@node The appl Directory, The clients Directory, Organization of the Source Directory, Organization of the Source Directory
@subsection The appl Directory
-The Kerberos release provides certain UNIX utilities, modified to use
-Kerberos authentication. In the @i{appl/bsd} directory are the
-Berkeley utilities @i{login}, @i{rlogin}, @i{rsh}, and @i{rcp}, as well as
-the associated daemons @i{kshd} and @i{klogind}. The @i{login} program
-obtains ticket-granting tickets for users upon login; the other utilities
-provide authenticated Unix network services.
-
-The @i{appl} directory also contains Kerberized telnet and ftp programs,
-as well as sample Kerberos application client and server programs.
+The @i{appl} directory contains sample Kerberos application client and
+server programs. In previous releases, it contained Kerberized versions
+of remote access daemons, but those have now been moved to a separate
+project.
@node The clients Directory, The gen-manpages Directory, The appl Directory, Organization of the Source Directory
@subsection The clients Directory
% make check
@end example
+However, there are several prerequisites that must be satisfied first:
+
+@itemize @bullet
+@item
+Configure and build Kerberos with Tcl support. Tcl is used to drive the
+test suite. This often means passing @code{--with-tcl} to configure to
+tell it the location of the Tcl configuration script. (See
+@xref{Options to Configure}.)
+
+@item
+On some operating systems, you have to run @samp{make install} before
+running @samp{make check}, or the test suite will pick up installed
+versions of Kerberos libraries rather than the newly built ones. You
+can install into a prefix that isn't in the system library search path,
+though. Alternatively, you can configure with @code{--disable-rpath},
+which renders the build tree less suitable for installation, but allows
+testing without interference from previously installed libraries.
+
+@item
+In order to test the RPC layer, the local system has to be running the
+@command{portmap} daemon and it has to be listening to the regular
+network interface (not just localhost).
+@end itemize
+
@menu
* The DejaGnu Tests::
* The KADM5 Tests::
DejaGnu may be found wherever GNU software is archived.
-Most of the tests are setup to run as a non-privileged user. For some
-of the krb-root tests to work properly, either (a) the user running the
-tests must not have a .k5login file in the home directory or (b) the
-.k5login file must contain an entry for @code{<username>@@KRBTEST.COM}.
-There are two series of tests (@samp{rlogind} and @samp{telnetd}) which
-require the ability to @samp{rlogin} as root to the local
-machine. Admittedly, this does require the use of a @file{.rhosts} file
-or some authenticated means. @footnote{If you are fortunate enough to
-have a previous version of Kerberos V5 or V4 installed, and the Kerberos
-rlogin is first in your path, you can setup @file{.k5login} or
-@file{.klogin} respectively to allow you access.}
-
-If you cannot obtain root access to your machine, all the other tests
-will still run. Note however, with DejaGnu 1.2, the "untested testcases"
-will cause the testsuite to exit with a non-zero exit status which
-@samp{make} will consider a failure of the testing process. Do not worry
-about this, as these tests are the last run when @samp{make check} is
-executed from the top level of the build tree. This problem does not
-exist with DejaGnu 1.3.
-
@node The KADM5 Tests, , The DejaGnu Tests, Testing the Build
@subsection The KADM5 Tests
information about using DNS to determine the default realm. By default,
DNS lookups are enabled for the former but not for the latter.
-@item --enable-kdc-replay-cache
+@item --disable-kdc-lookaside-cache
-Enable a cache in the KDC to detect retransmitted messages, and resend
-the previous responses to them. This protects against certain types of
-attempts to extract information from the KDC through some of the
-hardware preauthentication systems.
+Disables the cache in the KDC which detects retransmitted client
+requests and resends the previous responses to them.
@item --with-system-et
Berkeley DB library version to be used, override it with this option.
For example, @samp{DB_LIB=-ldb-3.3}.
+@item --with-crypto-impl=IMPL
+
+Use specified crypto implementation in lieu of the default builtin.
+Currently only one alternative crypto-system openssl is available and
+it requires version 1.0.0 or higher of OpenSSL.
+
@end table
For example, in order to configure Kerberos on a Solaris machine using
Platforms for which there is shared library support but not significant
testing include FreeBSD, OpenBSD, AIX (4.3.3), Linux, NetBSD 1.4.x
-(i386), and SunOS 4.x.
+(i386).
To enable shared libraries on the above platforms, run the configure
script with the option @samp{--enable-shared}.
projects / krb5.git / blobdiff