para>The <userinput>[realms]</userinput> parameters tell the client programs 
+where to look for the <acronym>KDC</acronym> authentication services.</para>
 
-<para>
-The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
-</para>
+<para>The <userinput>[domain_realm]</userinput> section maps a domain to a 
+realm.</para>
 
-<para>
-Store the master password in a key file using the following commands:
-</para>
+<para>Store the master password in a key file using the following 
+commands:</para>
 
-<screen><userinput><command>install -d -m 755 /var/lib/heimdal &&
+<screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal &&
 kstash</command></userinput></screen>
 
-<para>
-Create the <acronym>KDC</acronym> database:
-</para>
+<para>Create the <acronym>KDC</acronym> database:</para>
 
-<screen><userinput><command>kadmin -l</command></userinput></screen>
+<screen><userinput role='root'><command>kadmin -l</command></userinput></screen>
 
-<para>
-Choose the defaults for now. You can go in later and change the
-defaults, should you feel the need. At the
-<userinput>kadmin></userinput> prompt, issue the following statement:
-</para>
+<para>Choose the defaults for now. You can go in later and change the 
+defaults, should you feel the need. At the 
+<userinput>kadmin></userinput> prompt, issue the following statement:</para>
 
-<screen><userinput><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
 
-<para>
-The database must now be populated with at least one principle (user). For now, 
-just use your regular login name or root. You may create as few, or as many
-principles as you wish using the following statement: 
-</para>
+<para>The database must now be populated with at least one principle (user). 
+For now, just use your regular login name or root. You may create as few, or 
+as many principles as you wish using the following statement:</para>
 
-<screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
 
-<para>
-The <acronym>KDC</acronym> server and any machine running kerberized
-server daemons must have a host key installed:
-</para>
+<para>The <acronym>KDC</acronym> server and any machine running kerberized
+server daemons must have a host key installed:</para>
 
-<screen><userinput><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
 
-<para>
-After choosing the defaults when prompted, you will have to export the
-data to a keytab file:
-</para>
+<para>After choosing the defaults when prompted, you will have to export the 
+data to a keytab file:</para>
 
-<screen><userinput><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
 
-<para>
-This should have created two files in
-<filename class="directory">/etc/heimdal</filename>:
-<filename>krb5.keytab</filename> (Kerberos 5) and
-<filename>srvtab</filename> (Kerberos 4). Both files should have 600
-(root rw only) permissions. Keeping the keytab files from public access
-is crucial to the overall security of the Kerberos installation.
-</para>
+<para>This should have created two files in 
+<filename class="directory">/etc/heimdal</filename>: 
+<filename>krb5.keytab</filename> (Kerberos 5) and 
+<filename>srvtab</filename> (Kerberos 4). Both files should have 600 
+(root rw only) permissions. Keeping the keytab files from public access 
+is crucial to the overall security of the Kerberos installation.</para>
 
-<para>
-Eventually, you'll want to add server daemon principles to the database
-and extract them to the keytab file. You do this in the same way you
-created the host principles. Below is an example:
-</para>
+<para>Eventually, you'll want to add server daemon principles to the database 
+and extract them to the keytab file. You do this in the same way you created 
+the host principles. Below is an example:</para>
 
-<screen><userinput><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
 
-<para>
-(choose the defaults)
-</para>
+<para>(choose the defaults)</para>
 
-<screen><userinput><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
+<screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
 
-<para>
-Exit the <command>kadmin</command> program (use <command>quit</command>
-or <command>exit</command>) and return back to the shell prompt. Start
+<para>Exit the <command>kadmin</command> program (use <command>quit</command> 
+or <command>exit</command>) and return back to the shell prompt. Start 
 the <acronym>KDC</acronym> daemon manually, just to test out the 
-installation:
-</para>
+installation:</para>
 
-<screen><userinput><command>/usr/sbin/kdc &</command></userinput></screen>
+<screen><userinput role='root'><command>/usr/sbin/kdc &</command></userinput></screen>
 
-<para>
-Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the 
-following command:
-</para>
+<para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with 
+the following command:</para>
 
 <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
 
-<para>
-You will be prompted for the password you created. After you get your
-ticket, you should list it with the following command:
-</para>
+<para>You will be prompted for the password you created. After you get your 
+ticket, you should list it with the following command:</para>
 
 <screen><userinput><command>klist</command></userinput></screen>
 
-<para>
-Information about the ticket should be displayed on the screen.
-</para>
+<para>Information about the ticket should be displayed on the screen.</para>
 
-<para>
-To test the functionality of the keytab file, issue the following command:
-</para>
+<para>To test the functionality of the keytab file, issue the following 
+command:</para>
 
 <screen><userinput><command>ktutil list</command></userinput></screen>
 
-<para>
-This should dump a list of the host principals, along with the encryption
-methods used to access the principals.
-</para>
+<para>This should dump a list of the host principals, along with the encryption 
+methods used to access the principals.</para>
 
-<para>
-At this point, if everything has been successful so far, you can feel
-fairly confident in the installation and configuration of the package.
-</para>
+<para>At this point, if everything has been successful so far, you can feel 
+fairly confident in the installation and configuration of the package.</para>
 
-<para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script
-included in the <xref linkend="intro-important-bootscripts"/>
-package:</para>
+<para id="heimdal-init">Install the 
+<filename>/etc/rc.d/init.d/heimdal</filename> init script included in the 
+<xref linkend="intro-important-bootscripts"/> package:</para>
+<indexterm zone="heimdal heimdal-init">
+<primary sortas="f-heimdal">heimdal</primary>
+</indexterm>
 
