r4780 - in trunk: BOOK BOOK/introduction/welcome BOOK/postlfs/security patches

randy at linuxfromscratch.org randy at linuxfromscratch.org
Mon Jul 25 19:25:34 PDT 2005


Author: randy
Date: 2005-07-25 20:25:33 -0600 (Mon, 25 Jul 2005)
New Revision: 4780

Added:
   trunk/patches/heimdal-0.7-cracklib-1.patch
   trunk/patches/heimdal-0.7-fhs_compliance-1.patch
Removed:
   trunk/patches/heimdal-0.6.3-cracklib-1.patch
   trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch
Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/heimdal.xml
Log:
Updated to Heimdal-0.7

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/BOOK/general.ent	2005-07-26 02:25:33 UTC (rev 4780)
@@ -29,14 +29,19 @@
 <!ENTITY autofs-version               "4.1.4">
 
 <!-- Chapter 4 -->
+
+<!-- Ensure you check the library version number and update the
+     Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
 <!ENTITY openssl-version              "0.9.7g">
+<!-- End special note about Heimdal -->
+
 <!ENTITY cracklib-version             "2.8.3">
 <!ENTITY Linux_PAM-version            "0.80">
 <!ENTITY shadow-version               "4.0.9">
 <!ENTITY iptables-version             "1.3.1">
 <!ENTITY gnupg-version                "1.4.1">
 <!ENTITY tripwire-version             "portable-0.9">
-<!ENTITY heimdal-version              "0.6.3">
+<!ENTITY heimdal-version              "0.7">
 <!ENTITY mitkrb-version               "1.4">
 <!ENTITY cyrus-sasl-version           "2.1.21">
 <!ENTITY stunnel-version              "4.11">
@@ -280,7 +285,12 @@
 <!ENTITY sendmail-version             "8.13.4">
 
 <!-- Chapter 23 -->
+
+<!-- Ensure you check the library version number and update the
+     Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
 <!ENTITY db-version                   "4.3.28">
+<!-- End special note about Heimdal -->
+
 <!ENTITY mysql-version                "4.1.12">
 <!ENTITY postgresql-version           "8.0.3">
 

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-07-26 02:25:33 UTC (rev 4780)
@@ -25,6 +25,10 @@
   <itemizedlist>
     
     <listitem>
+      <para>July 25th 2005 [randy]: Updated to Heimdal-0.7.</para>
+    </listitem>
+
+    <listitem>
       <para>July 25th 2005 [djensen]: Updated to Imlib2-1.2.1.</para>
     </listitem>
 
@@ -32,10 +36,10 @@
       <para>July 25th 2005 [djensen]: Updated to freeglut-2.4.0.</para>
     </listitem>
 
-	<listitem>
-		<para>July 25th 2005 [tushar]: Added optional defines to xorg to
-		allow installation into standard directories.</para>
-	</listitem>
+    <listitem>
+      <para>July 25th 2005 [tushar]: Added optional defines to xorg to
+      allow installation into standard directories.</para>
+    </listitem>
 
     <listitem>
       <para>July 24th 2005 [dj]: Updated to Linux-PAM-0.80 and corrected

Modified: trunk/BOOK/postlfs/security/heimdal.xml
===================================================================
--- trunk/BOOK/postlfs/security/heimdal.xml	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/BOOK/postlfs/security/heimdal.xml	2005-07-26 02:25:33 UTC (rev 4780)
@@ -6,10 +6,10 @@
 
   <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
   <!ENTITY heimdal-download-ftp  "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
-  <!ENTITY heimdal-md5sum        "2265fd2d4573dd3a8da45ce62519e48b">
-  <!ENTITY heimdal-size          "3.3 MB">
-  <!ENTITY heimdal-buildsize     "71 MB">
-  <!ENTITY heimdal-time          "2.06 SBU">
+  <!ENTITY heimdal-md5sum        "0a8097a8772d5d2de8c5539d3182b82a">
+  <!ENTITY heimdal-size          "4.5 MB">
+  <!ENTITY heimdal-buildsize     "91 MB">
+  <!ENTITY heimdal-time          "2.4 SBU">
 ]>
 
 <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
@@ -30,13 +30,13 @@
     <title>Introduction to Heimdal</title>
 
     <para><application>Heimdal</application> is a free implementation
-    of Kerberos 5, that aims to be compatible with MIT krb5 and is
+    of Kerberos 5 that aims to be compatible with MIT krb5 and is
     backwards compatible with krb4. Kerberos is a network authentication
     protocol. Basically it preserves the integrity of passwords in any
     untrusted network (like the Internet). Kerberized applications work
     hand-in-hand with sites that support Kerberos to ensure that passwords
-    cannot be stolen. A Kerberos installation will make changes to the
-    authentication mechanisms on your network and will overwrite several
+    cannot be stolen or compromised. A Kerberos installation will make changes
+    to the authentication mechanisms on your network and will overwrite several
     programs and daemons from the <application>Coreutils</application>,
     <application>Inetutils</application>, <application>Qpopper</application>
     and <application>Shadow</application> packages.</para>
@@ -70,7 +70,7 @@
         url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
       </listitem>
       <listitem>
-        <para>Required patch for <application>cracklib</application>: <ulink
+        <para>Required patch for <application>CrackLib</application> support: <ulink
         url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
       </listitem>
     </itemizedlist>
@@ -85,7 +85,8 @@
     <para><xref linkend="Linux_PAM"/>,
     <xref linkend="openldap"/>,
     X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
-    <xref linkend="cracklib"/> and
+    <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
+    patch) and
     <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
 
     <note>
@@ -105,15 +106,16 @@
     package. This is because using the <application>Heimdal</application>
     <command>ftp</command> program to connect to non-kerberized ftp servers may
     not work properly. It will allow you to connect (letting you know that
-    transmission of the password is clear text) but will have problems doing puts
-    and gets. Issue the following command as the <systemitem
-    class="username">root</systemitem> user.</para>
+    transmission of the password is clear text) but will have problems doing
+    puts and gets. Issue the following command as the
+    <systemitem class="username">root</systemitem> user.</para>
 
