Remove some KerberosIV references that are now stale.

2 files changed, 22 insertions, 63 deletions

diff --git a/share/doc/smm/01.setup/3.t b/share/doc/smm/01.setup/3.t
index 0f3e859..5b0afd4 100644
--- a/share/doc/smm/01.setup/3.t
+++ b/share/doc/smm/01.setup/3.t
@@ -632,7 +632,6 @@ _	_	_
 	/etc/disklabels	directory for saving disklabels
 	/etc/exports	NFS list of export permissions
 	/etc/ftpwelcome	message displayed for ftp users; see ftpd(8)
-	/etc/kerberosIV	Kerberos directory; see below
 	/etc/man.conf	lists directories searched by \fIman\fP\|(1)
 	/etc/mtree	directory for local mtree files; see mtree(8)
 	/etc/netgroup	NFS group list used in \f(CW/etc/exports\fP
@@ -1591,49 +1590,44 @@ architectures from the same source tree
 (that may be mounted read-only).
 .Sh 4 "Kerberos"
 .PP
-The Kerberos authentication server from MIT (version 4)
+The Kerberos authentication system designed by MIT (version 5)
 is included in this release.
 See
-.Xr kerberos (1)
-for a general, if MIT-specific, introduction.
+.Xr kerberos (8)
+for a general introduction.
+Pluggable Authentication Modules (PAM) can use Kerberos
+at the system administrator's discretion.
 If it is configured,
+apps such as 
 .Xr login (1),
 .Xr passwd (1),
-.Xr rlogin (1)
+.Xr ftp (1)
 and
-.Xr rsh (1)
-will all begin to use it automatically.
+.Xr ssh (1)
+can use it automatically.
 The file
-.Pn /etc/kerberosIV/README
-describes the configuration.
 Each system needs the file
-.Pn /etc/kerberosIV/krb.conf
+.Pn /etc/krb5.conf
 to set its realm and local servers,
 and a private key stored in
-.Pn /etc/kerberosIV/srvtab
+.Pn /etc/krb5.keytab
 (see
-.Xr ext_srvtab (8)).
-The Kerberos server should be set up on a single, physically secure,
+.Xr ktutil (8)).
+The Kerberos server should be set up on a single,
+physically secure,
 server machine.
-Users and hosts may be added to the server database manually with
-.Xr kdb_edit (8),
-or users on authorized hosts can add themselves and a Kerberos
-password after verification of their ``local'' (passwd-file) password
-using the
-.Xr register (1)
-program.
-.PP
-Note that by default the password-changing program
+Users and hosts may be added and modified with
+.Xr kadmin (8).
+.PP
+Note that the password-changing program
 .Xr passwd (1)
-changes the Kerberos password, that must exist.
+can change the Kerberos password,
+if configured by the administrator using PAM.
 The
 .Li \-l
 option to
 .Xr passwd (1)
 changes the ``local'' password if one exists.
-.PP
-Note that Version 5 of Kerberos will be released soon;
-Version 4 should probably be replaced at that time.
 .Sh 4 "Timezone support"
 .PP
 The timezone conversion code in the C library uses data files installed in
diff --git a/share/doc/smm/06.nfs/1.t b/share/doc/smm/06.nfs/1.t
index 57d1b9c..96415da 100644
--- a/share/doc/smm/06.nfs/1.t
+++ b/share/doc/smm/06.nfs/1.t
@@ -69,13 +69,7 @@ Mountd handles remote mount protocol (RFC1094, Appendix A) requests.
 .lp
 The nfsd master daemon forks off children that enter the kernel
 via. the nfssvc system call. The children normally remain kernel
-resident, providing a process context for the NFS RPC servers. The only
-exception to this is when a Kerberos [Steiner88]
-ticket is received and at that time
-the nfsd exits the kernel temporarily to verify the ticket via. the
-Kerberos libraries and then returns to the kernel with the results.
-(This only happens for Kerberos mount points as described further under
-Security.)
+resident, providing a process context for the NFS RPC servers.
 Meanwhile, the master nfsd waits to accept new connections from clients
 using connection oriented transport protocols and passes the new sockets down
 into the kernel.
@@ -390,35 +384,6 @@ All user ids can be mapped to a default set of credentials, typically that of
 the user nobody. This essentially gives world access to all
 users on the corresponding hosts.
 .pp
-There is also a non-standard BSD
-\fB-kerb\fR export option that requires the client provide
-a KerberosIV rcmd service ticket to authenticate the user on the server.
-If successful, the Kerberos principal is looked up in the server's password
-and group databases to get a set of credentials and a map of client userid to
-these credentials is then cached.
-The use of TCP transport is strongly recommended,
-since the scheme depends on the TCP connection to avert replay attempts.
-Unfortunately, this option is only usable
-between BSD clients and servers since it is
-not compatible with other known ``kerberized'' NFS systems.
-To enable use of this Kerberos option, both mount_nfs on the client and
-nfsd on the server must be rebuilt with the -DKERBEROS option and
-linked to KerberosIV libraries.
-The file system is then exported to the client(s) with the \fB-kerb\fR option
-in the exports file on the server
-and the client mount specifies the
-\fB-K\fR
-and
-\fB-T\fR
-options.
-The
-\fB-m=\fIrealm\fR
-mount option may be used to specify a Kerberos Realm for the ticket
-(it must be the Kerberos Realm of the server) that is other than
-the client's local Realm.
-To access files in a \fB-kerb\fR mount point, the user must have a valid
-TGT for the server's Realm, as provided by kinit or similar.
-.pp
 As well as the standard NFS Version 2 protocol (RFC1094) implementation, BSD
 systems can use a variant of the protocol called Not Quite NFS (NQNFS) that
 supports a variety of protocol extensions.
@@ -432,7 +397,7 @@ in an effort to provide full cache consistency and better performance.
 This protocol is available between 4.4BSD systems only and is used when
 the \fB-q\fR mount option is specified.
 It can be used with any of the aforementioned options for NFS, such as TCP
-transport (\fB-T\fR) and KerberosIV authentication (\fB-K\fR).
+transport (\fB-T\fR).
 Although this protocol is experimental, it is recommended over NFS for
 mounts between 4.4BSD systems.\**
 .(f