-<screen><userinput><command>make install-heimdal</command></userinput></screen>
-
+<screen><userinput role='root'><command>make install-heimdal</command></userinput></screen>
 </sect4>
 
 <sect4><title>Using Kerberized Client Programs</title>
 
-<para>
-To use the kerberized client programs (<command>telnet</command>,
-<command>ftp</command>, <command>rsh</command>,
-<command>rxterm</command>, <command>rxtelnet</command>,
-<command>rcp</command>, <command>xnlock</command>), you first must get
-a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
-get the ticket. After you've acquired the ticket, you can use the
-kerberized programs to connect to any kerberized server on the network.
-You will not be prompted for authentication until your ticket expires
-(default is one day), unless you specify a different user as a command
-line argument to the program.
-</para>
+<para>To use the kerberized client programs (<command>telnet</command>, 
+<command>ftp</command>, <command>rsh</command>, 
+<command>rxterm</command>, <command>rxtelnet</command>, 
+<command>rcp</command>, <command>xnlock</command>), you first must get 
+a <acronym>TGT</acronym>. Use the <command>kinit</command> program to 
+get the ticket. After you've acquired the ticket, you can use the 
+kerberized programs to connect to any kerberized server on the network. 
+You will not be prompted for authentication until your ticket expires 
+(default is one day), unless you specify a different user as a command 
+line argument to the program.</para>
 
-<para>
-The kerberized programs will connect to non-kerberized daemons, warning
-you that authentication is not encrypted. As mentioned earlier, only the
+<para>The kerberized programs will connect to non-kerberized daemons, warning 
+you that authentication is not encrypted. As mentioned earlier, only the 
 <command>ftp</command> program gives any trouble connecting to 
-non-kerberized daemons.
-</para>
+non-kerberized daemons.</para>
 
 <para>In order to use the <application>Heimdal</application> 
-<application>X</application> programs, you'll need to add a service port
+<application>X</application> programs, you'll need to add a service port 
 entry to the <filename>/etc/services</filename> file for the 
-<command>kxd</command> server. There is no 'standardized port number' for
-the 'kx' service in the IANA database, so you'll have to pick an unused port 
-number. Add an entry to the <filename>services</filename> file similar to the 
-entry below (substitute your chosen port number for 
+<command>kxd</command> server. There is no 'standardized port number' for 
+the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to 
+pick an unused port number. Add an entry to the <filename>services</filename> 
+file similar to the entry below (substitute your chosen port number for 
 <replaceable>[49150]</replaceable>):</para>
 
-<screen><userinput>kx              <replaceable>[49150]</replaceable>/tcp   # Heimdal kerberos X
+<screen><userinput role='root'>kx              <replaceable>[49150]</replaceable>/tcp   # Heimdal kerberos X
 kx              <replaceable>[49150]</replaceable>/udp   # Heimdal kerberos X</userinput></screen>
 
-<para>
-For additional information consult <ulink
-url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
-Heimdal hint</ulink> on which the above instructions are based.
-</para>
-
+<para>For additional information consult <ulink 
+url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the 
+Heimdal hint</ulink> on which the above instructions are based.</para>
 </sect4>
-
 </sect3>
 
 </sect2>
@@ -429,182 +369,481 @@
 <sect2>
 <title>Contents</title>
 
-<para>The <application>Heimdal</application> package contains
-<command>afslog</command>,
-<command>dump_log</command>,
-<command>ftp</command>,
-<command>ftpd</command>,
-<command>hprop</command>,
-<command>hpropd</command>,
-<command>ipropd-master</command>,
-<command>ipropd-slave</command>,
-<command>kadmin</command>,
-<command>kadmind</command>,
-<command>kauth</command>,
-<command>kdc</command>,
-<command>kdestroy</command>,
-<command>kf</command>,
-<command>kfd</command>,
-<command>kgetcred</command>,
-<command>kinit</command>,
-<command>klist</command>,
-<command>kpasswd</command>,
-<command>kpasswdd</command>,
-<command>krb5-config</command>,
-<command>kstash</command>,
-<command>ktutil</command>,
-<command>kx</command>,
-<command>kxd</command>,
-<command>login</command>,
-<command>mk_cmds</command>,
-<command>otp</command>,
-<command>otpprint</command>,
-<command>pagsh</command>,
-<command>pfrom</command>,
-<command>popper</command>,
-<command>push</command>,
-<command>rcp</command>,
-<command>replay_log</command>,
-<command>rsh</command>,
-<command>rshd</command>,
-<command>rxtelnet</command>,
-<command>rxterm</command>,
-<command>string2key</command>,
-<command>su</command>,
-<command>telnet</command>,
-<command>telnetd</command>,
-<command>tenletxr</command>,
-<command>truncate_log</command>,
-<command>verify_krb5_conf</command>,
-<command>xnlock</command>,
-<filename class="libraryfile">libasn1</filename>,
-<filename class="libraryfile">libeditline</filename>,
-<filename class="libraryfile">libgssapi</filename>,
-<filename class="libraryfile">libhdb</filename>,
-<filename class="libraryfile">libkadm5clnt</filename>,
-<filename class="libraryfile">libkadm5srv</filename>,
-<filename class="libraryfile">libkafs</filename>,
-<filename class="libraryfile">libkrb5</filename>,
-<filename class="libraryfile">libotp</filename>,
-<filename class="libraryfile">libroken</filename>,
-<filename class="libraryfile">libsl</filename> and
-<filename class="libraryfile">libss</filename>.
-</para>
+<segmentedlist>
+<segtitle>Installed Programs</segtitle>
+<segtitle>Installed Libraries</segtitle>
+<segtitle>Installed Directories</segtitle>
 