 <screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
 
     <para>If you wish the <application>Heimdal</application> package to
-    link against the <application>cracklib</application> library, you
-    must apply a patch:</para>
+    link against the <application>CrackLib</application> library (requires
+    <xref linkend="cracklib"/> installed with the <filename>heimdal</filename>
+    patch), you must apply a patch:</para>
 
 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
 
@@ -121,27 +123,39 @@
     commands:</para>
 
 <screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
-./configure --prefix=/usr --sysconfdir=/etc/heimdal \
-    --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
-    --libexecdir=/usr/sbin --enable-shared \
-    --with-openssl=/usr --with-readline=/usr &&
+./configure --prefix=/usr \
+            --sysconfdir=/etc/heimdal \
+            --libexecdir=/usr/sbin \
+            --datadir=/var/lib/heimdal \
+            --localstatedir=/var/lib/heimdal \
+            --enable-shared \
+            --with-readline=/usr &&
 make</userinput></screen>
 
+    <para>To test the results, issue: <command>make check</command>.</para>
+
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &&
+install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &&
+install -v -m644 doc/{init-creds,layman.asc} \
+    /usr/share/doc/heimdal-&heimdal-version; &&
+install -v -m644 doc/standardisation/* \
+    /usr/share/doc/heimdal-&heimdal-version;/standardisation &&
 mv -v /bin/login /bin/login.shadow &&
 mv -v /bin/su /bin/su.shadow &&
 mv -v /usr/bin/{login,su} /bin &&
 ln -v -sf ../../bin/login /usr/bin &&
-mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
-   /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &&
-ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
-    /usr/lib &&
-ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
-    /usr/lib &&
-ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
-    /usr/lib &&
+mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
+      /usr/lib/libdb-4.3.so /lib &&
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &&
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &&
+for SYMLINK in otp.so.0.1.3  kafs.so.0.4.1   krb5.so.17.4.0 \
+               asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
+do
+    ln -v -sf ../../lib/lib$SYMLINK \
+        /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
+done
 ldconfig</userinput></screen>
 
   </sect2>
@@ -153,7 +167,7 @@
     puts the daemon programs into
     <filename class="directory">/usr/sbin</filename>.</para>
 
-    <note>
+    <tip>
       <para>If you want to preserve all your existing
       <application>Inetutils</application> package daemons, install the
       <application>Heimdal</application> daemons into
@@ -166,8 +180,8 @@
       <filename class="directory">/usr/sbin</filename>, you may want to move
       some of the user programs (such as <command>kadmin</command>) to
       <filename class="directory">/usr/sbin</filename> manually so they'll be
-      in the privileged user's default path.</para>
-    </note>
+      in the privileged user's default <envar>PATH</envar>.</para>
+    </tip>
 
     <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
     The <command>login</command> and <command>su</command> programs installed by
@@ -178,7 +192,7 @@
     <filename class="directory">/usr/bin</filename>. The old executables are
     preserved before the move to keep things sane should breaks occur.</para>
 
-    <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>:
+    <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
     The <command>login</command> and <command>su</command> programs installed
     by <application>Heimdal</application> link against
     <application>Heimdal</application> libraries as well as libraries provided
@@ -186,8 +200,8 @@
     <application>Berkeley DB</application> packages. These
     libraries are moved to <filename class="directory">/lib</filename> to be
     FHS compliant and also in case
-    <filename class="directory">/usr</filename> is located on a separate partition
-    which may not always be mounted.</para>
+    <filename class="directory">/usr</filename> is located on a separate
+    partition which may not always be mounted.</para>
 
   </sect2>
 
@@ -208,13 +222,19 @@
     <sect3>
       <title>Configuration Information</title>
 
+        <note>
+          <para>All the configuration steps shown below must be accomplished
+          by the <systemitem class='username'>root</systemitem> user unless
+          otherwise noted.</para>
+        </note>
+
       <sect4>
         <title>Master KDC Server Configuration</title>
 
         <para>Create the Kerberos configuration file with the
         following commands:</para>
 
-<screen role="root"><userinput>install -v -d /etc/heimdal &&
+<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &&
 cat > /etc/heimdal/krb5.conf << "EOF"
 <literal># Begin /etc/heimdal/krb5.conf
 
@@ -238,7 +258,8 @@
     default = FILE:/var/log/krb.log
 
 # End /etc/heimdal/krb5.conf</literal>
-EOF</userinput></screen>
+EOF
+chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
 
         <para>You will need to substitute your domain and proper hostname
         for the occurrences of the <replaceable>[hostname]</replaceable>
@@ -264,17 +285,24 @@
         <para>Store the master password in a key file using the following
         commands:</para>
 
-<screen role="root"><userinput>install -d -m 755 /var/lib/heimdal &&
+<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &&
 kstash</userinput></screen>
 
         <para>Create the KDC database:</para>
 
 <screen role="root"><userinput>kadmin -l</userinput></screen>
 
-        <para>Choose the defaults for now. You can go in later and change the
-        defaults, should you feel the need. At the <prompt>kadmin></prompt>
-        prompt, issue the following statement:</para>
+        <para>The commands below will prompt you for information about the
+        principles. Choose the defaults for now unless you know what you are
+        doing and need to specify different values. You can go in later and
+        change the defaults, should you feel the need. You may use the up and
+        down arrow keys to use the history feature of <command>kadmin</command>
+        in a similar manner as the <command>bash</command> history
+        feature.</para>
 
+        <para>At the <prompt>kadmin></prompt> prompt, issue the following
+        statement:</para>
+
 <screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen>
 
