The first step in each of these build procedures is to unpack the source
distribution. The Kerberos V5 distribution comes in two compressed tar
files. The first file, which is generally named
-@file{krb5-1.0.src.tar.gz}, contains the sources for all of Kerberos
+@file{krb5-@value{RELEASE}.src.tar.gz}, contains the sources for all of Kerberos
except for the crypto library, which is found in the file
-@file{krb5-1.0.crypto.tar.gz}.
+@file{krb5-@value{RELEASE}.crypto.tar.gz}.
Both files should be unpacked in the same directory, such as
-@file{/u1/krb5-1.0}. (In the rest of this document, we will assume that
+@file{/u1/krb5-@value{RELEASE}}. (In the rest of this document, we will assume that
you have chosen to unpack the Kerberos V5 source distribution in this
directory. Note that the tarfiles will by default all unpack into the
-@file{./krb5-1.0} directory, so that if your current directory is
+@file{./krb5-@value{RELEASE}} directory, so that if your current directory is
@file{/u1} when you unpack the tarfiles, you will get
-@file{/u1/krb5-1.0/src}, etc.)
+@file{/u1/krb5-@value{RELEASE}/src}, etc.)
@node Doing the Build, Testing the Build, Unpacking the Sources, Building Kerberos V5
@enumerate
@item
- @code{cd /u1/krb5-1.0/src}
+ @code{cd /u1/krb5-@value{RELEASE}/src}
@item
@code{./configure}
@item
@enumerate
@item
-@code{mkdir /u1/krb5-1.0/pmax}
+@code{mkdir /u1/krb5-@value{RELEASE}/pmax}
@item
- @code{cd /u1/krb5-1.0/pmax}
+ @code{cd /u1/krb5-@value{RELEASE}/pmax}
@item
@code{../src/configure}
@item
@enumerate
@item
- @code{mkdir /u1/krb5-1.0/solaris}
+ @code{mkdir /u1/krb5-@value{RELEASE}/solaris}
@item
- @code{cd /u1/krb5-1.0/solaris}
+ @code{cd /u1/krb5-@value{RELEASE}/solaris}
@item
- @code{/u1/krb5-1.0/src/util/lndir `pwd`/../src}
+ @code{/u1/krb5-@value{RELEASE}/src/util/lndir `pwd`/../src}
@item
@code{./configure}
@item
of the libraries may be installed on the same system and continue to
work.
-Currently the supported platforms are: NetBSD 1.0A, AIX 3.2.5, AIX 4.1,
-Solaris 2.4 (aka SunOS 5.4), Alpha OSF/1 >= 2.1, HP-UX >= 9.X.
+Currently the supported platforms are
+@comment NetBSD 1.0A, AIX 3.2.5, AIX 4.1,
+Solaris 2.6 (aka SunOS 5.6) and Irix 6.5.
+@comment Alpha OSF/1 >= 2.1, HP-UX >= 9.X.
To enable shared libraries on the above platforms, run the configure
script with the option @samp{--enable-shared}.
@node HPUX, Solaris versions 2.0 through 2.3, BSDI, OS Incompatibilities
@subsection HPUX
-The native compiler for HPUX currently will not work, because it is not
-a full ANSI C compiler. The optional compiler (c89) should work as long
-as you give it the @samp{+Olibcalls -D_HPUX_SOURCE} (this has only been
-tested for HPUX 9.0). At this point, using GCC is probably your best
-bet.
+The native (bundled) compiler for HPUX currently will not work, because
+it is not a full ANSI C compiler. The optional compiler (c89) should
+work as long as you give it the @samp{+Olibcalls -D_HPUX_SOURCE} (this
+has only been tested for HPUX 9.0). At this point, using GCC is
+probably your best bet.
@node Solaris versions 2.0 through 2.3, Solaris 2.X, HPUX, OS Incompatibilities
@subsection Solaris versions 2.0 through 2.3
@enumerate
@item
- Supply your own resolver library. (such as bind-4.9.3pl1 availavle
+ Supply your own resolver library. (such as bind-4.9.3pl1 available
from ftp.vix.com)
@item
@code{--force} option:
@example
-% cd /u1/krb5-1.0/src
+% cd /u1/krb5-@value{RELEASE}/src
% ./util/reconf --force
@end example
To install the binaries into a binary tree, do:
@example
-% cd /u1/krb5-1.0/src
+% cd /u1/krb5-@value{RELEASE}/src
% make all
% make install DESTDIR=somewhere-else
@end example
@end iftex
@include definitions.texinfo
-@set EDITION 1.0
+@set EDITION 1.1
@finalout @c don't print black warning boxes
@c @code{from}
@code{su}, @code{passwd}, and @code{rdist}.