-</sect2>
+<seglistitem>
+<seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave, 
+kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist, 
+kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp, 
+otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet, 
+rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log, 
+verify_krb5_conf and xnlock</seg>
+<seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], 
+libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], 
+libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg>
+<seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and 
+/var/lib/heimdal</seg>
+</seglistitem>
+</segmentedlist>
 
-<sect2><title>Description</title>
+<variablelist>
+<bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
 
-<sect3><title>afslog</title>
-<para><command>afslog</command> obtains <acronym>AFS</acronym> tokens for a 
-number of cells.</para></sect3>
+<varlistentry id="afslog">
+<term><command>afslog</command></term>
+<listitem><para>obtains <acronym>AFS</acronym> tokens for a number of 
+cells.</para>
+<indexterm zone="heimdal afslog">
+<primary sortas="b-afslog">afslog</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>hprop</title>
-<para><command>hprop</command> takes a principal database in a specified
-format and converts it into a stream of <application>Heimdal</application> 
-database records.</para></sect3>
+<varlistentry id="ftp">
+<term><command>ftp</command></term>
+<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
+<indexterm zone="heimdal ftp">
+<primary sortas="b-ftp">ftp</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>hpropd</title>
-<para><command>hpropd</command> receives a database sent by
-<command>hprop</command> and writes it as a local database.</para></sect3>
+<varlistentry id="ftpd">
+<term><command>ftpd</command></term>
+<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
+<indexterm zone="heimdal ftpd">
+<primary sortas="b-ftpd">ftpd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kadmin</title>
-<para><command>kadmin</command> is a utility used to make modifications
-to the Kerberos database.</para></sect3>
+<varlistentry id="hprop">
+<term><command>hprop</command></term>
+<listitem><para> takes a principal database in a specified format and converts 
+it into a stream of <application>Heimdal</application> database records.</para>
+<indexterm zone="heimdal hprop">
+<primary sortas="b-hprop">hprop</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kadmind</title>
-<para><command>kadmind</command> is a server for administrative access
-to the Kerberos database.</para></sect3>
+<varlistentry id="hpropd">
+<term><command>hpropd</command></term>
+<listitem><para>is a server that receives a database sent by 
+<command>hprop</command> and writes it as a local database.</para>
+<indexterm zone="heimdal hpropd">
+<primary sortas="b-hpropd">hpropd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kauth, kinit</title>
-<para><command>kauth</command> and <command>kinit</command> are used to
-authenticate to the Kerberos server as a principal and acquire a ticket
-granting ticket that can later be used to obtain tickets for other
-services.</para></sect3>
+<varlistentry id="ipropd-master">
+<term><command>ipropd-master</command></term>
+<listitem><para>is a daemon which runs on the master <acronym>KDC</acronym> 
+server which incrementally propogates changes to the <acronym>KDC</acronym> 
+database to the slave <acronym>KDC</acronym> servers.</para>
+<indexterm zone="heimdal ipropd-master">
+<primary sortas="b-ipropd-master">ipropd-master</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kdc</title>
-<para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
+<varlistentry id="ipropd-slave">
+<term><command>ipropd-slave</command></term>
+<listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym> 
+servers which incrementally propogates changes to the <acronym>KDC</acronym> 
+database from the master <acronym>KDC</acronym> server.</para>
+<indexterm zone="heimdal ipropd-slave">
+<primary sortas="b-ipropd-slave">ipropd-slave</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kdestroy</title>
-<para><command>kdestroy</command> removes a principle's current set of
-tickets.</para></sect3>
+<varlistentry id="kadmin">
+<term><command>kadmin</command></term>
+<listitem><para>is a utility used to make modifications to the Kerberos 
+database.</para>
+<indexterm zone="heimdal kadmin">
+<primary sortas="b-kadmin">kadmin</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kf</title>
-<para><command>kf</command> is a program which forwards tickets to a
-remote host through an authenticated and encrypted
-stream.</para></sect3>
+<varlistentry id="kadmind">
+<term><command>kadmind</command></term>
+<listitem><para>is a server for administrative access to the Kerberos 
+database.</para>
+<indexterm zone="heimdal kadmind">
+<primary sortas="b-kadmind">kadmind</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kfd</title>
-<para><command>kfd</command> receives forwarded tickets.</para></sect3>
+<varlistentry id="kauth">
+<term><command>kauth</command></term>
+<listitem><para>is a symbolic link to the <command>kinit</command> 
+program.</para>
+<indexterm zone="heimdal kauth">
+<primary sortas="g-kauth">kauth</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kgetcred</title>
-<para><command>kgetcred</command> obtains a ticket for a
-service.</para></sect3>
+<varlistentry id="kdc">
+<term><command>kdc</command></term>
+<listitem><para>is a Kerberos 5 server.</para>
+<indexterm zone="heimdal kdc">
+<primary sortas="b-kdc">kdc</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>klist</title>
-<para><command>klist</command> reads and displays the current tickets in
-the credential cache.</para></sect3>
+<varlistentry id="kdestroy">
