diff options
Diffstat (limited to 'crypto/kerberosIV/etc')
-rw-r--r-- | crypto/kerberosIV/etc/README | 41 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/default.login | 47 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/fbtab | 15 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/hosts.equiv | 1 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/inetd.conf.changes | 33 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/inetd.conf.changes.in | 33 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/krb.conf | 55 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/krb.equiv | 14 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/krb.realms | 54 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/login.access | 54 | ||||
-rw-r--r-- | crypto/kerberosIV/etc/services.append | 26 |
11 files changed, 0 insertions, 373 deletions
diff --git a/crypto/kerberosIV/etc/README b/crypto/kerberosIV/etc/README deleted file mode 100644 index 68865ec..0000000 --- a/crypto/kerberosIV/etc/README +++ /dev/null @@ -1,41 +0,0 @@ - - How to update your files in the /etc directory! - -/etc/services (all machines) - - The contents of services.append can probably just be appended to -your local file. If you use NIS (YP) you need to do this on the NIS -master. Delete and duplicate definitions to prevent inconsistencies. - -/etc/krb.conf (all machines) - - Create a krb.conf file by substituting MY.REALM.NAME with your -domain name. If you create a domain name alias (CNAME) kerberos.domain -pointing to your master server, unconfigured clients will have a -chance to find your realm. - - It is no longer necessary to put each and every realm in -krb.{conf,realms}. If the domain name matches your realm name and you -have a CNAME kerberos.REALMNAME pointing at your kerberos server other -sites will find your realm even if it is not listed in krb.conf. -*** Please add this CNAME to your local DNS *** - -/etc/krb.realms (all machines) - - Substitue MY.REALM.NAME in krb.realms with your domain name. - Not strictly necessary when domain and realm names match. - -/etc/inetd.conf (all machines supporting incoming telnet, rsh etc.) - - Comment out the lines starting with shell, login and telnet and -append inetd.conf.changes. Be carefull to check that there are no -additional old entries of kshell, ekshell, klogin and eklogin left. - - The -v option to rshd and rlogin turns off that service and echo -an informational message to the user. - -/etc/srvtab - - With 'ksrvutil get' you can add entries to the Kerberos database and -put the service keys into your srvtab file. - diff --git a/crypto/kerberosIV/etc/default.login b/crypto/kerberosIV/etc/default.login deleted file mode 100644 index f01b2ee..0000000 --- a/crypto/kerberosIV/etc/default.login +++ /dev/null @@ -1,47 +0,0 @@ -# -# Sample /etc/default/login file, read by the login program -# -# For more info consult SysV login(1) -# -# Most things are environment variables. -# HZ and TZ are set only if they are still uninitialized. - -# This really variable TZ -#TIMEZONE=EST5EDT - -#HZ=100 - -# File size limit, se ulimit(2). -# Note that the limit must be specified in units of 512-byte blocks. -#ULIMIT=0 - -# If CONSOLE is set, root can only login on that device. -# When not set root can log in on any device. -#CONSOLE=/dev/console - -# PASSREQ determines if login requires a password. -PASSREQ=YES - -# ALTSHELL, really set SHELL=/bin/bash or other shell -# Extension: when ALTSHELL=YES, we set the SHELL variable even if it is /bin/sh -ALTSHELL=YES - -# Default PATH -#PATH=/usr/bin: - -# Default PATH for root user -#SUPATH=/usr/sbin:/usr/bin - -# TIMEOUT sets the number of seconds (between 0 and 900) to wait before -# abandoning a login session. -# -#TIMEOUT=300 - -# Use this for default umask(2) value -#UMASK=022 - -# Sleeptime between failed logins -# SLEEPTIME - -# Maximum number of failed login attempts, well the user can always reconnect -# MAXTRYS diff --git a/crypto/kerberosIV/etc/fbtab b/crypto/kerberosIV/etc/fbtab deleted file mode 100644 index 