         <para>The database must now be populated with at least one principle
@@ -340,8 +368,9 @@
         encryption methods used to access the principals.</para>
 
         <para>At this point, if everything has been successful so far, you
-        can feel fairly confident in the installation and configuration of
-        the package.</para>
+        can feel fairly confident in the installation, setup and configuration
+        of your new <application>Heimdal</application> Kerberos 5
+        installation.</para>
 
         <para id="heimdal-init">Install the
         <filename>/etc/rc.d/init.d/heimdal</filename> init script included
@@ -406,16 +435,18 @@
 
       <seglistitem>
         <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
-        ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred,
-        kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd,
-        login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp,
-        replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet,
-        telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock</seg>
-        <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
-        libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
-        libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]</seg>
-        <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss, and
-        /var/lib/heimdal</seg>
+        ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
+        kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
+        ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
+        push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
+        telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
+        and xnlock</seg>
+        <seg>libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a],
+        libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a],
+        libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a]
+        and libss.[so,a]</seg>
+        <seg>/etc/heimdal, /usr/include/kadm5,
+        /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
       </seglistitem>
     </segmentedlist>
 
@@ -526,13 +557,25 @@
       <varlistentry id="kauth">
         <term><command>kauth</command></term>
         <listitem>
-          <para>is a symbolic link to the <command>kinit</command> program.</para>
+          <para>is a symbolic link to the <command>kinit</command>
+          program.</para>
           <indexterm zone="heimdal kauth">
             <primary sortas="g-kauth">kauth</primary>
           </indexterm>
         </listitem>
       </varlistentry>
 
+      <varlistentry id="kcm">
+        <term><command>kcm</command></term>
+        <listitem>
+          <para>is a process based credential cache for Kerberos
+          tickets.</para>
+          <indexterm zone="heimdal kcm">
+            <primary sortas="b-kcm">kcm</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
       <varlistentry id="kdc">
         <term><command>kdc</command></term>
         <listitem>

Deleted: trunk/patches/heimdal-0.6.3-cracklib-1.patch
===================================================================
--- trunk/patches/heimdal-0.6.3-cracklib-1.patch	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/patches/heimdal-0.6.3-cracklib-1.patch	2005-07-26 02:25:33 UTC (rev 4780)
@@ -1,98 +0,0 @@
-Patch Name:              heimdal-0.6.2-cracklib-1.patch
-Submitted By:            Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
-Date:                    2004-05-07
-Initial Package Version: 0.6.1
-Upstream Status:         N/A
-Origin:                  Randy McMurchy, DJ Lucas and Heimdal sample source code
-Description:             Enables kpasswd and kadmin to use the cracklib library.
-                         Cracklib must be installed using BLFS instructions. See:
-                         http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/cracklib.html
-
-$LastChangedBy$
-$Date$
-
-diff -Naur heimdal-0.6.2-orig/lib/kadm5/Makefile.in heimdal-0.6.2/lib/kadm5/Makefile.in
---- heimdal-0.6.2-orig/lib/kadm5/Makefile.in	2004-05-06 01:52:10.000000000 +0000
-+++ heimdal-0.6.2/lib/kadm5/Makefile.in	2004-05-07 15:45:14.000000000 +0000
-@@ -124,7 +124,7 @@
- LEXLIB = @LEXLIB@
- LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
- LIBOBJS = @LIBOBJS@
--LIBS = @LIBS@
-+LIBS = @LIBS@ -lcrack_krb5
- LIBTOOL = @LIBTOOL@
- LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
- LIB_NDBM = @LIB_NDBM@
-
-diff -Naur heimdal-0.6.2-orig/lib/kadm5/password_quality.c heimdal-0.6.2/lib/kadm5/password_quality.c
---- heimdal-0.6.2-orig/lib/kadm5/password_quality.c	2000-07-05 13:14:45.000000000 +0000
-+++ heimdal-0.6.2/lib/kadm5/password_quality.c	2004-05-07 15:45:14.000000000 +0000
-@@ -32,6 +32,7 @@
-  */
- 
- #include "kadm5_locl.h"
-+#include <crack_krb5.h>
- 
- RCSID("$Id: heimdal-0.6.2-cracklib-1.patch,v 1.1 2004/05/08 05:59:21 tushar Exp $");
- 
-@@ -39,21 +40,53 @@
- #include <dlfcn.h>
- #endif
- 
--static const char *
-+/* The following function was inserted to utilize the cracklib library to 
-+   ensure strong passwords.  The cracklib library must be patched before 
-+   this function will work. For more information, see:
-+   http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/cracklib.html
-+*/
-+
-+#if defined(CRACKLIB_KRB5_H) && defined(CRACKLIB_DICTPATH)
-+
-+static const char*
- simple_passwd_quality (krb5_context context,
--		       krb5_principal principal,
--		       krb5_data *pwd)
-+               krb5_principal principal,
-+               krb5_data *password)
- {
--    if (pwd->length < 6)
--	return "Password too short";
--    else
--	return NULL;
-+    char *s = malloc(password->length + 1);
-+    char *msg;
-+    char *strings[2];
-+    if(s == NULL)
-+    return NULL; /* XXX */
-+    strings[0] = principal->name.name_string.val[0]; /* XXX */
-+    strings[1] = NULL;
-+    memcpy(s, password->data, password->length);
-+    s[password->length] = '\0';
-+        msg = FascistCheck(s, CRACKLIB_DICTPATH, strings); /* see crack_krb5.h */
-+    memset(s, 0, password->length);
-+    free(s);
-+    return msg;
- }
- 
- typedef const char* (*passwd_quality_check_func)(krb5_context, 
- 						 krb5_principal, 
- 						 krb5_data*);
- 
-+#else /* CRACKLIB_H && DICTPATH */
-+
-+static const char *
-+simple_passwd_quality (krb5_context context,
-+                       krb5_principal principal,
-+                       krb5_data *pwd)
-+{
-+    if (pwd->length < 6)
-+        return "Password too short";
-+    else
-+        return NULL;
-+}
-+
-+#endif /* CRACKLIB_KRB5_H && CRACKLIB_DICTPATH */
-+
- static passwd_quality_check_func passwd_quality_check = simple_passwd_quality;
- 
- #ifdef HAVE_DLOPEN

