Annotation of src/kerberosV/README, Revision 1.10
1.7 hin 1: Warning
2: =======
1.1 hin 3:
4: This is experimental stuff, don't expect things to work correctly at this
5: point. Please contact <hin@openbsd.org> if you have questions about the
6: kerberosV stuff.
7:
1.7 hin 8:
9: Status of the code
10: ==================
11:
12: The current status is that the libraries, KDC, kadmind, some basic
13: administrators and users utilities, and the telnet client and server works.
14:
15:
16: Building
17: ========
18:
1.2 hin 19: To build this stuff, do the following:
20:
1.7 hin 21: # echo "KERBEROS5=Yes" >> /etc/mk.conf
1.2 hin 22: # cd /usr/src/kerberosV
23: # make build
24:
25: To get a telnet client and server with kerberos5 support, do the following:
26:
27: # cd /usr/src/lib/libtelnet
28: # make ; make install
29: # cd /usr/src/usr.bin/telnet
30: # make ; make install
31: # cd /usr/src/libexec/telnetd
32: # make ; make install
33:
1.9 hin 34: The krb5.conf and krb5.keytab files have recently been moved to
35: /etc/kerberosV directory. If you've previously used this code you should
36: move those files.
37:
1.1 hin 38:
1.7 hin 39: Documentation
40: =============
41:
42: Some documentation is available in the `heimdal' info-page, but it is currently
43: quite incomplete. A number of manpages for library functions are also
44: available.
45:
46:
1.8 hin 47: BSD Auth
48: ========
49:
50: There's also a BSD Authentication login script in src/libexec/login_krb5,
1.10 ! hin 51: which you can build by typing
1.8 hin 52:
53: # cd /usr/src/libexec/login_krb5
54: # make ; make install
1.10 ! hin 55: # cd /usr/src/libexec/login_krb5-or-pwd
! 56: # make ; make install
1.8 hin 57:
1.10 ! hin 58: Make sure to also rebuild su and login, or things will _seriously_ break.
1.9 hin 59:
1.10 ! hin 60: Refer to login.conf(5), login(1), login_krb5(8) and login_krb5-or-pwd(8)
! 61: for more information.
1.8 hin 62:
63:
1.7 hin 64: TODO
65: ====
1.1 hin 66:
67: Things todo, in no particular order:
68:
69: - Make sure to not try krb5 auth when no ticket exists. (same goes for krb4)
1.7 hin 70: (i think this is actually ok, but it needs to be verified.)
1.9 hin 71: - hack krb5 support in our passwd - we should probably change to using
72: BSD authentication for password changing aswell.
73: - Password quality checks in kpasswdd
1.3 hin 74: - krb5-config script
75: - kx, kxd
1.10 ! hin 76: - BSD Auth support in xdm, xlock, sudo
1.3 hin 77: - rxtelnet, rxterm
78: - pop-server and push
79: - rsh, rshd
1.1 hin 80: - ssh and sshd
81: - Test what happens for a user not using kerberos
82: - Test all combinations of compat stuff between client, kdc and server
83: - Slave propagation k5->k5 and k4->k5
1.3 hin 84: - Test and document how to upgrade a realm from k4 to k5
1.1 hin 85: - Test compatibility with other k5 implementations, for example MIT and
1.3 hin 86: Windows 2000, and document any caveats or tricks
1.1 hin 87: - Logging
1.3 hin 88: - Manpages are missing for many library functions, as well as a few
89: programs. So we should document them and give back to the Heimdal project.
90: - Fix /etc/rc and companions
91: - Example configuration installed when system is installed
1.9 hin 92: - GSS-API support in our ftp client and server