File: [local] / src / kerberosV / Attic / README (download)
Revision 1.8, Mon Jun 25 00:29:41 2001 UTC (22 years, 11 months ago) by hin
Branch: MAIN
Changes since 1.7: +17 -3 lines
Mention BSD Authentication.
Remove some things from the TODO list.
|
Warning
=======
This is experimental stuff, don't expect things to work correctly at this
point. Please contact <hin@openbsd.org> if you have questions about the
kerberosV stuff.
Status of the code
==================
The current status is that the libraries, KDC, kadmind, some basic
administrators and users utilities, and the telnet client and server works.
Building
========
To build this stuff, do the following:
# echo "KERBEROS5=Yes" >> /etc/mk.conf
# cd /usr/src/kerberosV
# make build
To get a telnet client and server with kerberos5 support, do the following:
# cd /usr/src/lib/libtelnet
# make ; make install
# cd /usr/src/usr.bin/telnet
# make ; make install
# cd /usr/src/libexec/telnetd
# make ; make install
Documentation
=============
Some documentation is available in the `heimdal' info-page, but it is currently
quite incomplete. A number of manpages for library functions are also
available.
BSD Auth
========
There's also a BSD Authentication login script in src/libexec/login_krb5,
which you can enable by typing
# cd /usr/src/libexec/login_krb5
# make ; make install
Then change the line with "auth-defaults" in /etc/login.conf to include the
string "krb5" at the end of the authentication methods. You should now be
able to login with Kerberos 5 passwords by typing your login name followed
by ":krb5" on the login prompt.
Su does not work at this time, but we expect it to do so in the near future.
TODO
====
Things todo, in no particular order:
- Make sure to not try krb5 auth when no ticket exists. (same goes for krb4)
(i think this is actually ok, but it needs to be verified.)
- kpasswdd and hack krb5 support in our passwd
- krb5-config script
- kx, kxd
- krb5 support in login, xdm, xlock, su and sudo
- rxtelnet, rxterm
- pop-server and push
- rsh, rshd
- ssh and sshd
- Test what happens for a user not using kerberos
- Test all combinations of compat stuff between client, kdc and server
- Slave propagation k5->k5 and k4->k5
- Test and document how to upgrade a realm from k4 to k5
- Test compatibility with other k5 implementations, for example MIT and
Windows 2000, and document any caveats or tricks
- Logging
- Manpages are missing for many library functions, as well as a few
programs. So we should document them and give back to the Heimdal project.
- Fix /etc/rc and companions
- Example configuration installed when system is installed
![[BACK]](/icons/back.gif){kind=icon}
Return to README CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / kerberosV