Deleted: trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch
===================================================================
--- trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/patches/heimdal-0.6.3-fhs_compliance-1.patch	2005-07-26 02:25:33 UTC (rev 4780)
@@ -1,229 +0,0 @@
-Patch Name:              heimdal-0.6.2-fhs-compliance-1.patch
-Submitted By:            Randy McMurchy <LFS-User_at_mcmurchy_dot_com>
-Date:                    2004-05-07
-Initial Package Version: 0.6.1
-Upstream Status:         N/A
-Origin:                  Randy McMurchy
-Description:             Changes all references of /var/heimdal to /var/lib/heimdal
-                         in source code and documentation to comply with FHS.
-
-$LastChangedBy$
-$Date$
-
-diff -Naur heimdal-0.6.2-orig/lib/krb5/krb5.conf.5 heimdal-0.6.2/lib/krb5/krb5.conf.5
---- heimdal-0.6.2-orig/lib/krb5/krb5.conf.5	2004-03-09 19:52:07.000000000 +0000
-+++ heimdal-0.6.2/lib/krb5/krb5.conf.5	2004-05-07 15:42:05.000000000 +0000
-@@ -451,7 +451,7 @@
- 		default_domain = foo.se
- 	}
- [logging]
--	kdc = FILE:/var/heimdal/kdc.log
-+	kdc = FILE:/var/lib/heimdal/kdc.log
- 	kdc = SYSLOG:INFO
- 	default = SYSLOG:INFO:USER
- .Ed
-
-diff -Naur heimdal-0.6.2-orig/lib/krb5/krb5.conf.cat5 heimdal-0.6.2/lib/krb5/krb5.conf.cat5
---- heimdal-0.6.2-orig/lib/krb5/krb5.conf.cat5	2004-05-06 01:52:29.000000000 +0000
-+++ heimdal-0.6.2/lib/krb5/krb5.conf.cat5	2004-05-07 15:42:05.000000000 +0000
-@@ -456,7 +456,7 @@
-                            default_domain = foo.se
-                    }
-            [logging]
--                   kdc = FILE:/var/heimdal/kdc.log
-+                   kdc = FILE:/var/lib/heimdal/kdc.log
-                    kdc = SYSLOG:INFO
-                    default = SYSLOG:INFO:USER
- 
-diff -Naur heimdal-0.6.2-orig/lib/hdb/hdb.h heimdal-0.6.2/lib/hdb/hdb.h
---- heimdal-0.6.2-orig/lib/hdb/hdb.h	2000-07-08 16:03:37.000000000 +0000
-+++ heimdal-0.6.2/lib/hdb/hdb.h	2004-05-07 15:42:05.000000000 +0000
-@@ -78,7 +78,7 @@
-     krb5_error_code (*destroy)(krb5_context, struct HDB*);
- }HDB;
- 
--#define HDB_DB_DIR "/var/heimdal"
-+#define HDB_DB_DIR "/var/lib/heimdal"
- #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
- #define HDB_DB_FORMAT_ENTRY "hdb/db-format"
- 
-diff -Naur heimdal-0.6.2-orig/kdc/kdc.8 heimdal-0.6.2/kdc/kdc.8
---- heimdal-0.6.2-orig/kdc/kdc.8	2003-10-21 20:06:01.000000000 +0000
-+++ heimdal-0.6.2/kdc/kdc.8	2004-05-07 15:42:05.000000000 +0000
-@@ -74,7 +74,7 @@
- .Fl -config-file= Ns Ar file
- .Xc
- Specifies the location of the config file, the default is
--.Pa /var/heimdal/kdc.conf .
-+.Pa /var/lib/heimdal/kdc.conf .
- This is the only value that can't be specified in the config file.
- .It Xo
- .Fl p ,
-
-diff -Naur heimdal-0.6.2-orig/kadmin/kadmind.8 heimdal-0.6.2/kadmin/kadmind.8
---- heimdal-0.6.2-orig/kadmin/kadmind.8	2003-04-06 17:47:57.000000000 +0000
-+++ heimdal-0.6.2/kadmin/kadmind.8	2004-05-07 15:42:05.000000000 +0000
-@@ -88,7 +88,7 @@
- Principals are always allowed to change their own password and list
- their own principal.  Apart from that, doing any operation requires
- permission explicitly added in the ACL file
--.Pa /var/heimdal/kadmind.acl .
-+.Pa /var/lib/heimdal/kadmind.acl .
- The format of this file is:
- .Bd -ragged
- .Va principal
-@@ -163,7 +163,7 @@
- .El
- .\".Sh ENVIRONMENT
- .Sh FILES
--.Pa /var/heimdal/kadmind.acl
-+.Pa /var/lib/heimdal/kadmind.acl
- .Sh EXAMPLES
- This will cause
- .Nm
-
-diff -Naur heimdal-0.6.2-orig/doc/heimdal.info-1 heimdal-0.6.2/doc/heimdal.info-1
---- heimdal-0.6.2-orig/doc/heimdal.info-1	2004-05-06 01:52:15.000000000 +0000
-+++ heimdal-0.6.2/doc/heimdal.info-1	2004-05-07 15:42:05.000000000 +0000
-@@ -448,15 +448,15 @@
- =====================
- 
- The database library will look for the database in the directory
--`/var/heimdal', so you should probably create that directory.  Make
-+`/var/lib/heimdal', so you should probably create that directory.  Make
- sure the directory have restrictive permissions.
- 
--     # mkdir /var/heimdal
-+     # mkdir /var/lib/heimdal
- 
- The keys of all the principals are stored in the database.  If you
- choose to, these can be encrypted with a master key.  You do not have to
- remember this key (or password), but just to enter it once and it will
--be stored in a file (`/var/heimdal/m-key').  If you want to have a
-+be stored in a file (`/var/lib/heimdal/m-key').  If you want to have a
- master key, run `kstash' to create this master key:
- 
-      # kstash
-@@ -599,7 +599,7 @@
- You might need to add `kerberos-adm' to your `/etc/services' as 749/tcp.
- 
- Access to the administration server is controlled by an acl-file,
--(default `/var/heimdal/kadmind.acl'.) The lines in the access file, has
