linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-03 06:27:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated to Heimdal-0.7

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4780 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
Randy McMurchy 2005-07-26 02:25:33 +00:00
parent 1ae5e7f275
commit d156225ead
3 changed files with 113 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
general.ent
View File

@ -29,14 +29,19 @@
<!ENTITY autofs-version "4.1.4">
<!-- Chapter 4 -->
<!-- Ensure you check the library version number and update the
Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
<!ENTITY openssl-version "0.9.7g">
<!-- End special note about Heimdal -->
<!ENTITY cracklib-version "2.8.3">
<!ENTITY Linux_PAM-version "0.80">
<!ENTITY shadow-version "4.0.9">
<!ENTITY iptables-version "1.3.1">
<!ENTITY gnupg-version "1.4.1">
<!ENTITY tripwire-version "portable-0.9">
<!ENTITY heimdal-version "0.6.3">
<!ENTITY heimdal-version "0.7">
<!ENTITY mitkrb-version "1.4">
<!ENTITY cyrus-sasl-version "2.1.21">
<!ENTITY stunnel-version "4.11">
@ -280,7 +285,12 @@
<!ENTITY sendmail-version "8.13.4">
<!-- Chapter 23 -->
<!-- Ensure you check the library version number and update the
Heimdal instructions (postlfs/security/heimdal.xml) if necessary -->
<!ENTITY db-version "4.3.28">
<!-- End special note about Heimdal -->
<!ENTITY mysql-version "4.1.12">
<!ENTITY postgresql-version "8.0.3">

4
introduction/welcome/changelog.xml
View File

@ -24,6 +24,10 @@
<itemizedlist>
<listitem>
<para>July 25th 2005 [randy]: Updated to Heimdal-0.7.</para>
</listitem>
<listitem>
<para>July 25th 2005 [djensen]: Updated to Imlib2-1.2.1.</para>
</listitem>

