diff --git a/general.ent b/general.ent
index 8a545a50b6..91db1e034e 100644
--- a/general.ent
+++ b/general.ent
@@ -29,14 +29,19 @@
+
+
+
+
-
+
@@ -280,7 +285,12 @@
+
+
+
+
diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml
index 4344d7a4e3..3d048bcccc 100644
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@@ -24,6 +24,10 @@
+
+ July 25th 2005 [randy]: Updated to Heimdal-0.7.
+
+
July 25th 2005 [djensen]: Updated to Imlib2-1.2.1.
@@ -32,10 +36,10 @@
July 25th 2005 [djensen]: Updated to freeglut-2.4.0.
-
- July 25th 2005 [tushar]: Added optional defines to xorg to
- allow installation into standard directories.
-
+
+ July 25th 2005 [tushar]: Added optional defines to xorg to
+ allow installation into standard directories.
+
July 24th 2005 [dj]: Updated to Linux-PAM-0.80 and corrected
diff --git a/postlfs/security/heimdal.xml b/postlfs/security/heimdal.xml
index 6090410b18..0be0f8b1f8 100644
--- a/postlfs/security/heimdal.xml
+++ b/postlfs/security/heimdal.xml
@@ -6,10 +6,10 @@
-
-
-
-
+
+
+
+
]>
@@ -30,13 +30,13 @@
Introduction to Heimdal
Heimdal is a free implementation
- of Kerberos 5, that aims to be compatible with MIT krb5 and is
+ of Kerberos 5 that aims to be compatible with MIT krb5 and is
backwards compatible with krb4. Kerberos is a network authentication
protocol. Basically it preserves the integrity of passwords in any
untrusted network (like the Internet). Kerberized applications work
hand-in-hand with sites that support Kerberos to ensure that passwords
- cannot be stolen. A Kerberos installation will make changes to the
- authentication mechanisms on your network and will overwrite several
+ cannot be stolen or compromised. A Kerberos installation will make changes
+ to the authentication mechanisms on your network and will overwrite several
programs and daemons from the Coreutils,
Inetutils, Qpopper
and Shadow packages.
@@ -70,7 +70,7 @@
url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/>
- Required patch for cracklib: Required patch for CrackLib support:
@@ -85,7 +85,8 @@
,
,
X ( or ),
- and
+ (compiled with the heimdal
+ patch) and
krb4
@@ -105,15 +106,16 @@
package. This is because using the Heimdal
ftp program to connect to non-kerberized ftp servers may
not work properly. It will allow you to connect (letting you know that
- transmission of the password is clear text) but will have problems doing puts
- and gets. Issue the following command as the root user.
+ transmission of the password is clear text) but will have problems doing
+ puts and gets. Issue the following command as the
+ root user.
mv -v /usr/bin/ftp /usr/bin/ftpn
If you wish the Heimdal package to
- link against the cracklib library, you
- must apply a patch:
+ link against the CrackLib library (requires
+ installed with the heimdal
+ patch), you must apply a patch:
patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch
@@ -121,27 +123,39 @@
commands:
patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
-./configure --prefix=/usr --sysconfdir=/etc/heimdal \
- --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
- --libexecdir=/usr/sbin --enable-shared \
- --with-openssl=/usr --with-readline=/usr &&
+./configure --prefix=/usr \
+ --sysconfdir=/etc/heimdal \
+ --libexecdir=/usr/sbin \
+ --datadir=/var/lib/heimdal \
+ --localstatedir=/var/lib/heimdal \
+ --enable-shared \
+ --with-readline=/usr &&
make
+ To test the results, issue: make check.
+
Now, as the root user:
make install &&
+install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &&
+install -v -m644 doc/{init-creds,layman.asc} \
+ /usr/share/doc/heimdal-&heimdal-version; &&
+install -v -m644 doc/standardisation/* \
+ /usr/share/doc/heimdal-&heimdal-version;/standardisation &&
mv -v /bin/login /bin/login.shadow &&
mv -v /bin/su /bin/su.shadow &&
mv -v /usr/bin/{login,su} /bin &&
ln -v -sf ../../bin/login /usr/bin &&
-mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
- /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &&
-ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
- /usr/lib &&
-ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
- /usr/lib &&
-ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
- /usr/lib &&
+mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
+ /usr/lib/libdb-4.3.so /lib &&
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &&
+ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &&
+for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
+ asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
+do
+ ln -v -sf ../../lib/lib$SYMLINK \
+ /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
+done
ldconfig
@@ -153,7 +167,7 @@ ldconfig
puts the daemon programs into
/usr/sbin.
