update to MIT krb5-1.3.4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2456 af4574ff-66df-0310-9fd7-8a98e5e911e0

general.ent

@@ -31,7 +31,7 @@
 <!ENTITY gnupg-version                "1.2.4">  
 <!ENTITY tripwire-version             "2.3.1-2">   
 <!ENTITY heimdal-version              "0.6.2">   
-<!ENTITY mitkrb-version               "1.3.3"> 
+<!ENTITY mitkrb-version               "1.3.4"> 
                                   
 <!-- Chapter 5 -->                
 <!ENTITY reiser-version               "3.6.17"> 

introduction/welcome/changelog.xml

@@ -18,6 +18,9 @@ who wrote what.</para>
 
 <itemizedlist>
 
+<listitem><para>July 13th, 2004 [larry]: Updated to MIT
+KRB5-1.3.4.</para></listitem>
+
 <listitem><para>July 13th, 2004 [randy]: Added a note to the dhcpcd 
 instructions advising the builder that dhcpcd will overwrite existing 
 /etc configuration files.</para></listitem>

postlfs/security/mitkrb.xml

@@ -7,24 +7,26 @@
   <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-&mitkrb-version;.tar">
   <!ENTITY mitkrb-download-ftp " ">
   <!ENTITY mitkrb-size "6.2 MB">
-  <!ENTITY mitkrb-buildsize "137.4 MB">
+  <!ENTITY mitkrb-buildsize "138.4 MB">
   <!ENTITY mitkrb-time "2.55 SBU">
 ]>
 
 
 <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
 <?dbhtml filename="mitkrb.html"?>
-<title>MIT krb5-&mitkrb-version;</title>
+<title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
 
 <sect2>
 <title>Introduction to <application><acronym>MIT</acronym> krb5</application></title>
 
 <para>
-<application>MIT krb5</application> is a free implementation of Kerberos
-5. Kerberos is a network authentication protocol. It centralizes the
-authentication database and uses kerberized applications to work with 
-servers or services that support Kerberos allowing single logins and
-encrypted communication over internal networks or the Internet.</para>
+<application><acronym>MIT</acronym> krb5</application> is a free
+implementation of Kerberos 5. Kerberos is a network authentication
+protocol. It centralizes the authentication database and uses kerberized
+applications to work with servers or services that support Kerberos
+allowing single logins and encrypted communication over internal
+networks or the Internet.
+</para>
 
 <sect3><title>Package information</title>
 <itemizedlist spacing='compact'>
@@ -55,14 +57,38 @@ is a time difference between a kerberized client and the
 </sect2>
 
 <sect2>
-<title>Installation of <application>MIT krb5</application></title>
+<title>Installation of <application><acronym>MIT</acronym> krb5</application></title>
 
-<para>Install <application>MIT krb5</application> by running the following commands:</para>
+<para>
+<application><acronym>MIT</acronym> krb5</application> is
+distributed in an <acronym>TAR</acronym> file
+containing a compressed <acronym>TAR</acronym> package and a
+detached <acronym>PGP</acronym> <filename
+class="extension">ASC</filename> file.
+</para>
 
-<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
+<para>
+If you have installed <xref linkend="gnupg"/>, you can
+authenticate the package with the following command:
+</para>
+
+<screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</command></userinput></screen>
+
+<para>
+Build <application><acronym>MIT</acronym> krb5</application> by running the following commands:
+</para>
+
+<screen><userinput><command>cd src &amp;&amp;
+./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib --enable-dns --enable-shared --mandir=/usr/share/man &amp;&amp;
-make &amp;&amp;
-make install &amp;&amp;
+make</command></userinput></screen>
+
+<para>
+Install <application><acronym>MIT</acronym> krb5</application> by
+running the following commands as root:
+</para>
+
+<screen><userinput><command>make install &amp;&amp;
 mv /bin/login /bin/login.shadow &amp;&amp;
 cp /usr/sbin/login.krb5 /bin/login &amp;&amp;
 mv /usr/bin/ksu /bin &amp;&amp;
@@ -83,17 +109,22 @@ ldconfig</command></userinput></screen>
 <sect2>
 <title>Command explanations</title>
 
-<para><parameter>--enable-dns</parameter>: This switch allows realms to
-be resolved using the <acronym>DNS</acronym> server.</para>
+<para>
+<parameter>--enable-dns</parameter>: This switch allows realms to
+be resolved using the <acronym>DNS</acronym> server.
+</para>
 
