diff options
Diffstat (limited to 'crypto/heimdal/packages/debian/README.Debian')
-rw-r--r-- | crypto/heimdal/packages/debian/README.Debian | 120 |
1 files changed, 120 insertions, 0 deletions
diff --git a/crypto/heimdal/packages/debian/README.Debian b/crypto/heimdal/packages/debian/README.Debian new file mode 100644 index 0000000..41a73cc --- /dev/null +++ b/crypto/heimdal/packages/debian/README.Debian @@ -0,0 +1,120 @@ +Note on ksu +----------- +This program is not installed setuid root be default. If you want to +install it setuid root, then you can override the package permissions +with: + +dpkg-statoverride --update --add root root 4755 /usr/bin/ksu + +Note on ipropd and/or hpropd +---------------------------- +The following entries may be required in you /etc/services +file (see bug #139845): + +krb_prop 754/tcp # Kerberos slave propagation +iprop 2121/tcp # incremental propagation + +Note on kerberos.8 man page +--------------------------- +This man page is not currently included due to conflict with kerberos4kth-kdc +package. For more information on Kerberos, see: +http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html + +Installing heimdal for Debian +----------------------------- +(Note: if you do not have a krb4 KDC, you may need to include +"krb4_get_tickets = no" in the [libdefaults] section of +kdc.conf; otherwise kinit will complain with an error). + +Things you will have to do manually (see info documentation for +details): + +On KDC: +1. Add adminstrator keys using kadmin. + +For example: +# kadmin -l +kadmin> add bam/admin +Max ticket life [unlimited]: +Max renewable life [unlimited]: +Principal expiration time [never]: +Password expiration time [never]: +Attributes []: +bam/admin@CHOCBIT.ORG.AU's Password: +Verifying password - bam/admin@CHOCBIT.ORG.AU's Password: + +2. Add kadmin/admin key to KDC: + +For example: +# kadmin -l +kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU +Max ticket life [unlimited]: +Max renewable life [unlimited]: +Principal expiration time [never]: +Password expiration time [never]: +Attributes []: + +(note: this key doesn't need to be extracted). + +3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl + +For example: +echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl + +4. Test. + +For example: +# kadmin -p bam/admin +bam/admin@CHOCBIT.ORG.AU's Password: +kadmin> list * +[should list all keys] + +5. Add user keys + +For example: +# kadmin -p bam/admin +bam/admin@CHOCBIT.ORG.AU's Password: +kadmin> add bam + + +On other computers: +1. If you installed heimdal-clients-x or heimdal-servers-x, +then you will need to add the following entry to /etc/services +kx 2111/tcp # X over kerberos +(check to make sure this doesn't already exist). +2. edit /etc/krb5.conf +3. setup secret keys each computer, using kadmin and/or ktutil. + +For example, on remote computer dewey.chocbit.org.au: +bam/admin@CHOCBIT.ORG.AU's Password: +kadmin> add -r host/dewey.chocbit.org.au +[...] +kadmin> ext host/dewey.chocbit.org.au +kadmin> add -r ftp/dewey.chocbit.org.au +[...] +kadmin> ext ftp/dewey.chocbit.org.au + +The ext command extracts keys to /etc/krb5.keytab, where +they can be inspected with the "ktutil list" command at the +shell prompt. + +Tell me if any files conflict with any other package - do not +try to force the package to install, otherwise things may break... +In general, this package conflicts with kerberos4kth and +probably MIT Kerberos (not packaged as of potato). Local +installations under /usr/local should be OK. + +Changes from upstream source: +1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user> +in that order. +2. /var/lib/heimdal-kdc used instead of /var/heimdal +3. /usr/bin/login moved to /usr/lib/heimdal-servers +4. /usr/lib/heimdal-servers used instead of /usr/libexec +5. telnet and ftp have been renamed to ktelnet and kftp, and +use the update-alternatives mechanism. In the future, this +should allow heimdal-clients to exist at the same time +as telnet-ssl. +6. kdc config files kdc.conf and kadmind.acl stored in +/etc/heimdal-kdc instead of /usr/lib/heimdal-servers. + + -- Brian May <bam@debian.org>, Wed, 8 Dec 1999 11:54:13 +1100 |