-+(default `/var/lib/heimdal/kadmind.acl'.) The lines in the access file, has
- the following syntax:
-      principal       [priv1,priv2,...]       [glob-pattern]
- 
-@@ -704,7 +704,7 @@
- follows:
- 
-      slave# ktutil get -p foo/admin hprop/`hostname`
--     slave# mkdir /var/heimdal
-+     slave# mkdir /var/lib/heimdal
-      slave# hpropd
- 
- The master will use the principal `kadmin/hprop' to authenticate to the
-@@ -751,7 +751,7 @@
- The program that runs on the master is `ipropd-master' and all clients
- run `ipropd-slave'.
- 
--Create the file `/var/heimdal/slaves' on the master containing all the
-+Create the file `/var/lib/heimdal/slaves' on the master containing all the
- slaves that the database should be propagated to.  Each line contains
- the full name of the principal (for example
- `iprop/hemligare.foo.se at FOO.SE').
-@@ -769,7 +769,7 @@
- 
- The next step is to start the `ipropd-master' process on the master
- server.  The `ipropd-master' listens on the UNIX-socket
--`/var/heimdal/signal' to know when changes have been made to the
-+`/var/lib/heimdal/signal' to know when changes have been made to the
- database so they can be propagated to the slaves.  There is also a
- safety feature of testing the version number regularly (every 30
- seconds) to see if it has been modified by some means that do not raise
-
-diff -Naur heimdal-0.6.2-orig/doc/setup.texi heimdal-0.6.2/doc/setup.texi
---- heimdal-0.6.2-orig/doc/setup.texi	2003-10-21 21:37:56.000000000 +0000
-+++ heimdal-0.6.2/doc/setup.texi	2004-05-07 15:42:05.000000000 +0000
-@@ -102,17 +102,17 @@
- @section Creating the database
- 
- The database library will look for the database in the directory
-- at file{/var/heimdal}, so you should probably create that directory.
-+ at file{/var/lib/heimdal}, so you should probably create that directory.
- Make sure the directory have restrictive permissions.
- 
- @example
--# mkdir /var/heimdal
-+# mkdir /var/lib/heimdal
- @end example
- 
- The keys of all the principals are stored in the database.  If you
- choose to, these can be encrypted with a master key.  You do not have to
- remember this key (or password), but just to enter it once and it will
--be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
-+be stored in a file (@file{/var/lib/heimdal/m-key}).  If you want to have a
- master key, run @samp{kstash} to create this master key:
- 
- @example
-@@ -262,7 +262,7 @@
- as 749/tcp.
- 
- Access to the administration server is controlled by an acl-file, (default
-- at file{/var/heimdal/kadmind.acl}.) The lines in the access file, has the
-+ at file{/var/lib/heimdal/kadmind.acl}.) The lines in the access file, has the
- following syntax:
- @smallexample
- principal       [priv1,priv2,...]       [glob-pattern]
-@@ -375,7 +375,7 @@
- 
- @example
- slave# ktutil get -p foo/admin hprop/`hostname`
--slave# mkdir /var/heimdal
-+slave# mkdir /var/lib/heimdal
- slave# hpropd
- @end example
- 
-@@ -426,7 +426,7 @@
- The program that runs on the master is @code{ipropd-master} and all
- clients run @code{ipropd-slave}.
- 
--Create the file @file{/var/heimdal/slaves} on the master containing all
-+Create the file @file{/var/lib/heimdal/slaves} on the master containing all
- the slaves that the database should be propagated to.  Each line contains
- the full name of the principal (for example
- @samp{iprop/hemligare.foo.se@@FOO.SE}).
-@@ -447,7 +447,7 @@
- 
- The next step is to start the @code{ipropd-master} process on the master
- server.  The @code{ipropd-master} listens on the UNIX-socket
-- at file{/var/heimdal/signal} to know when changes have been made to the
-+ at file{/var/lib/heimdal/signal} to know when changes have been made to the
- database so they can be propagated to the slaves.  There is also a
- safety feature of testing the version number regularly (every 30
- seconds) to see if it has been modified by some means that do not raise
-
-diff -Naur heimdal-0.6.2-orig/configure.in heimdal-0.6.2/configure.in
---- heimdal-0.6.2-orig/configure.in	2004-05-06 01:49:33.000000000 +0000
-+++ heimdal-0.6.2/configure.in	2004-05-07 15:42:05.000000000 +0000
-@@ -17,7 +17,7 @@
- AC_PREFIX_DEFAULT(/usr/heimdal)
- 
- test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
- 
- AC_CANONICAL_HOST
- CANONICAL_HOST=$host
-
-diff -Naur heimdal-0.6.2-orig/configure heimdal-0.6.2/configure
---- heimdal-0.6.2-orig/configure	2004-05-06 01:50:34.000000000 +0000
-+++ heimdal-0.6.2/configure	2004-05-07 15:42:05.000000000 +0000
-@@ -3153,7 +3153,7 @@
- 
- 
- test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
--test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
-+test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
- 
- # Make sure we can run config.sub.
- $ac_config_sub sun4 >/dev/null 2>&1 ||

