Warning ======= This is experimental stuff, don't expect things to work correctly at this point. Please contact if you have questions about the kerberosV stuff. Status of the code ================== The current status is that the libraries, KDC, kadmind, some basic administrators and users utilities, and the telnet client and server works. Building ======== To build this stuff, do the following: # echo "KERBEROS5=Yes" >> /etc/mk.conf # cd /usr/src/kerberosV # make build To get a telnet client and server with kerberos5 support, do the following: # cd /usr/src/lib/libtelnet # make ; make install # cd /usr/src/usr.bin/telnet # make ; make install # cd /usr/src/libexec/telnetd # make ; make install The krb5.conf and krb5.keytab files have recently been moved to /etc/kerberosV directory. If you've previously used this code you should move those files. Documentation ============= Some documentation is available in the `heimdal' info-page, but it is currently quite incomplete. A number of manpages for library functions are also available. BSD Auth ======== There's also a BSD Authentication login script in src/libexec/login_krb5, which you can build by typing # cd /usr/src/libexec/login_krb5 # make ; make install # cd /usr/src/libexec/login_krb5-or-pwd # make ; make install Make sure to also rebuild su and login, or things will _seriously_ break. Refer to login.conf(5), login(1), login_krb5(8) and login_krb5-or-pwd(8) for more information. TODO ==== Things todo, in no particular order: - Make sure to not try krb5 auth when no ticket exists. (same goes for krb4) (i think this is actually ok, but it needs to be verified.) - hack krb5 support in our passwd - we should probably change to using BSD authentication for password changing aswell. - Password quality checks in kpasswdd - krb5-config script - kx, kxd - BSD Auth support in xdm, xlock, sudo - rxtelnet, rxterm - pop-server and push - rsh, rshd - ssh and sshd - Test what happens for a user not using kerberos - Test all combinations of compat stuff between client, kdc and server - Slave propagation k5->k5 and k4->k5 - Test and document how to upgrade a realm from k4 to k5 - Test compatibility with other k5 implementations, for example MIT and Windows 2000, and document any caveats or tricks - Logging - Manpages are missing for many library functions, as well as a few programs. So we should document them and give back to the Heimdal project. - Fix /etc/rc and companions - Example configuration installed when system is installed - GSS-API support in our ftp client and server