+<term><command>kdestroy</command></term>
+<listitem><para>removes a principle's current set of tickets.</para>
+<indexterm zone="heimdal kdestroy">
+<primary sortas="b-kdestroy">kdestroy</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kpasswd</title>
-<para><command>kpasswd</command> is a program for changing Kerberos 5
-passwords.</para></sect3>
+<varlistentry id="kf">
+<term><command>kf</command></term>
+<listitem><para>is a program which forwards tickets to a remote host through 
+an authenticated and encrypted stream.</para>
+<indexterm zone="heimdal kf">
+<primary sortas="b-kf">kf</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kpasswdd</title>
-<para><command>kpasswdd</command> is a Kerberos 5 password changing
-server.</para></sect3>
+<varlistentry id="kfd">
+<term><command>kfd</command></term>
+<listitem><para>is a server used to receive forwarded tickets.</para>
+<indexterm zone="heimdal kfd">
+<primary sortas="b-kfd">kfd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>krb5-config</title>
-<para><command>krb5-config</command> gives information on how to link
-programs against <application>Heimdal</application> libraries.</para></sect3>
+<varlistentry id="kgetcred">
+<term><command>kgetcred</command></term>
+<listitem><para>obtains a ticket for a service.</para>
+<indexterm zone="heimdal kgetcred">
+<primary sortas="b-kgetcred">kgetcred</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kstash</title>
-<para><command>kstash</command> stores the <acronym>KDC</acronym> master
-password in a file.</para></sect3>
+<varlistentry id="kinit">
+<term><command>kinit</command></term>
+<listitem><para>is used to authenticate to the Kerberos server as a principal 
+and acquire a ticket granting ticket that can later be used to obtain tickets 
+for other services.</para>
+<indexterm zone="heimdal kinit">
+<primary sortas="b-kinit">kinit</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>ktutil</title>
-<para><command>ktutil</command> is a program for managing Kerberos
-keytabs.</para></sect3>
+<varlistentry id="klist">
+<term><command>klist</command></term>
+<listitem><para>reads and displays the current tickets in the credential 
+cache.</para>
+<indexterm zone="heimdal klist">
+<primary sortas="b-klist">klist</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kx</title>
-<para><command>kx</command> is a program which securely forwards 
-<application>X</application> connections.</para></sect3>
+<varlistentry id="kpasswd">
+<term><command>kpasswd</command></term>
+<listitem><para>is a program for changing Kerberos 5 passwords.</para>
+<indexterm zone="heimdal kpasswd">
+<primary sortas="b-kpasswd">kpasswd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>kxd</title>
-<para><command>kxd</command> is the daemon for
-<command>kx</command>.</para></sect3>
+<varlistentry id="kpasswdd">
+<term><command>kpasswdd</command></term>
+<listitem><para>is a Kerberos 5 password changing server.</para>
+<indexterm zone="heimdal kpasswdd">
+<primary sortas="b-kpasswdd">kpasswdd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>otp</title>
-<para><command>otp</command> manages one-time passwords.</para></sect3>
+<varlistentry id="krb5-config-prog">
+<term><command>krb5-config</command></term>
+<listitem><para>gives information on how to link programs against 
+<application>Heimdal</application> libraries.</para>
+<indexterm zone="heimdal krb5-config-prog">
+<primary sortas="b-krb5-config">krb5-config</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>otpprint</title>
-<para><command>otpprint</command> prints lists of one-time
-passwords.</para></sect3>
+<varlistentry id="kstash">
+<term><command>kstash</command></term>
+<listitem><para>stores the <acronym>KDC</acronym> master password in a 
+file.</para>
+<indexterm zone="heimdal kstash">
+<primary sortas="b-kstash">kstash</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>rxtelnet</title>
-<para><command>rxtelnet</command> starts an <command>xterm</command> 
-window with a telnet to a given host and forwards
-<application>X</application> connections.</para></sect3>
+<varlistentry id="ktutil">
+<term><command>ktutil</command></term>
+<listitem><para>is a program for managing Kerberos keytabs.</para>
+<indexterm zone="heimdal ktutil">
+<primary sortas="b-ktutil">ktutil</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>rxterm</title>
-<para><command>rxterm</command> starts a secure remote
-<command>xterm</command>.</para></sect3>
+<varlistentry id="kx">
+<term><command>kx</command></term>
+<listitem><para>is a program which securely forwards 
+<application>X</application> connections.</para>
+<indexterm zone="heimdal kx">
+<primary sortas="b-kx">kx</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>string2key</title>
-<para><command>string2key</command> maps a password into a
-key.</para></sect3>
+<varlistentry id="kxd">
+<term><command>kxd</command></term>
+<listitem><para>is the daemon for <command>kx</command>.</para>
+<indexterm zone="heimdal kxd">
+<primary sortas="b-kxd">kxd</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>tenletxr</title>
-<para><command>tenletxr</command> forwards <application>X</application> 
-connections backwards.</para></sect3>
+<varlistentry id="login">
+<term><command>login</command></term>
+<listitem><para>is a kerberized login program.</para>
+<indexterm zone="heimdal login">
+<primary sortas="b-login">login</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>verify_krb5_conf</title>
-<para><command>verify_krb5_conf</command> checks
-<filename>krb5.conf</filename> file for obvious errors.</para></sect3>
+<varlistentry id="otp">
+<term><command>otp</command></term>
+<listitem><para>manages one-time passwords.</para>
+<indexterm zone="heimdal otp">
+<primary sortas="b-otp">otp</primary>
+</indexterm></listitem>
+</varlistentry>
 