-@node Client Machine Configuration Files, , Client Programs, Installing and Configuring UNIX Client Machines
+@node Client Machine Configuration Files, MacOS X Configuration, Client Programs, Installing and Configuring UNIX Client Machines
@subsection Client Machine Configuration Files
Each machine running Kerberos must have a @code{/etc/krb5.conf} file.
(@xref{krb5.conf})
@need 4000
-Also, you must add the appropriate Kerberos services to each client
-machine's @code{/etc/services} file. If you are using the default
-configuration for @value{PRODUCT}, you should be able to just insert the
-following code:
+Also, for most UNIX systems, you must add the appropriate Kerberos
+services to each client machine's @code{/etc/services} file. If you are
+using the default configuration for @value{PRODUCT}, you should be able
+to just insert the following code:
@smallexample
@group
@code{kerberos-sec} service (tcp and udp) on port 88, so the Kerberos
V4 KDC(s) will continue to work properly.
+@menu
+* MacOS X Configuration::
+@end menu
+
+@node MacOS X Configuration, , Client Machine Configuration Files, Client Machine Configuration Files
+@subsubsection MacOS X Configuration
+
+To install Kerberos V on MacOS X, follow the directions for generic
+Unix-based OS's, except for the @code{/etc/services} updates described
+above. Then, you must reconfigure your name resolver to return fully
+qualified domain names (FQDNs). To see if your system is already
+correctly configured, compile the Kerberos code, and run:
+
+@smallexample
+@group
+$ cd .../src/tests/resolve
+$ ./resolve
+@end group
+@end smallexample
+
+This will tell you whether or not your machine returns FQDNs on name
+lookups. If the test fails, run the following commands to fix things:
+
+@smallexample
+@group
+$ niutil -create . /locations/lookupd/hosts
+$ niutil -createprop . /locations/lookupd/hosts LookupOrder CacheAgent DNSAgent
+ NIAgent NILAgent
+@end group
+@end smallexample
+
+Unfortunately, as of release time, the machine must be rebooted for the
+changes to take effect. When the machine comes back up, run the test
+again to make sure things are fixed.
+
+Now, service entries must be created for the Kerberos-based servers.
+@code{/etc/services} is meaningless on MacOS X, so the following
+commands must be run instead:
+
+@smallexample
+@group
+$ niutil -create . /services/kerberos
+$ niutil -createprop . /services/kerberos name kerberos kdc
+$ niutil -createprop . /services/kerberos port 750
+$ niutil -createprop . /services/kerberos protocol tcp udp
+$ niutil -create . /services/krbupdate
+$ niutil -createprop . /services/krbupdate name krbupdate kreg
+$ niutil -createprop . /services/krbupdate port 760
+$ niutil -createprop . /services/krbupdate protocol tcp
+$ niutil -create . /services/kpasswd
+$ niutil -createprop . /services/kpasswd name kpasswd kpwd
+$ niutil -createprop . /services/kpasswd port 761
+$ niutil -createprop . /services/kpasswd protocol tcp
+$ niutil -create . /services/klogin
+$ niutil -createprop . /services/klogin port 543
+$ niutil -createprop . /services/klogin protocol tcp
+$ niutil -create . /services/eklogin
+$ niutil -createprop . /services/eklogin port 2105
+$ niutil -createprop . /services/eklogin protocol tcp
+$ niutil -create . /services/kshell
+$ niutil -createprop . /services/kshell name kshell krcmd
+$ niutil -createprop . /services/kshell port 544
+$ niutil -createprop . /services/kshell protocol tcp
+@end group
+@end smallexample
+
+The remainder of the setup of a MacOS X client machine or application
+server should be the same as for other UNIX-based systems.
+
+
@node UNIX Application Servers, , Installing and Configuring UNIX Client Machines, Installing Kerberos V5
@section UNIX Application Servers
@node Encryption Types and Salt Types, , kdc.conf, kdc.conf
@appendixsubsec Encryption Types and Salt Types
-Currently, @value{PRODUCT} supports only DES encryption. The encoding
-type is @code{des-cbc-crc}. The @dfn{salt} is additional information
-encoded within the key that tells what kind of key it is. The only
-salts that you will be likely to encounter are:
+Currently, @value{PRODUCT} supports only DES and triple-DES encryption;
+however, triple-DES is currently supported only for service keys, not
+for user keys or session keys. The encoding types include
+@code{des-cbc-crc} and @code{des3-cbc-sha1}. The @dfn{salt} is
+additional information encoded within the key that tells what kind of
+key it is. The only salts that you will be likely to encounter are:
@itemize @bullet
@item @dfn{normal}, which @value{COMPANY} recommends using for all of