Several doc fixes, including those for [37]; see ChangeLog for details

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9366 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 0c13abdfd8916873eac7458001ac0b5a18d602e0..6e0365c53e4132de0a568d49f82be2ec82a5646a 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,16 @@
+Sun Nov 10 21:20:05 1996  Sam Hartman  <hartmans@mit.edu>
+
+       * bug-report.texinfo: We have krb5-send-pr now.
+
+       * install.texinfo (Edit the Configuration Files): kdc.conf lives
+       in var/krb5kdc/kdc.conf
+       (krb5.conf): No, we will not tell people to log to /dev/ttyp9;
+       default to /var/log
+       (Slave KDCs): Avoid over committing MIT to random things that
+       other vendors might want to do.
+       (Limit Access to the KDCs): If you are running klogind -c you want -5 not -k
+       (Some Advice about Secure Hosts): We disable things in /etc/inetd.conf not /etc/services
+
 Tue Nov  5 16:14:06 1996  Barry Jaspan  <bjaspan@mit.edu>
 
        * install.texinfo (Upgrading existing Master and Slave KDCs to the

diff --git a/doc/bug-report.texinfo b/doc/bug-report.texinfo
index a1c93c2ffbe93d65b91630e15d4103bf24a4b69c..9a1767d561fb185df587a9165a773df86241920b 100644 (file)
--- a/doc/bug-report.texinfo
+++ b/doc/bug-report.texinfo
@@ -1,8 +1,10 @@
 In any complex software, there will be bugs. Please send bug reports or
-other problems you may uncover to the e-mail address
-@b{krb5-bugs@@mit.edu}.  Please mention which version of the Kerberos V5
-distribution you are using, and whether you have made any private
-changes.  Bug reports that include proposed fixes are especially
-welcome.  If you do include fixes, please send them using either context
-diffs or unified diffs (using @samp{diff -c} or @samp{diff -u},
-respectively).
+other problems you may uncover using the @code{krb5-send-pr} program
+installed with the distribution.  In case @code{krb5-send-pr} fails to
+work, send bug reports to @samp{krb5-bugs@@mit.edu}.  Please mention
+which version of the Kerberos V5 distribution you are using, and whether
+you have made any private changes.  Bug reports that include proposed
+fixes are especially welcome.  If you do include fixes, please send them
+using either context diffs or unified diffs (using @samp{diff -c} or
+@samp{diff -u}, respectively).
+

diff --git a/doc/definitions.texinfo b/doc/definitions.texinfo
index 280d2f3b7c0a35d89758745e8cf8e378cdff2c9f..93cc3b9a1fe17b5ecef3d6dabd93b579410e018d 100644 (file)
--- a/doc/definitions.texinfo
+++ b/doc/definitions.texinfo
@@ -13,14 +13,14 @@
 @set CPRODUCT Kerberos
 @set LCPRODUCT krb5
 @set RANDOMHOST1 daffodil
-@set RANDOMHOST1IP 18.72.0.44
+@set RANDOMHOST1IP 10.0.0.6
 @set RANDOMHOST2 trillium
 @set RANDOMHOST2IP 253.46.124.7
 @set RANDOMUSER johndoe
 @set RANDOMUSER1 jennifer
 @set RANDOMUSER2 david
-@set RELEASE beta 7
-@set PREVRELEASE beta 6
+@set RELEASE 1.0
+@set PREVRELEASE beta 7
 @set INSTALLDIR /usr/@value{LCPRODUCT}
 @set PREVINSTALLDIR @value{INSTALLDIR}
 @set ROOTDIR /usr/@value{LCPRODUCT}

diff --git a/doc/install.texinfo b/doc/install.texinfo
index b97a4a49e6a9cb7dca55250c09fad3dcb1dc2232..a3c18ebb9e07b907c019684f429127905d7ab454 100644 (file)
--- a/doc/install.texinfo
+++ b/doc/install.texinfo
@@ -277,9 +277,7 @@ the master, in case of power outages, fires, or other localized
 disasters.
 @end itemize
 
-If you have a large or complex network, @value{COMPANY} will be
-happy to work with you to determine the optimal number and placement of
-your slave KDCs.
+
 
 @node Hostnames for the Master and Slave KDCs, Database Propagation, Slave KDCs, Realm Configuration Decisions
 @section Hostnames for the Master and Slave KDCs
@@ -397,7 +395,7 @@ first few steps must be done on the master KDC.
 @subsubsection Edit the Configuration Files
 