-<sect3><title>xnlock</title>
-<para><command>xnlock</command> is a program that acts as a secure screen
-saver for workstations running <application>X</application>.</para></sect3>
+<varlistentry id="otpprint">
+<term><command>otpprint</command></term>
+<listitem><para>prints lists of one-time passwords.</para>
+<indexterm zone="heimdal otpprint">
+<primary sortas="b-otpprint">otpprint</primary>
+</indexterm></listitem>
+</varlistentry>
 
+<varlistentry id="pfrom">
+<term><command>pfrom</command></term>
+<listitem><para>is a script that runs <command>push --from</command>.</para>
+<indexterm zone="heimdal pfrom">
+<primary sortas="b-pfrom">pfrom</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="popper">
+<term><command>popper</command></term>
+<listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para>
+<indexterm zone="heimdal popper">
+<primary sortas="b-popper">popper</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="push">
+<term><command>push</command></term>
+<listitem><para>is a kerberized <acronym>POP</acronym> mail retreival 
+client.</para>
+<indexterm zone="heimdal push">
+<primary sortas="b-push">push</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="rcp">
+<term><command>rcp</command></term>
+<listitem><para>is a kerberized rcp client program.</para>
+<indexterm zone="heimdal rcp">
+<primary sortas="b-rcp">rcp</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="rsh">
+<term><command>rsh</command></term>
+<listitem><para>is a kerberized rsh client program.</para>
+<indexterm zone="heimdal rsh">
+<primary sortas="b-rsh">rsh</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="rshd">
+<term><command>rshd</command></term>
+<listitem><para>is a kerberized rsh server.</para>
+<indexterm zone="heimdal rshd">
+<primary sortas="b-rshd">rshd</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="rxtelnet">
+<term><command>rxtelnet</command></term>
+<listitem><para>starts a secure <command>xterm</command> window with a 
+<command>telnet</command> to a given host and forwards 
+<application>X</application> connections.</para>
+<indexterm zone="heimdal rxtelnet">
+<primary sortas="b-rxtelnet">rxtelnet</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="rxterm">
+<term><command>rxterm</command></term>
+<listitem><para>starts a secure remote <command>xterm</command>.</para>
+<indexterm zone="heimdal rxterm">
+<primary sortas="b-rxterm">rxterm</primary>
+</indexterm></listitem>
+</varlistentry> 
+
+<varlistentry id="string2key">
+<term><command>string2key</command></term>
+<listitem><para>maps a password into a key.</para>
+<indexterm zone="heimdal string2key">
+<primary sortas="b-string2key">string2key</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="su">
+<term><command>su</command></term>
+<listitem><para>is a kerberized su client program.</para>
+<indexterm zone="heimdal su">
+<primary sortas="b-su">su</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="telnet">
+<term><command>telnet</command></term>
+<listitem><para>is a kerberized telnet client program.</para>
+<indexterm zone="heimdal telnet">
+<primary sortas="b-telnet">telnet</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="telnetd">
+<term><command>telnetd</command></term>
+<listitem><para>is a kerberized telnet server.</para>
+<indexterm zone="heimdal telnetd">
+<primary sortas="b-telnetd">telnetd</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="tenletxr">
+<term><command>tenletxr</command></term>
+<listitem><para>forwards <application>X</application> connections 
+backwards.</para>
+<indexterm zone="heimdal tenletxr">
+<primary sortas="b-tenletxr">tenletxr</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="verify_krb5_conf">
+<term><command>verify_krb5_conf</command></term>
+<listitem><para>checks <filename>krb5.conf</filename> file for obvious 
+errors.</para>
+<indexterm zone="heimdal verify_krb5_conf">
+<primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="xnlock">
+<term><command>xnlock</command></term>
+<listitem><para>is a program that acts as a secure screen saver for 
+workstations running <application>X</application>.</para>
+<indexterm zone="heimdal xnlock">
+<primary sortas="b-xnlock">xnlock</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libasn1">
+<term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
+<listitem><para>provides the ASN.1 and DER functions to encode and decode 
+the Kerberos TGTs.</para>
+<indexterm zone="heimdal libasn1">
+<primary sortas="c-libasn1">libasn1.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libeditline">
+<term><filename class='libraryfile'>libeditline.a</filename></term>
+<listitem><para>is a command-line editing library with history.</para>
+<indexterm zone="heimdal libeditline">
+<primary sortas="c-libeditline">libeditline.a</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libgssapi">
+<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
+<listitem><para>contain the Generic Security Service Application Programming 
+Interface (<acronym>GSSAPI</acronym>) functions which provides security 
+services to callers in a generic fashion, supportable with a range of 
+underlying mechanisms and technologies and hence allowing source-level 
+portability of applications to different environments.</para>
+<indexterm zone="heimdal libgssapi">
+<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libhdb">
+<term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
+<listitem><para>is a <application>Heimdal</application> Kerberos 5 
+authentication/authorization database access library.</para>
+<indexterm zone="heimdal libhdb">
+<primary sortas="c-libhdb">libhdb.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libkadm5clnt">
+<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
+<listitem><para>contains the administrative authentication and password 
+checking functions required by Kerberos 5 client-side programs.</para>
+<indexterm zone="heimdal libkadm5clnt">
+<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libkadm5srv">
+<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
+<listitem><para>contain the administrative authentication and password 
+checking functions required by Kerberos 5 servers.</para>
+<indexterm zone="heimdal libkadm5srv">
+<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libkafs">
+<term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
+<listitem><para>contains the functions required to authenticated to AFS.</para>
+<indexterm zone="heimdal libkafs">
+<primary sortas="c-libkafs">libkafs.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libkrb5">
+<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
+<listitem><para>is an all-purpose Kerberos 5 library.</para>
+<indexterm zone="heimdal libkrb5">
+<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libotp">
+<term><filename class='libraryfile'>libotp.[so,a]</filename></term>
+<listitem><para>contains the functions required to handle authenticating 
+one time passwords.</para>
+<indexterm zone="heimdal libotp">
+<primary sortas="c-libotp">libotp.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+<varlistentry id="libroken">
+<term><filename class='libraryfile'>libroken.[so,a]</filename></term>
+<listitem><para>is a library containing Kerberos 5 compatibility 
+functions.</para>
+<indexterm zone="heimdal libroken">
+<primary sortas="c-libroken">libroken.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+
+</variablelist>
+
 </sect2>
 