-<para><screen><command>mv /bin/login /bin/login.shadow
+<para>
+<screen><command>mv /bin/login /bin/login.shadow
 cp /usr/sbin/login.krb5 /bin/login
 mv /usr/bin/ksu /bin</command></screen>
 Preserves <application>Shadow</application>'s <command>login</command>
 command, moves <command>ksu</command> and <command>login</command> to
-the <filename class="directory">/bin</filename> directory.</para>
+the <filename class="directory">/bin</filename> directory.
+</para>
 
-<para><screen><command>mv /usr/lib/libkrb5.so.3* /lib
+<para>
+<screen><command>mv /usr/lib/libkrb5.so.3* /lib
 mv /usr/lib/libkrb4.so.2* /lib
 mv /usr/lib/libdes425.so.3* /lib
 mv /usr/lib/libk5crypto.so.3* /lib
@@ -105,7 +136,8 @@ ln -sf ../../lib/libk5crypto.so /usr/lib
 ln -sf ../../lib/libcom_err.so /usr/lib</command></screen>
 The <command>login</command> and <command>ksu</command> programs
 are linked against these libraries, therefore we move these libraries to 
-<filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>.</para>
+<filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>.
+</para>
 
 </sect2>
 
@@ -113,8 +145,10 @@ are linked against these libraries, therefore we move these libraries to
 <title>Configuring <application><acronym>MIT</acronym> krb5</application></title>
 
 <sect3><title>Config files</title>
-<para><filename>/etc/krb5.conf</filename> and
-<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
+<para>
+<filename>/etc/krb5.conf</filename> and
+<filename>/var/lib/krb5kdc/kdc.conf</filename>
+</para>
 </sect3>
 
 <sect3><title>Configuration Information</title>
@@ -266,9 +300,11 @@ At this point, if everything has been successful so far, you can feel
 fairly confident in the installation and configuration of the package.
 </para>
 
-<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
+<para>
+Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
 included in the <xref linkend="intro-important-bootscripts"/>
-package.</para>
+package.
+</para>
 
 <screen><userinput><command>make install-kerberos</command></userinput></screen>
 
@@ -290,19 +326,23 @@ line argument to the program.
 
 <para>
 The kerberized programs will connect to non kerberized daemons, warning
-you that authentication is not encrypted.</para></sect4>
+you that authentication is not encrypted.
+</para>
+</sect4>
 
 
 <sect4><title>Using Kerberized Server Programs</title>
-
-<para>Using kerberized server programs (<command>telnetd</command>,
+<para>
+Using kerberized server programs (<command>telnetd</command>,
 <command>kpropd</command>, 
 <command>klogind</command> and <command>kshd</command>) requires two additional configuration steps.
 First the <filename>/etc/services</filename> file must be updated to
 include  eklogin and krb5_prop. Second, the
 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename> must
 be modified for each server that will be activated, usually replacing
-the server from <application>inetutils</application>.</para></sect4>
+the server from <xref linkend="inetutils"/>.
+</para>
+</sect4>
 
 <sect4><title>Additional Information</title>
 <para>
@@ -320,7 +360,8 @@ for krb-&mitkrb-version;</ulink> on which the above instructions are based.
 <sect2>
 <title>Contents</title>
 
-<para>The <application>MIT krb5</application> package contains
+<para>
+The <application>MIT krb5</application> package contains
 <command>compile-et</command>,
 <command>ftp</command>,
 <command>ftpd</command>,
@@ -374,84 +415,136 @@ for krb-&mitkrb-version;</ulink> on which the above instructions are based.
 <filename class="libraryfile">libkadm5srv</filename>,
 <filename class="libraryfile">libkdb5</filename>,
 <filename class="libraryfile">libkrb4</filename>,
-<filename class="libraryfile">libkrb5</filename>.</para>
+<filename class="libraryfile">libkrb5</filename>.
+</para>
 
 </sect2>
 
 <sect2><title>Description</title>
 
 <sect3><title>compile_et</title>
-<para><command>compile_et</command> converts the table listing
-error-code names into a <application>C</application> source file.</para></sect3>
+<para>
+<command>compile_et</command> converts the table listing
+error-code names into a <application>C</application> source file.
+</para>
+</sect3>
 