Added: trunk/patches/heimdal-0.7-cracklib-1.patch
===================================================================
--- trunk/patches/heimdal-0.7-cracklib-1.patch	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/patches/heimdal-0.7-cracklib-1.patch	2005-07-26 02:25:33 UTC (rev 4780)
@@ -0,0 +1,86 @@
+Patch Name:              heimdal-0.7-cracklib-1.patch
+Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
+Date:                    2005-07-25
+Initial Package Version: 0.7 (this patch adapted from an 0.6.1 version patch)
+Upstream Status:         Pending submission
+Origin:                  Randy McMurchy, DJ Lucas and Heimdal sample source code
+Description:             Enables kpasswd and kadmin to use the cracklib library.
+                         CrackLib must be installed using BLFS instructions. See:
+                         http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html
+
+$LastChangedBy$
+$Date$
+
+
+diff -Naur heimdal-0.7-orig/lib/kadm5/Makefile.in heimdal-0.7/lib/kadm5/Makefile.in
+--- heimdal-0.7-orig/lib/kadm5/Makefile.in	2005-06-16 16:33:31.000000000 +0000
++++ heimdal-0.7/lib/kadm5/Makefile.in	2005-07-23 23:48:23.000000000 +0000
+@@ -296,7 +296,7 @@
+ LEXLIB = @LEXLIB@
+ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+ LIBOBJS = @LIBOBJS@
+-LIBS = @LIBS@
++LIBS = @LIBS@ -lcrack_heimdal
+ LIBTOOL = @LIBTOOL@
+ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+ LIB_NDBM = @LIB_NDBM@
+
+diff -Naur heimdal-0.7-orig/lib/kadm5/password_quality.c heimdal-0.7/lib/kadm5/password_quality.c
+--- heimdal-0.7-orig/lib/kadm5/password_quality.c	2005-06-16 16:28:07.000000000 +0000
++++ heimdal-0.7/lib/kadm5/password_quality.c	2005-07-25 00:31:27.000000000 +0000
+@@ -33,6 +33,7 @@
+ 
+ #include "kadm5_locl.h"
+ #include "kadm5-pwcheck.h"
++#include <crack_heimdal.h>
+ 
+ RCSID("$Id: password_quality.c,v 1.11 2005/05/09 19:17:34 lha Exp $");
+ 
+@@ -63,7 +64,39 @@
+ 	return 0;
+ }
+ 
++/* The following function was inserted to utilize the CrackLib library to 
++   ensure strong passwords.  The cracklib library must be patched before 
++   this function will work. For more information, see:
++   http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cracklib.html
++*/
++
++#if defined(CRACKLIB_HEIMDAL_H) && defined(CRACKLIB_DICTPATH)
++
+ static const char *
++
++min_length_passwd_quality_v0 (krb5_context context,
++                              krb5_principal principal,
++                              krb5_data *password)
++{
++    char *s = malloc(password->length + 1);
++    char *msg;
++    char *strings[2];
++    if(s == NULL)
++        return NULL; /* XXX */
++    strings[0] = principal->name.name_string.val[0]; /* XXX */
++    strings[1] = NULL;
++    memcpy(s, password->data, password->length);
++    s[password->length] = '\0';
++    msg = FascistCheck(s, CRACKLIB_DICTPATH, strings);
++    memset(s, 0, password->length);
++    free(s);
++    return msg;
++}
++
++#else /* Not using CrackLib */
++
++static const char *
++
+ min_length_passwd_quality_v0 (krb5_context context,
+ 			      krb5_principal principal,
+ 			      krb5_data *pwd)
+@@ -80,6 +113,7 @@
+     return NULL;
+ }
+ 
++#endif /* CRACKLIB_HEIMDAL_H && CRACKLIB_DICTPATH */
+ 
+ static int
+ char_class_passwd_quality (krb5_context context,


