Annotation of src/kerberosV/README, Revision 1.8
1.7 hin 1: Warning
2: =======
1.1 hin 3:
4: This is experimental stuff, don't expect things to work correctly at this
5: point. Please contact <hin@openbsd.org> if you have questions about the
6: kerberosV stuff.
7:
1.7 hin 8:
9: Status of the code
10: ==================
11:
12: The current status is that the libraries, KDC, kadmind, some basic
13: administrators and users utilities, and the telnet client and server works.
14:
15:
16: Building
17: ========
18:
1.2 hin 19: To build this stuff, do the following:
20:
1.7 hin 21: # echo "KERBEROS5=Yes" >> /etc/mk.conf
1.2 hin 22: # cd /usr/src/kerberosV
23: # make build
24:
25: To get a telnet client and server with kerberos5 support, do the following:
26:
27: # cd /usr/src/lib/libtelnet
28: # make ; make install
29: # cd /usr/src/usr.bin/telnet
30: # make ; make install
31: # cd /usr/src/libexec/telnetd
32: # make ; make install
33:
1.1 hin 34:
1.7 hin 35: Documentation
36: =============
37:
38: Some documentation is available in the `heimdal' info-page, but it is currently
39: quite incomplete. A number of manpages for library functions are also
40: available.
41:
42:
1.8 ! hin 43: BSD Auth
! 44: ========
! 45:
! 46: There's also a BSD Authentication login script in src/libexec/login_krb5,
! 47: which you can enable by typing
! 48:
! 49: # cd /usr/src/libexec/login_krb5
! 50: # make ; make install
! 51:
! 52: Then change the line with "auth-defaults" in /etc/login.conf to include the
! 53: string "krb5" at the end of the authentication methods. You should now be
! 54: able to login with Kerberos 5 passwords by typing your login name followed
! 55: by ":krb5" on the login prompt.
! 56:
! 57: Su does not work at this time, but we expect it to do so in the near future.
! 58:
! 59:
1.7 hin 60: TODO
61: ====
1.1 hin 62:
63: Things todo, in no particular order:
64:
65: - Make sure to not try krb5 auth when no ticket exists. (same goes for krb4)
1.7 hin 66: (i think this is actually ok, but it needs to be verified.)
1.3 hin 67: - kpasswdd and hack krb5 support in our passwd
68: - krb5-config script
69: - kx, kxd
70: - krb5 support in login, xdm, xlock, su and sudo
71: - rxtelnet, rxterm
72: - pop-server and push
73: - rsh, rshd
1.1 hin 74: - ssh and sshd
75: - Test what happens for a user not using kerberos
76: - Test all combinations of compat stuff between client, kdc and server
77: - Slave propagation k5->k5 and k4->k5
1.3 hin 78: - Test and document how to upgrade a realm from k4 to k5
1.1 hin 79: - Test compatibility with other k5 implementations, for example MIT and
1.3 hin 80: Windows 2000, and document any caveats or tricks
1.1 hin 81: - Logging
1.3 hin 82: - Manpages are missing for many library functions, as well as a few
83: programs. So we should document them and give back to the Heimdal project.
84: - Fix /etc/rc and companions
85: - Example configuration installed when system is installed