3e21376..0000000 --- a/crypto/kerberosIV/etc/fbtab +++ /dev/null @@ -1,15 +0,0 @@ -# Sample /etc/fbtab file read by the login program -# This file can also be called /etc/logindevperm. - -# Use this to give away devices to the console user. The group of the -# devices is set to the owner's group specified in /etc/passwd. -# -# First column specifies the console device. -# -# Second the mode bits of the given away devices -# -# Third is a : separated list of devices to give away - -# console mode devices -/dev/console 0600 /dev/console:/dev/mouse -/dev/console 0600 /dev/floppy diff --git a/crypto/kerberosIV/etc/hosts.equiv b/crypto/kerberosIV/etc/hosts.equiv deleted file mode 100644 index 2fbb50c..0000000 --- a/crypto/kerberosIV/etc/hosts.equiv +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes deleted file mode 100644 index c0a88ca..0000000 --- a/crypto/kerberosIV/etc/inetd.conf.changes +++ /dev/null @@ -1,33 +0,0 @@ -# -# $Id: inetd.conf.changes,v 1.13 1997/09/03 15:48:23 bg Exp $ -# -# Turn off vanilla rshd and rlogind with an informational message. -# If you really want this security problem remove the '-v' option! -shell stream tcp nowait root /usr/athena/libexec/rshd rshd -l -L -v -login stream tcp nowait root /usr/athena/libexec/rlogind rlogind -l -v -# -# Kerberos rsh -kshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -ekshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x -ekshell2 stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x -# -# Kerberos rlogin -klogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k -eklogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k -x -# -# Kerberized telnet and ftp, consider adding '-a user' to -# disallow cleartext passwords to both telnetd and ftpd. -telnet stream tcp nowait root /usr/athena/libexec/telnetd telnetd -a none -ftp stream tcp nowait root /usr/athena/libexec/ftpd ftpd -l -a none -# -# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname! -#kpop stream tcp nowait root /usr/athena/libexec/popper popper -k -# -# Old POP3 with passwords in clear (not recommended, uses cleartext passwords) -#pop3 stream tcp nowait root /usr/athena/libexec/popper popper -# -# Kauthd, support for putting tickets on other machines in a secure fashion. -kauth stream tcp nowait root /usr/athena/libexec/kauthd kauthd -# -# Encrypted X connections -kx stream tcp nowait root /usr/athena/libexec/kxd kxd diff --git a/crypto/kerberosIV/etc/inetd.conf.changes.in b/crypto/kerberosIV/etc/inetd.conf.changes.in deleted file mode 100644 index 2ccb8f5..0000000 --- a/crypto/kerberosIV/etc/inetd.conf.changes.in +++ /dev/null @@ -1,33 +0,0 @@ -# -# $Id: inetd.conf.changes.in,v 1.14 1999/11/10 14:21:07 joda Exp $ -# -# Turn off vanilla rshd and rlogind with an informational message. -# If you really want this security problem remove the '-v' option! -shell stream tcp nowait root @prefix@/libexec/rshd rshd -l -L -v -login stream tcp nowait root @prefix@/libexec/rlogind rlogind -l -v -# -# Kerberos rsh -kshell stream tcp nowait root @prefix@/libexec/rshd rshd -L -k -ekshell stream tcp nowait root @prefix@/libexec/rshd rshd -L -k -x -ekshell2 stream tcp nowait root @prefix@/libexec/rshd rshd -L -k -x -# -# Kerberos rlogin -klogin stream tcp nowait root @prefix@/libexec/rlogind rlogind -k -eklogin stream tcp nowait root @prefix@/libexec/rlogind rlogind -k -x -# -# Kerberized telnet and ftp, consider adding '-a user' to -# disallow cleartext passwords to both telnetd and ftpd. -telnet stream tcp nowait root @prefix@/libexec/telnetd telnetd -a none -ftp stream tcp nowait root @prefix@/libexec/ftpd ftpd -l -a none -# -# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname! -#kpop stream tcp nowait root @prefix@/libexec/popper popper -k -# -# Old POP3 with passwords in clear (not recommended, uses cleartext passwords) -#pop3 stream tcp nowait root @prefix@/libexec/popper popper -# -# Kauthd, support for putting tickets on other machines in a secure fashion. -kauth stream tcp nowait root @prefix@/libexec/kauthd kauthd -# -# Encrypted X connections -kx stream