 </sect1>

Modified: trunk/patches/cracklib,2.7-heimdal-1.patch
===================================================================
--- trunk/patches/cracklib,2.7-heimdal-1.patch	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/patches/cracklib,2.7-heimdal-1.patch	2005-01-27 15:36:13 UTC (rev 3345)
@@ -3,7 +3,7 @@
 Initial Package Version: 2.7
 Origin: Randy McMurchy and ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch 
 Description: Patches cracklib to work with Heimdal Kerberos 5
-             Requires heimdal-0.6.1-cracklib-1.patch applied to the Heimdal
+             Requires heimdal-0.6.3-cracklib-1.patch applied to the Heimdal
              source code. Patch is available at:
              http://www.linuxfromscratch.org/patches/blfs/cvs/
 

Deleted: trunk/patches/heimdal-0.6.2-cracklib-1.patch
===================================================================
--- trunk/patches/heimdal-0.6.2-cracklib-1.patch	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/patches/heimdal-0.6.2-cracklib-1.patch	2005-01-27 15:36:13 UTC (rev 3345)
@@ -1,98 +0,0 @@
-Patch Name:              heimdal-0.6.2-cracklib-1.patch
-Submitted By:            Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
-Date:                    2004-05-07
-Initial Package Version: 0.6.1
-Upstream Status:         N/A
-Origin:                  Randy McMurchy, DJ Lucas and Heimdal sample source code
-Description:             Enables kpasswd and kadmin to use the cracklib library.
-                         Cracklib must be installed using BLFS instructions. See:
-                         http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/cracklib.html
-
-$LastChangedBy$
-$Date$
-
-diff -Naur heimdal-0.6.2-orig/lib/kadm5/Makefile.in heimdal-0.6.2/lib/kadm5/Makefile.in
---- heimdal-0.6.2-orig/lib/kadm5/Makefile.in	2004-05-06 01:52:10.000000000 +0000
-+++ heimdal-0.6.2/lib/kadm5/Makefile.in	2004-05-07 15:45:14.000000000 +0000
-@@ -124,7 +124,7 @@
- LEXLIB = @LEXLIB@
- LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
- LIBOBJS = @LIBOBJS@
--LIBS = @LIBS@
-+LIBS = @LIBS@ -lcrack_krb5
- LIBTOOL = @LIBTOOL@
- LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
- LIB_NDBM = @LIB_NDBM@
-
-diff -Naur heimdal-0.6.2-orig/lib/kadm5/password_quality.c heimdal-0.6.2/lib/kadm5/password_quality.c
---- heimdal-0.6.2-orig/lib/kadm5/password_quality.c	2000-07-05 13:14:45.000000000 +0000
-+++ heimdal-0.6.2/lib/kadm5/password_quality.c	2004-05-07 15:45:14.000000000 +0000
-@@ -32,6 +32,7 @@
-  */
- 
- #include "kadm5_locl.h"
-+#include <crack_krb5.h>
- 
- RCSID("$Id: heimdal-0.6.2-cracklib-1.patch,v 1.1 2004/05/08 05:59:21 tushar Exp $");
- 
-@@ -39,21 +40,53 @@
- #include <dlfcn.h>
- #endif
- 
--static const char *
-+/* The following function was inserted to utilize the cracklib library to 
-+   ensure strong passwords.  The cracklib library must be patched before 
-+   this function will work. For more information, see:
-+   http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/cracklib.html
-+*/
-+
-+#if defined(CRACKLIB_KRB5_H) && defined(CRACKLIB_DICTPATH)
-+
-+static const char*
- simple_passwd_quality (krb5_context context,
--		       krb5_principal principal,
--		       krb5_data *pwd)
-+               krb5_principal principal,
-+               krb5_data *password)
- {
--    if (pwd->length < 6)
--	return "Password too short";
--    else
--	return NULL;
-+    char *s = malloc(password->length + 1);
-+    char *msg;
-+    char *strings[2];
-+    if(s == NULL)
-+    return NULL; /* XXX */
-+    strings[0] = principal->name.name_string.val[0]; /* XXX */
-+    strings[1] = NULL;
-+    memcpy(s, password->data, password->length);
-+    s[password->length] = '\0';
-+        msg = FascistCheck(s, CRACKLIB_DICTPATH, strings); /* see crack_krb5.h */
-+    memset(s, 0, password->length);
-+    free(s);
-+    return msg;
- }
- 
- typedef const char* (*passwd_quality_check_func)(krb5_context, 
- 						 krb5_principal, 
- 						 krb5_data*);
- 
-+#else /* CRACKLIB_H && DICTPATH */
-+
-+static const char *
-+simple_passwd_quality (krb5_context context,
-+                       krb5_principal principal,
-+                       krb5_data *pwd)
-+{
-+    if (pwd->length < 6)
-+        return "Password too short";
-+    else
-+        return NULL;
-+}
-+
-+#endif /* CRACKLIB_KRB5_H && CRACKLIB_DICTPATH */
-+
- static passwd_quality_check_func passwd_quality_check = simple_passwd_quality;
- 
- #ifdef HAVE_DLOPEN