Property changes on: trunk/patches/heimdal-0.7-cracklib-1.patch
___________________________________________________________________
Name: svn:keywords
   + LastChangedBy Date

Added: trunk/patches/heimdal-0.7-fhs_compliance-1.patch
===================================================================
--- trunk/patches/heimdal-0.7-fhs_compliance-1.patch	2005-07-25 18:20:55 UTC (rev 4779)
+++ trunk/patches/heimdal-0.7-fhs_compliance-1.patch	2005-07-26 02:25:33 UTC (rev 4780)
@@ -0,0 +1,266 @@
+Patch Name:              heimdal-0.7-fhs-compliance-1.patch
+Submitted By:            Randy McMurchy <randy_at_linuxfromscratch_dot_org>
+Date:                    2005-07-23
+Initial Package Version: 0.7 (this patch adapted from an 0.6.1 version patch)
+Upstream Status:         N/A (LFS specific)
+Origin:                  Randy McMurchy
+Description:             Changes all references of /var/heimdal to /var/lib/heimdal
+                         in source code and documentation to comply with the FHS
+
+$LastChangedBy$
+$Date$
+
+
+diff -Naur heimdal-0.7-orig/configure heimdal-0.7/configure
+--- heimdal-0.7-orig/configure	2005-06-16 16:31:02.000000000 +0000
++++ heimdal-0.7/configure	2005-07-23 23:24:34.000000000 +0000
+@@ -3183,7 +3183,7 @@
+ 
+ 
+ test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
++test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
+ 
+ # Make sure we can run config.sub.
+ $ac_config_sub sun4 >/dev/null 2>&1 ||
+
+diff -Naur heimdal-0.7-orig/configure.in heimdal-0.7/configure.in
+--- heimdal-0.7-orig/configure.in	2005-06-16 16:29:14.000000000 +0000
++++ heimdal-0.7/configure.in	2005-07-23 23:24:54.000000000 +0000
+@@ -16,7 +16,7 @@
+ AC_PREFIX_DEFAULT(/usr/heimdal)
+ 
+ test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+-test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
++test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib/heimdal'
+ 
+ AC_CANONICAL_HOST
+ CANONICAL_HOST=$host
+
+diff -Naur heimdal-0.7-orig/doc/heimdal.info-1 heimdal-0.7/doc/heimdal.info-1
+--- heimdal-0.7-orig/doc/heimdal.info-1	2005-06-16 16:33:47.000000000 +0000
++++ heimdal-0.7/doc/heimdal.info-1	2005-07-23 23:27:04.000000000 +0000
+@@ -452,15 +452,15 @@
+ =====================
+ 
+ The database library will look for the database in the directory
+-`/var/heimdal', so you should probably create that directory.  Make
++`/var/lib/heimdal', so you should probably create that directory.  Make
+ sure the directory has restrictive permissions.
+ 
+-     # mkdir /var/heimdal
++     # mkdir /var/lib/heimdal
+ 
+ The keys of all the principals are stored in the database.  If you
+ choose to, these can be encrypted with a master key.  You do not have to
+ remember this key (or password), but just to enter it once and it will
+-be stored in a file (`/var/heimdal/m-key').  If you want to have a
++be stored in a file (`/var/lib/heimdal/m-key').  If you want to have a
+ master key, run `kstash' to create this master key:
+ 
+      # kstash
+@@ -671,7 +671,7 @@
+ `749/tcp'.
+ 
+ Access to the administration server is controlled by an ACL file,
+-(default `/var/heimdal/kadmind.acl'.) The lines in the access file,
++(default `/var/lib/heimdal/kadmind.acl'.) The lines in the access file,
+ have the following syntax:
+      principal       [priv1,priv2,...]       [glob-pattern]
+ 
+@@ -822,7 +822,7 @@
+ follows:
+ 
+      slave# ktutil get -p foo/admin hprop/`hostname`
+-     slave# mkdir /var/heimdal
++     slave# mkdir /var/lib/heimdal
+      slave# hpropd
+ 
+ The master will use the principal `kadmin/hprop' to authenticate to the
+@@ -870,7 +870,7 @@
+ The program that runs on the master is `ipropd-master' and all clients
+ run `ipropd-slave'.
+ 
+-Create the file `/var/heimdal/slaves' on the master containing all the
++Create the file `/var/lib/heimdal/slaves' on the master containing all the
+ slaves that the database should be propagated to.  Each line contains
+ the full name of the principal (for example
+ `iprop/hemligare.foo.se at FOO.SE').
+@@ -888,7 +888,7 @@
+ 
+ The next step is to start the `ipropd-master' process on the master
+ server.  The `ipropd-master' listens on the UNIX domain socket
+-`/var/heimdal/signal' to know when changes have been made to the
++`/var/lib/heimdal/signal' to know when changes have been made to the
+ database so they can be propagated to the slaves.  There is also a
+ safety feature of testing the version number regularly (every 30
+ seconds) to see if it has been modified by some means that do not raise
+
+diff -Naur heimdal-0.7-orig/doc/setup.texi heimdal-0.7/doc/setup.texi
+--- heimdal-0.7-orig/doc/setup.texi	2005-06-16 16:27:48.000000000 +0000
++++ heimdal-0.7/doc/setup.texi	2005-07-23 23:26:08.000000000 +0000
+@@ -105,17 +105,17 @@
+ @section Creating the database
+ 
+ The database library will look for the database in the directory
+- at file{/var/heimdal}, so you should probably create that directory.
++ at file{/var/lib/heimdal}, so you should probably create that directory.
+ Make sure the directory has restrictive permissions.
+ 
+ @example
+-# mkdir /var/heimdal
++# mkdir /var/lib/heimdal
+ @end example
+ 
+ The keys of all the principals are stored in the database.  If you
+ choose to, these can be encrypted with a master key.  You do not have to
+ remember this key (or password), but just to enter it once and it will
+-be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
++be stored in a file (@file{/var/lib/heimdal/m-key}).  If you want to have a
+ master key, run @samp{kstash} to create this master key:
+ 
+ @example
+@@ -335,7 +335,7 @@
+ as @samp{749/tcp}.
+ 