tcp nowait root @prefix@/libexec/kxd kxd diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf deleted file mode 100644 index 9c694b5..0000000 --- a/crypto/kerberosIV/etc/krb.conf +++ /dev/null @@ -1,55 +0,0 @@ -MY.REALM.NAME -MY.REALM.NAME kerberos.MY.REALM.NAME admin server -SICS.SE kerberos.sics.se admin server -NADA.KTH.SE kerberos.nada.kth.se admin server -NADA.KTH.SE sysman.nada.kth.se -NADA.KTH.SE server.nada.kth.se -ADMIN.KTH.SE ulysses.admin.kth.se admin server -ADMIN.KTH.SE graziano.admin.kth.se -ADMIN.KTH.SE montano.admin.kth.se -BION.KTH.SE chaplin.bion.kth.se admin server -DSV.SU.SE ssi.dsv.su.se admin server -DSV.SU.SE vall.dsv.su.se -E.KTH.SE kerberos.e.kth.se admin server -E.KTH.SE kerberos-1.e.kth.se -E.KTH.SE kerberos-2.e.kth.se -IT.KTH.SE kerberos.it.kth.se -IT.KTH.SE kerberos-1.it.kth.se -IT.KTH.SE kerberos-2.it.kth.se -MECH.KTH.SE kerberos.mech.kth.se admin server -KTH.SE kth.se admin server -ML.KVA.SE gustava.ml.kva.se admin server -PI.SE liszt.adm.pi.se admin server -STACKEN.KTH.SE kerberos.stacken.kth.se admin server -SUNET.SE kerberos.sunet.se admin server -CYGNUS.COM kerberos.cygnus.com admin server -CYGNUS.COM kerberos-1.cygnus.com -CYGNUS.COM dumb.cygnus.com -DEVO.CYGNUS.COM dumber.cygnus.com admin server -MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server -KITHRUP.COM KITHRUP.COM admin server -ATHENA.MIT.EDU kerberos.mit.edu admin server -ATHENA.MIT.EDU kerberos-1.mit.edu -ATHENA.MIT.EDU kerberos-2.mit.edu -ATHENA.MIT.EDU kerberos-3.mit.edu -LCS.MIT.EDU kerberos.lcs.mit.edu admin server -SMS_TEST.MIT.EDU dodo.mit.edu admin server -LS.MIT.EDU ls.mit.edu admin server -IFS.UMICH.EDU kerberos.ifs.umich.edu -CS.WASHINGTON.EDU hawk.cs.washington.edu -CS.WASHINGTON.EDU aspen.cs.washington.edu -CS.BERKELEY.EDU okeeffe.berkeley.edu -SOUP.MIT.EDU soup.mit.edu admin server -TELECOM.MIT.EDU bitsy.mit.edu -MEDIA.MIT.EDU kerberos.media.mit.edu -NEAR.NET kerberos.near.net -CATS.UCSC.EDU mehitabel.ucsc.edu admin server -CATS.UCSC.EDU ucsch.ucsc.edu -WATCH.MIT.EDU kerberos.watch.mit.edu admin server -TELEBIT.COM napa.telebit.com. admin server -ARMADILLO.COM monad.armadillo.com admin server -TOAD.COM toad.com admin server -ZEN.ORG zen.org admin server -LLOYD.COM harry.lloyd.com admin server -EPRI.COM kerberos.epri.com admin server -EPRI.COM kerberos-2.epri.com diff --git a/crypto/kerberosIV/etc/krb.equiv b/crypto/kerberosIV/etc/krb.equiv deleted file mode 100644 index 6205c1f..0000000 --- a/crypto/kerberosIV/etc/krb.equiv +++ /dev/null @@ -1,14 +0,0 @@ -# List of host with multiple adresses. -# -193.10.156.253 130.237.232.44 193.10.156.252 # scws scws-fddi scws-2. -193.10.156.250 130.237.232.15 # salmon-sp salmon. -# -# new krb.equiv syntax for all of SP. -# -193.10.156.0/24 193.10.157.0/24 \ # syk-X.pdc.kth.se syk-X-hps.pdc.kth.se -130.237.232.31 130.237.232.32 \ # syk-0101-fddi syk-0201-fddi -130.237.232.38 130.237.232.39 \ # syk-0115-fddi syk-0116-fddi -130.237.232.33 130.237.232.34 \ # syk-0301-fddi syk-0401-fddi -130.237.232.35 130.237.232.36 \ # syk-0501-fddi syk-0601-fddi -130.237.232.37 130.237.230.66 \ # syk-0602-fddi syk-0602-fcs -130.237.230.36 # syk-0606-hippi. diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms deleted file mode 100644 index 7498bf0..0000000 --- a/crypto/kerberosIV/etc/krb.realms +++ /dev/null @@ -1,54 +0,0 @@ -.MY.REALM.NAME MY.REALM.NAME -sics.se SICS.SE -.sics.se SICS.SE -nada.kth.se NADA.KTH.SE -pdc.kth.se NADA.KTH.SE -.hydro.kth.se NADA.KTH.SE -.mech.kth.se MECH.KTH.SE -.nada.kth.se NADA.KTH.SE -.pdc.kth.se NADA.KTH.SE -.sans.kth.se NADA.KTH.SE -.admin.kth.se ADMIN.KTH.SE -.e.kth.se E.KTH.SE -.s3.kth.se E.KTH.SE -.radio.kth.se E.KTH.SE -.ttt.kth.se E.KTH.SE -.electrum.kth.se IT.KTH.SE -.math.kth.se MATH.KTH.SE -.it.kth.se IT.KTH.SE -.sth.sunet.se SUNET.SE -.pilsnet.sunet.se SUNET.SE -.sunet.se SUNET.SE -.ml.kva.se ML.KVA.SE -pi.se PI.SE -.pi.se PI.SE -.adm.pi.se PI.SE -.stacken.kth.se STACKEN.KTH.SE -kth.se KTH.SE -.kth.se KTH.SE -.bion.kth.se BION.KTH.SE -.dsv.su.se DSV.SU.SE -.MIT.EDU ATHENA.MIT.EDU -.MIT.EDU. ATHENA.MIT.EDU -MIT.EDU ATHENA.MIT.EDU -DODO.MIT.EDU SMS_TEST.MIT.EDU -.UCSC.EDU CATS.UCSC.EDU -.UCSC.EDU. CATS.UCSC.EDU -CYGNUS.COM CYGNUS.COM -.CYGNUS.COM CYGNUS.COM -MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM -KITHRUP.COM KITHRUP.COM -.KITHRUP.COM KITHRUP.COM -.berkeley.edu EECS.BERKELEY.EDU -.CS.berkeley.edu EECS.BERKELEY.EDU -.MIT.EDU ATHENA.MIT.EDU -.mit.edu ATHENA.MIT.EDU -.BSDI.COM BSDI.COM -ARMADILLO.COM ARMADILLO.COM -.ARMADILLO.COM ARMADILLO.COM -ZEN.ORG ZEN.ORG -.ZEN.ORG ZEN.ORG -toad.com TOAD.COM -.toad.com TOAD.COM -lloyd.com LLOYD.COM -.lloyd.com LLOYD.COM diff --git a/crypto/kerberosIV/etc/login.access b/crypto/kerberosIV/etc/login.access deleted file mode 100644 index f811616..0000000 --- a/crypto/kerberosIV/etc/login.access +++ /dev/null @@ -1,54 +0,0 @@ -# Sample /etc/login.access file read by the login program -# -# Login access control table. -# -# When someone logs in, the table is scanned for the first entry that -# matches the (user, host) combination, or, in case of non-networked -# logins, the first entry that matches the (user, tty) combination. The -# permissions field of that table entry determines whether the login will -# be accepted or refused. -# -# Format of the login access control table is three fields separated by a -# ":" character: -# -# permission : users : origins -# -# The first field should be a "+" (access granted) or "-" (access denied) -# character. -# -# The second field should be a list of one or more login names, group -# names, or ALL (always matches). A pattern of the form user@host is -# matched when the login name matches the "user" part, and when the -# "host" part matches the local machine name. -# -# The third field should be a list of one or more tty names (for -# non-networked logins), host names, domain names (begin with "."), host -# addresses, internet network numbers (end with "."), ALL (always -# matches) or LOCAL (matches any string that does not contain a "." -# character). -# -# If you run NIS you can use @netgroupname in host or user patterns; this -# even works for @usergroup@@hostgroup patterns. Weird. -# -# The EXCEPT operator makes it possible to write very compact rules. -# -# The group file is searched only when a name does not match that of the -# logged-in user. Only groups are matched in which users are explicitly -# listed: the program does not look at a user's primary group id value. -# -############################################################################## -# -# Disallow console logins to all but a few accounts. -# --:ALL EXCEPT wheel shutdown sync:console -# -# Disallow non-local logins to privileged accounts (group wheel). -# --:wheel:ALL EXCEPT LOCAL .win.tue.nl -# -# Some accounts are not allowed to login from anywhere: -# --:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL -# -# All other accounts are allowed to login from anywhere. -# diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append deleted file mode 100644 index 3b3ec61..0000000 --- a/crypto/kerberosIV/etc/services.append +++ /dev/null @@ -1,26 +0,0 @@ -# -# $Id: services.append,v 1.13 1999/07/06 13:08:02 assar Exp $ -# -# Kerberos services -# -kerberos-sec 88/udp # Kerberos secondary port UDP -kerberos-sec 88/tcp # Kerberos secondary port TCP -kpasswd 464/udp # password changing -kpasswd 464/tdp # password changing -klogin 543/tcp # Kerberos authenticated rlogin -kshell 544/tcp krcmd # and remote shell -ekshell 545/tcp # Kerberos encrypted remote shell -kfall -ekshell2 2106/tcp # What U of Colorado @ Boulder uses? -kerberos-adm 749/udp # v5 kadmin -kerberos-adm 749/tcp # v5 kadmin -kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp -kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp -kerberos_master 751/udp # v4 kadmin -kerberos_master 751/tcp # v4 kadmin -krb_prop 754/tcp hprop # Kerberos slave propagation -kpop 1109/tcp # Pop with Kerberos -eklogin 2105/tcp # Kerberos encrypted rlogin -rkinit 2108/tcp # Kerberos remote kinit -kx 2111/tcp # X over kerberos -kip 2112/tcp # IP over kerberos -kauth 2120/tcp # Remote kauth |