Deleted: trunk/patches/heimdal-0.6.2-fhs_compliance-1.patch
===================================================================
--- trunk/patches/heimdal-0.6.2-fhs_compliance-1.patch	2005-01-27 03:26:52 UTC (rev 3344)
+++ trunk/patches/heimdal-0.6.2-fhs_compliance-1.patch	2005-01-27 15:36:13 UTC (rev 3345)
@@ -1,229 +0,0 @@
-Patch Name:              heimdal-0.6.2-fhs-compliance-1.patch
-Submitted By:            Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
-Date:                    2004-05-07
-Initial Package Version: 0.6.1
-Upstream Status:         N/A
-Origin:                  Randy McMurchy
-Description:             Changes all references of /var/heimdal to /var/lib/heimdal
-                         in source code and documentation to comply with FHS.
-
-$LastChangedBy$
-$Date$
-
-diff -Naur heimdal-0.6.2-orig/lib/krb5/krb5.conf.5 heimdal-0.6.2/lib/krb5/krb5.conf.5
---- heimdal-0.6.2-orig/lib/krb5/krb5.conf.5	2004-03-09 19:52:07.000000000 +0000
-+++ heimdal-0.6.2/lib/krb5/krb5.conf.5	2004-05-07 15:42:05.000000000 +0000
-@@ -451,7 +451,7 @@
- 		default_domain = foo.se
- 	}
- [logging]
--	kdc = FILE:/var/heimdal/kdc.log
-+	kdc = FILE:/var/lib/heimdal/kdc.log
- 	kdc = SYSLOG:INFO
- 	default = SYSLOG:INFO:USER
- .Ed
-
-diff -Naur heimdal-0.6.2-orig/lib/krb5/krb5.conf.cat5 heimdal-0.6.2/lib/krb5/krb5.conf.cat5
---- heimdal-0.6.2-orig/lib/krb5/krb5.conf.cat5	2004-05-06 01:52:29.000000000 +0000
-+++ heimdal-0.6.2/lib/krb5/krb5.conf.cat5	2004-05-07 15:42:05.000000000 +0000
-@@ -456,7 +456,7 @@
-                            default_domain = foo.se
-                    }
-            [logging]
--                   kdc = FILE:/var/heimdal/kdc.log
-+                   kdc = FILE:/var/lib/heimdal/kdc.log
-                    kdc = SYSLOG:INFO
-                    default = SYSLOG:INFO:USER
- 
-diff -Naur heimdal-0.6.2-orig/lib/hdb/hdb.h heimdal-0.6.2/lib/hdb/hdb.h
---- heimdal-0.6.2-orig/lib/hdb/hdb.h	2000-07-08 16:03:37.000000000 +0000
-+++ heimdal-0.6.2/lib/hdb/hdb.h	2004-05-07 15:42:05.000000000 +0000
-@@ -78,7 +78,7 @@
-     krb5_error_code (*destroy)(krb5_context, struct HDB*);
- }HDB;
- 
--#define HDB_DB_DIR "/var/heimdal"
-+#define HDB_DB_DIR "/var/lib/heimdal"
- #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
- #define HDB_DB_FORMAT_ENTRY "hdb/db-format"
- 
-diff -Naur heimdal-0.6.2-orig/kdc/kdc.8 heimdal-0.6.2/kdc/kdc.8
---- heimdal-0.6.2-orig/kdc/kdc.8	2003-10-21 20:06:01.000000000 +0000
-+++ heimdal-0.6.2/kdc/kdc.8	2004-05-07 15:42:05.000000000 +0000
-@@ -74,7 +74,7 @@
- .Fl -config-file= Ns Ar file
- .Xc
- Specifies the location of the config file, the default is
--.Pa /var/heimdal/kdc.conf .
-+.Pa /var/lib/heimdal/kdc.conf .
- This is the only value that can't be specified in the config file.
- .It Xo
- .Fl p ,
-
-diff -Naur heimdal-0.6.2-orig/kadmin/kadmind.8 heimdal-0.6.2/kadmin/kadmind.8
---- heimdal-0.6.2-orig/kadmin/kadmind.8	2003-04-06 17:47:57.000000000 +0000
-+++ heimdal-0.6.2/kadmin/kadmind.8	2004-05-07 15:42:05.000000000 +0000
-@@ -88,7 +88,7 @@
- Principals are always allowed to change their own password and list
- their own principal.  Apart from that, doing any operation requires
- permission explicitly added in the ACL file
--.Pa /var/heimdal/kadmind.acl .
-+.Pa /var/lib/heimdal/kadmind.acl .
- The format of this file is:
- .Bd -ragged
- .Va principal
-@@ -163,7 +163,7 @@
- .El
- .\".Sh ENVIRONMENT
- .Sh FILES
--.Pa /var/heimdal/kadmind.acl
-+.Pa /var/lib/heimdal/kadmind.acl
- .Sh EXAMPLES
- This will cause
- .Nm
-
-diff -Naur heimdal-0.6.2-orig/doc/heimdal.info-1 heimdal-0.6.2/doc/heimdal.info-1
---- heimdal-0.6.2-orig/doc/heimdal.info-1	2004-05-06 01:52:15.000000000 +0000
-+++ heimdal-0.6.2/doc/heimdal.info-1	2004-05-07 15:42:05.000000000 +0000
-@@ -448,15 +448,15 @@
- =====================
- 
- The database library will look for the database in the directory
--`/var/heimdal', so you should probably create that directory.  Make
-+`/var/lib/heimdal', so you should probably create that directory.  Make
- sure the directory have restrictive permissions.
- 
--     # mkdir /var/heimdal
-+     # mkdir /var/lib/heimdal
- 
- The keys of all the principals are stored in the database.  If you
- choose to, these can be encrypted with a master key.  You do not have to
- remember this key (or password), but just to enter it once and it will
--be stored in a file (`/var/heimdal/m-key').  If you want to have a
-+be stored in a file (`/var/lib/heimdal/m-key').  If you want to have a
- master key, run `kstash' to create this master key:
- 
-      # kstash
-@@ -599,7 +599,7 @@
- You might need to add `kerberos-adm' to your `/etc/services' as 749/tcp.
- 
- Access to the administration server is controlled by an acl-file,
--(default `/var/heimdal/kadmind.acl'.) The lines in the access file, has
-+(default `/var/lib/heimdal/kadmind.acl'.) The lines in the access file, has
- the following syntax:
-      principal       [priv1,priv2,...]       [glob-pattern]
- 
-@@ -704,7 +704,7 @@
- follows:
- 
-      slave# ktutil get -p foo/admin hprop/`hostname`
--     slave# mkdir /var/heimdal
-+     slave# mkdir /var/lib/heimdal
-      slave# hpropd
- 
- The master will use the principal `kadmin/hprop' to authenticate to the
-@@ -751,7 +751,7 @@
- The program that runs on the master is `ipropd-master' and all clients
- run `ipropd-slave'.
- 
--Create the file `/var/heimdal/slaves' on the master containing all the
-+Create the file `/var/lib/heimdal/slaves' on the master containing all the
- slaves that the database should be propagated to.  Each line contains
- the full name of the principal (for example
- `iprop/hemligare.foo.se at FOO.SE').
-@@ -769,7 +769,7 @@
- 
- The next step is to start the `ipropd-master' process on the master
- server.  The `ipropd-master' listens on the UNIX-socket
--`/var/heimdal/signal' to know when changes have been made to the
-+`/var/lib/heimdal/signal' to know when changes have been made to the
- database so they can be propagated to the slaves.  There is also a
- safety feature of testing the version number regularly (every 30
- seconds) to see if it has been modified by some means that do not raise
-
-diff -Naur heimdal-0.6.2-orig/doc/setup.texi heimdal-0.6.2/doc/setup.texi
---- heimdal-0.6.2-orig/doc/setup.texi	2003-10-21 21:37:56.000000000 +0000
-+++ heimdal-0.6.2/doc/setup.texi	2004-05-07 15:42:05.000000000 +0000
-@@ -102,17 +102,17 @@
- @section Creating the database
- 
- The database library will look for the database in the directory
-- at file{/var/heimdal}, so you should probably create that directory.
-+ at file{/var/lib/heimdal}, so you should probably create that directory.
- Make sure the directory have restrictive permissions.
- 
- @example
--# mkdir /var/heimdal
-+# mkdir /var/lib/heimdal
- @end example
- 
- The keys of all the principals are stored in the database.  If you
- choose to, these can be encrypted with a master key.  You do not have to
- remember this key (or password), but just to enter it once and it will
--be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
-+be stored in a file (@file{/var/lib/heimdal/m-key}).  If you want to have a
- master key, run @samp{kstash} to create this master key:
- 
- @example
-@@ -262,7 +262,7 @@
- as 749/tcp.
- 
- Access to the administration server is controlled by an acl-file, (default
-- at file{/var/heimdal/kadmind.acl}.) The lines in the access file, has the
-+ at file{/var/lib/heimdal/kadmind.acl}.) The lines in the access file, has the
- following syntax:
- @smallexample
- principal       [priv1,priv2,...]       [glob-pattern]
-@@ -375,7 +375,7 @@
- 
- @example
- slave# ktutil get -p foo/admin hprop/`hostname`
--slave# mkdir /var/heimdal
-+slave# mkdir /var/lib/heimdal
- slave# hpropd
- @end example
- 
-@@ -426,7 +426,7 @@
- The program that runs on the master is @code{ipropd-master} and all
- clients run @code{ipropd-slave}.
- 
--Create the file @file{/var/heimdal/slaves} on the master containing all
-+Create the file @file{/var/lib/heimdal/slaves} on the master containing all
- the slaves that the database should be propagated to.  Each line contains
- the full name of the principal (for example
- @samp{iprop/hemligare.foo.se@@FOO.SE}).
-@@ -447,7 +447,7 @@
- 
- The next step is to start the @code{ipropd-master} process on the master
- server.  The @code{ipropd-master} listens on the UNIX-socket
-- at file{/var/heimdal/signal} to know when changes have been made to the
-+ at file{/var/lib/heimdal/signal} to know when changes have been made to the
- database so they can be propagated to the slaves.  There is also a
- safety feature of testing the version number regularly (every 30
- seconds) to see if it has been modified by some means that do not raise
-
-diff -Naur heimdal-0.6.2-orig/configure.in heimdal-0.6.2/configure.in
---- heimdal-0.6.2-orig/configure.in	2004-05-06 01:49:33.000000000 +0000
-+++ heimdal-0.6.2/configure.in	2004-05-07 15:42:05.000000000 +0000
-@@ -17,7 +17,7 @@
- AC_PREFIX_DEFAULT(/usr/heimdal)
- 
- test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
- 
- AC_CANONICAL_HOST
- CANONICAL_HOST=$host
-
-diff -Naur heimdal-0.6.2-orig/configure heimdal-0.6.2/configure
---- heimdal-0.6.2-orig/configure	2004-05-06 01:50:34.000000000 +0000
-+++ heimdal-0.6.2/configure	2004-05-07 15:42:05.000000000 +0000
-@@ -3153,7 +3153,7 @@
- 
- 
- test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
- 
- # Make sure we can run config.sub.
- $ac_config_sub sun4 >/dev/null 2>&1 ||

Copied: trunk/patches/heimdal-0.6.3-cracklib-1.patch (from rev 3341, trunk/patches/heimdal-0.6.2-cracklib-1.patch)

Copied: trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch (from rev 3341, trunk/patches/heimdal-0.6.2-fhs_compliance-1.patch)




More information about the blfs-book mailing list