+ Access to the administration server is controlled by an ACL file, (default
+- at file{/var/heimdal/kadmind.acl}.) The lines in the access file, have the
++ at file{/var/lib/heimdal/kadmind.acl}.) The lines in the access file, have the
+ following syntax:
+ @smallexample
+ principal       [priv1,priv2,...]       [glob-pattern]
+@@ -498,7 +498,7 @@
+ 
+ @example
+ slave# ktutil get -p foo/admin hprop/`hostname`
+-slave# mkdir /var/heimdal
++slave# mkdir /var/lib/heimdal
+ slave# hpropd
+ @end example
+ 
+@@ -550,7 +550,7 @@
+ The program that runs on the master is @command{ipropd-master} and all
+ clients run @command{ipropd-slave}.
+ 
+-Create the file @file{/var/heimdal/slaves} on the master containing all
++Create the file @file{/var/lib/heimdal/slaves} on the master containing all
+ the slaves that the database should be propagated to.  Each line contains
+ the full name of the principal (for example
+ @samp{iprop/hemligare.foo.se@@FOO.SE}).
+@@ -571,7 +571,7 @@
+ 
+ The next step is to start the @command{ipropd-master} process on the master
+ server.  The @command{ipropd-master} listens on the UNIX domain socket
+- at file{/var/heimdal/signal} to know when changes have been made to the
++ at file{/var/lib/heimdal/signal} to know when changes have been made to the
+ database so they can be propagated to the slaves.  There is also a
+ safety feature of testing the version number regularly (every 30
+ seconds) to see if it has been modified by some means that do not raise
+
+diff -Naur heimdal-0.7-orig/kadmin/kadmind.8 heimdal-0.7/kadmin/kadmind.8
+--- heimdal-0.7-orig/kadmin/kadmind.8	2005-06-16 16:27:56.000000000 +0000
++++ heimdal-0.7/kadmin/kadmind.8	2005-07-23 23:27:41.000000000 +0000
+@@ -85,7 +85,7 @@
+ Principals are always allowed to change their own password and list
+ their own principal.  Apart from that, doing any operation requires
+ permission explicitly added in the ACL file
+-.Pa /var/heimdal/kadmind.acl .
++.Pa /var/lib/heimdal/kadmind.acl .
+ The format of this file is:
+ .Bd -ragged
+ .Va principal
+@@ -155,7 +155,7 @@
+ .El
+ .\".Sh ENVIRONMENT
+ .Sh FILES
+-.Pa /var/heimdal/kadmind.acl
++.Pa /var/lib/heimdal/kadmind.acl
+ .Sh EXAMPLES
+ This will cause
+ .Nm
+
+diff -Naur heimdal-0.7-orig/kdc/kdc.8 heimdal-0.7/kdc/kdc.8
+--- heimdal-0.7-orig/kdc/kdc.8	2005-06-16 16:27:58.000000000 +0000
++++ heimdal-0.7/kdc/kdc.8	2005-07-23 23:27:59.000000000 +0000
+@@ -77,7 +77,7 @@
+ .Fl -config-file= Ns Ar file
+ .Xc
+ Specifies the location of the config file, the default is
+-.Pa /var/heimdal/kdc.conf .
++.Pa /var/lib/heimdal/kdc.conf .
+ This is the only value that can't be specified in the config file.
+ .It Xo
+ .Fl p ,
+
+diff -Naur heimdal-0.7-orig/kdc/kstash.8 heimdal-0.7/kdc/kstash.8
+--- heimdal-0.7-orig/kdc/kstash.8	2005-06-16 16:27:58.000000000 +0000
++++ heimdal-0.7/kdc/kstash.8	2005-07-23 23:28:17.000000000 +0000
+@@ -89,7 +89,7 @@
+ .El
+ .\".Sh ENVIRONMENT
+ .Sh FILES
+-.Pa /var/heimdal/m-key
++.Pa /var/lib/heimdal/m-key
+ is the default keyfile is no other keyfile is specified.
+ The format of a Heimdal master key is the same as a keytab, so
+ .Nm ktutil
+
+diff -Naur heimdal-0.7-orig/lib/hdb/hdb.h heimdal-0.7/lib/hdb/hdb.h
+--- heimdal-0.7-orig/lib/hdb/hdb.h	2005-06-16 16:28:05.000000000 +0000
++++ heimdal-0.7/lib/hdb/hdb.h	2005-07-23 23:28:55.000000000 +0000
+@@ -86,7 +86,7 @@
+     krb5_error_code (*create)(krb5_context, HDB **, const char *filename);
+ };
+ 
+-#define HDB_DB_DIR "/var/heimdal"
++#define HDB_DB_DIR "/var/lib/heimdal"
+ #define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
+ #define HDB_DB_FORMAT_ENTRY "hdb/db-format"
+ 
+diff -Naur heimdal-0.7-orig/lib/kadm5/iprop.8 heimdal-0.7/lib/kadm5/iprop.8
+--- heimdal-0.7-orig/lib/kadm5/iprop.8	2005-06-16 16:28:07.000000000 +0000
++++ heimdal-0.7/lib/kadm5/iprop.8	2005-07-23 23:29:24.000000000 +0000
+@@ -93,7 +93,7 @@
+ The slaves are specified by the contents of the
+ .Pa slaves
+ file in the KDC's database directory, e.g.\&
+-.Pa /var/heimdal/slaves .
++.Pa /var/lib/heimdal/slaves .
+ This has principals one per-line of the form
+ .Dl ipropd/ Ns Ar slave Ns @ Ns Ar REALM
+ where 
+@@ -131,7 +131,7 @@
+ There is a keep-alive feature logged in the master's
+ .Pa slave-stats
+ file (e.g.\&
+-.Pa /var/heimdal/slave-stats ) .
++.Pa /var/lib/heimdal/slave-stats ) .
+ .Pp
+ Supported options for
+ .Nm ipropd-master :
+
+diff -Naur heimdal-0.7-orig/lib/krb5/krb5.conf.5 heimdal-0.7/lib/krb5/krb5.conf.5
+--- heimdal-0.7-orig/lib/krb5/krb5.conf.5	2005-06-16 16:28:09.000000000 +0000
++++ heimdal-0.7/lib/krb5/krb5.conf.5	2005-07-23 23:30:45.000000000 +0000
+@@ -490,7 +490,7 @@
+ 		default_domain = foo.se
+ 	}
+ [logging]
+-	kdc = FILE:/var/heimdal/kdc.log
++	kdc = FILE:/var/lib/heimdal/kdc.log
+ 	kdc = SYSLOG:INFO
+ 	default = SYSLOG:INFO:USER
+ .Ed
+
+diff -Naur heimdal-0.7-orig/lib/krb5/krb5.conf.cat5 heimdal-0.7/lib/krb5/krb5.conf.cat5
+--- heimdal-0.7-orig/lib/krb5/krb5.conf.cat5	2005-06-16 16:33:58.000000000 +0000
++++ heimdal-0.7/lib/krb5/krb5.conf.cat5	2005-07-23 23:31:02.000000000 +0000
+@@ -503,7 +503,7 @@
+                            default_domain = foo.se
+                    }
+            [logging]
+-                   kdc = FILE:/var/heimdal/kdc.log
++                   kdc = FILE:/var/lib/heimdal/kdc.log
+                    kdc = SYSLOG:INFO
+                    default = SYSLOG:INFO:USER
+ 


Property changes on: trunk/patches/heimdal-0.7-fhs_compliance-1.patch
___________________________________________________________________
Name: svn:keywords
   + LastChangedBy Date




More information about the blfs-book mailing list