-
+
If you want to preserve all your existing
Inetutils package daemons, install the
Heimdal daemons into
@@ -166,8 +180,8 @@ ldconfig
/usr/sbin, you may want to move
some of the user programs (such as kadmin) to
/usr/sbin manually so they'll be
- in the privileged user's default path.
-
+ in the privileged user's default PATH.
+
mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...:
The login and su programs installed by
@@ -178,7 +192,7 @@ ldconfig
/usr/bin. The old executables are
preserved before the move to keep things sane should breaks occur.
- mv ... /lib; ln -sf ../../lib/lib... /usr/lib:
+ mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...:
The login and su programs installed
by Heimdal link against
Heimdal libraries as well as libraries provided
@@ -186,8 +200,8 @@ ldconfig
Berkeley DB packages. These
libraries are moved to /lib to be
FHS compliant and also in case
- /usr is located on a separate partition
- which may not always be mounted.
+ /usr is located on a separate
+ partition which may not always be mounted.
@@ -208,13 +222,19 @@ ldconfig
Configuration Information
+
+ All the configuration steps shown below must be accomplished
+ by the root user unless
+ otherwise noted.
+
+
Master KDC Server Configuration
Create the Kerberos configuration file with the
following commands:
-install -v -d /etc/heimdal &&
+install -v -m755 -d /etc/heimdal &&
cat > /etc/heimdal/krb5.conf << "EOF"
# Begin /etc/heimdal/krb5.conf
@@ -238,7 +258,8 @@ cat > /etc/heimdal/krb5.conf << "EOF"
default = FILE:/var/log/krb.log
# End /etc/heimdal/krb5.conf
-EOF
+EOF
+chmod -v 644 /etc/heimdal/krb5.conf
You will need to substitute your domain and proper hostname
for the occurrences of the [hostname]
@@ -264,16 +285,23 @@ EOF
Store the master password in a key file using the following
commands:
-install -d -m 755 /var/lib/heimdal &&
+install -v -m755 -d /var/lib/heimdal &&
kstash
Create the KDC database:
kadmin -l
- Choose the defaults for now. You can go in later and change the
- defaults, should you feel the need. At the kadmin>
- prompt, issue the following statement:
+ The commands below will prompt you for information about the
+ principles. Choose the defaults for now unless you know what you are
+ doing and need to specify different values. You can go in later and
+ change the defaults, should you feel the need. You may use the up and
+ down arrow keys to use the history feature of kadmin
+ in a similar manner as the bash history
+ feature.
+
+ At the kadmin> prompt, issue the following
+ statement:
init [EXAMPLE.COM]
@@ -340,8 +368,9 @@ kstash
encryption methods used to access the principals.
At this point, if everything has been successful so far, you
- can feel fairly confident in the installation and configuration of
- the package.
+ can feel fairly confident in the installation, setup and configuration
+ of your new Heimdal Kerberos 5
+ installation.
Install the
/etc/rc.d/init.d/heimdal init script included
@@ -406,16 +435,18 @@ kx [49150]/udp # Heimdal kerberos X
afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
- ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred,
- kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd,
- login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp,
- replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet,
- telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock
- libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
- libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
- libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]
- /etc/heimdal, /usr/include/kadm5, /usr/include/ss, and
- /var/lib/heimdal
+ ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
+ kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
+ ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
+ push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
+ telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
+ and xnlock
+ libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a],
+ libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a],
+ libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a]
+ and libss.[so,a]
+ /etc/heimdal, /usr/include/kadm5,
+ /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal
@@ -526,13 +557,25 @@ kx [49150]/udp # Heimdal kerberos X
kauth
- is a symbolic link to the kinit program.
+ is a symbolic link to the kinit
+ program.
kauth
+
+ kcm
+
+ is a process based credential cache for Kerberos
+ tickets.
+
+ kcm
+
+
+
+
kdc