145
postlfs/security/heimdal.xml
View File

@ -6,10 +6,10 @@
<!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
<!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
<!ENTITY heimdal-md5sum "2265fd2d4573dd3a8da45ce62519e48b">
<!ENTITY heimdal-size "3.3 MB">
<!ENTITY heimdal-buildsize "71 MB">
<!ENTITY heimdal-time "2.06 SBU">
<!ENTITY heimdal-md5sum "0a8097a8772d5d2de8c5539d3182b82a">
<!ENTITY heimdal-size "4.5 MB">
<!ENTITY heimdal-buildsize "91 MB">
<!ENTITY heimdal-time "2.4 SBU">
]>
<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
@ -30,13 +30,13 @@
<title>Introduction to Heimdal</title>
<para><application>Heimdal</application> is a free implementation
of Kerberos 5, that aims to be compatible with MIT krb5 and is
of Kerberos 5 that aims to be compatible with MIT krb5 and is
backwards compatible with krb4. Kerberos is a network authentication
protocol. Basically it preserves the integrity of passwords in any
untrusted network (like the Internet). Kerberized applications work
hand-in-hand with sites that support Kerberos to ensure that passwords
cannot be stolen. A Kerberos installation will make changes to the
authentication mechanisms on your network and will overwrite several
cannot be stolen or compromised. A Kerberos installation will make changes
to the authentication mechanisms on your network and will overwrite several
programs and daemons from the <application>Coreutils</application>,
<application>Inetutils</application>, <application>Qpopper</application>
and <application>Shadow</application> packages.</para>
@ -70,7 +70,7 @@
url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
</listitem>
<listitem>
<para>Required patch for <application>cracklib</application>: <ulink
<para>Required patch for <application>CrackLib</application> support: <ulink
url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
</listitem>
</itemizedlist>
@ -85,7 +85,8 @@
<para><xref linkend="Linux_PAM"/>,
<xref linkend="openldap"/>,
X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
<xref linkend="cracklib"/> and
<xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
patch) and
<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
<note>
@ -105,15 +106,16 @@
package. This is because using the <application>Heimdal</application>
<command>ftp</command> program to connect to non-kerberized ftp servers may
not work properly. It will allow you to connect (letting you know that
transmission of the password is clear text) but will have problems doing puts
and gets. Issue the following command as the <systemitem
class="username">root</systemitem> user.</para>
transmission of the password is clear text) but will have problems doing
puts and gets. Issue the following command as the
<systemitem class="username">root</systemitem> user.</para>
<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
<para>If you wish the <application>Heimdal</application> package to
link against the <application>cracklib</application> library, you
must apply a patch:</para>
link against the <application>CrackLib</application> library (requires
<xref linkend="cracklib"/> installed with the <filename>heimdal</filename>
patch), you must apply a patch:</para>
<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
@ -121,27 +123,39 @@
commands:</para>
<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
./configure --prefix=/usr --sysconfdir=/etc/heimdal \
--datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
--libexecdir=/usr/sbin --enable-shared \
--with-openssl=/usr --with-readline=/usr &amp;&amp;
./configure --prefix=/usr \
--sysconfdir=/etc/heimdal \
--libexecdir=/usr/sbin \
--datadir=/var/lib/heimdal \
--localstatedir=/var/lib/heimdal \
--enable-shared \
--with-readline=/usr &amp;&amp;
make</userinput></screen>
<para>To test the results, issue: <command>make check</command>.</para>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install &amp;&amp;
install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
install -v -m644 doc/{init-creds,layman.asc} \
/usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
install -v -m644 doc/standardisation/* \
/usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
mv -v /bin/login /bin/login.shadow &amp;&amp;
mv -v /bin/su /bin/su.shadow &amp;&amp;
mv -v /usr/bin/{login,su} /bin &amp;&amp;
ln -v -sf ../../bin/login /usr/bin &amp;&amp;
mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
/usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &amp;&amp;
ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
/usr/lib &amp;&amp;
ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
/usr/lib &amp;&amp;
ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
/usr/lib &amp;&amp;
mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
/usr/lib/libdb-4.3.so /lib &amp;&amp;
ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &amp;&amp;
ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &amp;&amp;
for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
do
ln -v -sf ../../lib/lib$SYMLINK \
/usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
done
ldconfig</userinput></screen>
</sect2>
@ -153,7 +167,7 @@ ldconfig</userinput></screen>
puts the daemon programs into
<filename class="directory">/usr/sbin</filename>.</para>
<note>
<tip>
<para>If you want to preserve all your existing
<application>Inetutils</application> package daemons, install the
<application>Heimdal</application> daemons into
@ -166,8 +180,8 @@ ldconfig</userinput></screen>
<filename class="directory">/usr/sbin</filename>, you may want to move
some of the user programs (such as <command>kadmin</command>) to
<filename class="directory">/usr/sbin</filename> manually so they'll be
in the privileged user's default path.</para>
</note>
in the privileged user's default <envar>PATH</envar>.</para>
</tip>
<para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
The <command>login</command> and <command>su</command> programs installed by
@ -178,7 +192,7 @@ ldconfig</userinput></screen>
<filename class="directory">/usr/bin</filename>. The old executables are
preserved before the move to keep things sane should breaks occur.</para>
<para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>:
<para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
The <command>login</command> and <command>su</command> programs installed
by <application>Heimdal</application> link against
<application>Heimdal</application> libraries as well as libraries provided
@ -186,8 +200,8 @@ ldconfig</userinput></screen>
<application>Berkeley DB</application> packages. These
libraries are moved to <filename class="directory">/lib</filename> to be
FHS compliant and also in case
<filename class="directory">/usr</filename> is located on a separate partition
which may not always be mounted.</para>
<filename class="directory">/usr</filename> is located on a separate
partition which may not always be mounted.</para>
</sect2>
@ -208,13 +222,19 @@ ldconfig</userinput></screen>
<sect3>
<title>Configuration Information</title>
<note>
<para>All the configuration steps shown below must be accomplished
by the <systemitem class='username'>root</systemitem> user unless
otherwise noted.</para>
</note>
<sect4>
<title>Master KDC Server Configuration</title>
<para>Create the Kerberos configuration file with the
following commands:</para>
<screen role="root"><userinput>install -v -d /etc/heimdal &amp;&amp;
<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
<literal># Begin /etc/heimdal/krb5.conf
@ -238,7 +258,8 @@ cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
default = FILE:/var/log/krb.log
# End /etc/heimdal/krb5.conf</literal>
EOF</userinput></screen>
EOF
chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
<para>You will need to substitute your domain and proper hostname
for the occurrences of the <replaceable>[hostname]</replaceable>
@ -264,16 +285,23 @@ EOF</userinput></screen>
<para>Store the master password in a key file using the following
commands:</para>
<screen role="root"><userinput>install -d -m 755 /var/lib/heimdal &amp;&amp;
<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
kstash</userinput></screen>
<para>Create the KDC database:</para>
<screen role="root"><userinput>kadmin -l</userinput></screen>
<para>Choose the defaults for now. You can go in later and change the
defaults, should you feel the need. At the <prompt>kadmin&gt;</prompt>
prompt, issue the following statement:</para>
<para>The commands below will prompt you for information about the
principles. Choose the defaults for now unless you know what you are
doing and need to specify different values. You can go in later and
change the defaults, should you feel the need. You may use the up and
down arrow keys to use the history feature of <command>kadmin</command>
in a similar manner as the <command>bash</command> history
feature.</para>
<para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
statement:</para>
<screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen>
@ -340,8 +368,9 @@ kstash</userinput></screen>
encryption methods used to access the principals.</para>
<para>At this point, if everything has been successful so far, you
can feel fairly confident in the installation and configuration of
the package.</para>
can feel fairly confident in the installation, setup and configuration
of your new <application>Heimdal</application> Kerberos 5
installation.</para>
<para id="heimdal-init">Install the
<filename>/etc/rc.d/init.d/heimdal</filename> init script included
@ -406,16 +435,18 @@ kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</l
<seglistitem>
<seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred,
kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd,
login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp,
replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet,
telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock</seg>
<seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]</seg>
<seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss, and
/var/lib/heimdal</seg>
ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
and xnlock</seg>
<seg>libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a],
libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a],
libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a]
and libss.[so,a]</seg>
<seg>/etc/heimdal, /usr/include/kadm5,
/usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
</seglistitem>
</segmentedlist>
@ -526,13 +557,25 @@ kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</l
<varlistentry id="kauth">
<term><command>kauth</command></term>
<listitem>
<para>is a symbolic link to the <command>kinit</command> program.</para>
<para>is a symbolic link to the <command>kinit</command>
program.</para>
<indexterm zone="heimdal kauth">
<primary sortas="g-kauth">kauth</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kcm">
<term><command>kcm</command></term>
<listitem>
<para>is a process based credential cache for Kerberos
tickets.</para>
<indexterm zone="heimdal kcm">
<primary sortas="b-kcm">kcm</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="kdc">
<term><command>kdc</command></term>
<listitem>