Warning ======= This is experimental stuff, don't expect things to work correctly at this point. Please contact if you have questions about the kerberosV stuff. Status of the code ================== The current status is that the libraries, KDC, kadmind, some basic administrators and users utilities, and the telnet client and server works. Building ======== To build this stuff, do the following: # echo "KERBEROS5=Yes" >> /etc/mk.conf # cd /usr/src/kerberosV # make build To get a telnet client and server with kerberos5 support, do the following: # cd /usr/src/lib/libtelnet # make ; make install # cd /usr/src/usr.bin/telnet # make ; make install # cd /usr/src/libexec/telnetd # make ; make install Documentation ============= Some documentation is available in the `heimdal' info-page, but it is currently quite incomplete. A number of manpages for library functions are also available. BSD Auth ======== There's also a BSD Authentication login script in src/libexec/login_krb5, which you can enable by typing # cd /usr/src/libexec/login_krb5 # make ; make install Then change the line with "auth-defaults" in /etc/login.conf to include the string "krb5" at the end of the authentication methods. You should now be able to login with Kerberos 5 passwords by typing your login name followed by ":krb5" on the login prompt. Su does not work at this time, but we expect it to do so in the near future. TODO ==== Things todo, in no particular order: - Make sure to not try krb5 auth when no ticket exists. (same goes for krb4) (i think this is actually ok, but it needs to be verified.) - kpasswdd and hack krb5 support in our passwd - krb5-config script - kx, kxd - krb5 support in login, xdm, xlock, su and sudo - rxtelnet, rxterm - pop-server and push - rsh, rshd - ssh and sshd - Test what happens for a user not using kerberos - Test all combinations of compat stuff between client, kdc and server - Slave propagation k5->k5 and k4->k5 - Test and document how to upgrade a realm from k4 to k5 - Test compatibility with other k5 implementations, for example MIT and Windows 2000, and document any caveats or tricks - Logging - Manpages are missing for many library functions, as well as a few programs. So we should document them and give back to the Heimdal project. - Fix /etc/rc and companions - Example configuration installed when system is installed