 <sect3><title>k5srvutil</title>
-<para><command>k5srvutil</command> is a host keytable manipulation
-utility.</para></sect3>
+<para>
+<command>k5srvutil</command> is a host keytable manipulation
+utility.
+</para>
+</sect3>
 
 <sect3><title>kadmin</title>
-<para><command>kadmin</command> is an utility used to make modifications
-to the Kerberos database.</para></sect3>
+<para>
+<command>kadmin</command> is an utility used to make modifications
+to the Kerberos database.
+</para>
+</sect3>
 
 <sect3><title>kadmind</title>
-<para><command>kadmind</command> is a server for administrative access
-to Kerberos database.</para></sect3>
+<para>
+<command>kadmind</command> is a server for administrative access
+to Kerberos database.
+</para>
+</sect3>
 
 <sect3><title>kinit</title>
-<para><command>kinit</command> is used to
+<para>
+<command>kinit</command> is used to
 authenticate to the Kerberos server as principal and acquire a ticket
 granting ticket that can later be used to obtain tickets for other
-services.</para></sect3>
+services.
+</para>
+</sect3>
 
 <sect3><title>krb5kdc</title>
-<para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
+<para>
+<command>kdc</command> is a Kerberos 5 server.
+</para>
+</sect3>
 
 <sect3><title>kdestroy</title>
-<para><command>kdestroy</command> removes the current set of
-tickets.</para></sect3>
+<para>
+<command>kdestroy</command> removes the current set of
+tickets.
+</para>
+</sect3>
 
 <sect3><title>kdb5_util</title>
-<para><command>kdb5_util</command> is the <acronym>KDC</acronym>
-database utility.</para></sect3>
+<para>
+<command>kdb5_util</command> is the <acronym>KDC</acronym>
+database utility.
+</para>
+</sect3>
 
 <sect3><title>klist</title>
-<para><command>klist</command> reads and displays the current tickets in
-the credential cache.</para></sect3>
+<para>
+<command>klist</command> reads and displays the current tickets in
+the credential cache.
+</para>
+</sect3>
 
 <sect3><title>klogind</title>
-<para><command>klogind</command> is the server that responds to rlogin
-requests.</para></sect3>
+<para>
+<command>klogind</command> is the server that responds to rlogin
+requests.
+</para>
+</sect3>
 
 <sect3><title>kpasswd</title>
-<para><command>kpasswd</command> is a program for changing Kerberos 5
-passwords.</para></sect3>
+<para>
+<command>kpasswd</command> is a program for changing Kerberos 5
+passwords.
+</para>
+</sect3>
 
 <sect3><title>kprop</title>
-<para><command>kprop</command> takes a principal database in a specified
+<para>
+<command>kprop</command> takes a principal database in a specified
 format and converts it into a stream of database
-records.</para></sect3>
+records.
+</para>
+</sect3>
 
 <sect3><title>kpropd</title>
-<para><command>kpropd</command> receives a database sent by
+<para>
+<command>kpropd</command> receives a database sent by
 <command>hprop</command> and writes it as a local
-database.</para></sect3>
+database.
+</para>
+</sect3>
 
 <sect3><title>krb5-config</title>
-<para><command>krb5-config</command> gives information on how to link
-programs against libraries.</para></sect3>
+<para>
+<command>krb5-config</command> gives information on how to link
+programs against libraries.
+</para>
+</sect3>
 
 <sect3><title>ksu</title>
-<para><command>ksu</command> is the super user program using Kerberos
-protocol. Requires a properly configured
-<filename>/etc/shells</filename> and <filename>~/.k5login</filename>
-containing principals authorized to become super users.</para></sect3>
+<para>
+<command>ksu</command> is the super user program using Kerberos
+protocol. Requires a properly configured <filename class="directory">/etc/shells</filename> 
+and <filename>~/.k5login</filename> containing principals authorized to
+become super users.
+</para>
+</sect3>
 
 <sect3><title>ktutil</title>
-<para><command>ktutil</command> is a program for managing Kerberos
-keytabs.</para></sect3>
+<para>
+<command>ktutil</command> is a program for managing Kerberos
+keytabs.
+</para>
+</sect3>
 
 <sect3><title>kvno</title>
-<para><command>kvno</command> prints keyversion numbers of Kerberos
-principals.</para></sect3>
+<para>
+<command>kvno</command> prints keyversion numbers of Kerberos
+principals.
+</para>
+</sect3>
 
 
 </sect2>