 Modify the configuration files, @code{/etc/krb5.conf}
-(@pxref{krb5.conf}) and @code{@value{ROOTDIR}/lib/krb5kdc/kdc.conf}
+(@pxref{krb5.conf}) and @code{@value{ROOTDIR}/var/krb5kdc/kdc.conf}
 (@pxref{kdc.conf}) to reflect the correct information (such as the
 hostnames and realm name) for your realm.  @value{COMPANY} recommends
 that you keep @code{krb5.conf} in @code{/etc}.  The @code{krb5.conf}
@@ -443,7 +441,7 @@ Replace @i{@value{PRIMARYREALM}} with the name of your Kerberos realm.
 @smallexample
 @group
 @b{shell%} @value{ROOTDIR}/sbin/kdb5_util create -r @value{PRIMARYREALM} -s
-@b{Initializing database '@value{ROOTDIR}/lib/krb5kdc/principal' for
+@b{Initializing database '@value{ROOTDIR}/var/krb5kdc/principal' for
 @result{} realm '@value{PRIMARYREALM}',
 master key name 'K/M@@@value{PRIMARYREALM}'
 You will be prompted for the database Master Password.
@@ -465,7 +463,7 @@ This will create five files in the directory specified in your
 and @code{principal.ok}; the Kerberos administrative database file,
 @code{principal.kadm5}; the administrative database lock file,
 @code{principal.kadm5.lock}; and the stash file, @code{.k5stash}.  (The
-default directory is @code{@value{ROOTDIR}/lib/krb5kdc}.)  If you do not
+default directory is @code{@value{ROOTDIR}/var/krb5kdc}.)  If you do not
 want a stash file, run the above command without the @code{-s} option.
 
 @node Add Administrators to the Acl File, Add Administrators to the Kerberos Database, Create the Database, Install the Master KDC
@@ -590,14 +588,14 @@ continuation of the previous line.):
 @smallexample
 @group
 @b{shell%} @value{ROOTDIR}/sbin/kadmin.local
-@b{kadmin.local:} ktadd -k @value{ROOTDIR}/lib/krb5kdc/kadm5.keytab
+@b{kadmin.local:} ktadd -k @value{ROOTDIR}/var/krb5kdc/kadm5.keytab
 @result{} kadmin/admin kadmin/changepw 
 @b{Entry for principal kadmin/admin@@@value{PRIMARYREALM} with
      kvno 3, encryption type DES-CBC-CRC added to keytab
-     WRFILE:@value{ROOTDIR}/lib/krb5kdc/kadm5.keytab.
+     WRFILE:@value{ROOTDIR}/var/krb5kdc/kadm5.keytab.
 Entry for principal kadmin/changepw@@@value{PRIMARYREALM} with
      kvno 3, encryption type DES-CBC-CRC added to keytab
-     WRFILE:@value{ROOTDIR}/lib/krb5kdc/kadm5.keytab.
+     WRFILE:@value{ROOTDIR}/var/krb5kdc/kadm5.keytab.
 kadmin.local:} quit
 @b{shell%}
 @end group
@@ -605,7 +603,7 @@ kadmin.local:} quit
 
 @noindent
 As specified in the @samp{-k} argument, @code{ktadd} will save the
-extracted keytab as @code{@value{ROOTDIR}/lib/krb5kdc/kadm5.keytab}.
+extracted keytab as @code{@value{ROOTDIR}/var/krb5kdc/kadm5.keytab}.
 The filename you use must be the one specified in your @code{kdc.conf}
 file.
 
@@ -714,7 +712,7 @@ extract the keytab.
 
 The database is propagated from the master KDC to the slave KDCs via the
 @code{kpropd} daemon.  To set up propagation, create a file on each KDC,
-named @code{@value{ROOTDIR}/lib/krb5kdc/kpropd.acl}, containing the
+named @code{@value{ROOTDIR}/var/krb5kdc/kpropd.acl}, containing the
 principals for each of the KDCs.
 @need 1200
 For example, if the master KDC were
@@ -780,7 +778,7 @@ First, create a dump of the database on the master KDC, as follows:
 
 @smallexample
 @group
-@b{shell%} @value{ROOTDIR}/sbin/kdb5_util dump @value{ROOTDIR}/lib/krb5kdc/slave_datatrans
+@b{shell%} @value{ROOTDIR}/sbin/kdb5_util dump @value{ROOTDIR}/var/krb5kdc/slave_datatrans
 @b{shell%}
 @end group
 @end smallexample
@@ -791,9 +789,9 @@ continuations of the previous line.):
 
 @smallexample
 @group
-@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/lib/krb5kdc/slave_datatrans
+@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/var/krb5kdc/slave_datatrans
 @result{} @value{KDCSLAVE1}.@value{PRIMARYDOMAIN}
-@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/lib/krb5kdc/slave_datatrans
+@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/var/krb5kdc/slave_datatrans
 @result{} @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}
 @end group
 @end smallexample
@@ -811,11 +809,11 @@ the name of the directory in which you installed @value{PRODUCT}.)
 kdclist = "@value{KDCSLAVE1}.@value{PRIMARYDOMAIN} @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}"
 
 @value{ROOTDIR}/sbin/kdb5_util -R "dump
-@result{} @value{ROOTDIR}/lib/krb5kdc/slave_datatrans"
+@result{} @value{ROOTDIR}/var/krb5kdc/slave_datatrans"
 
 for kdc in $kdclist
 do
-@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/lib/krb5kdc/slave_datatrans $kdc
+@value{ROOTDIR}/sbin/kprop -f @value{ROOTDIR}/var/krb5kdc/slave_datatrans $kdc
 done
 @end group
 @end smallexample
@@ -933,7 +931,7 @@ time    dgram   udp     wait    root    internal
 #
 krb5_prop stream tcp nowait root @value{ROOTDIR}/sbin/kpropd  kpropd
 eklogin   stream tcp nowait root @value{ROOTDIR}/sbin/klogind 
-@result{} klogind -k -c -e
+@result{} klogind -5 -c -e
 @end group
 @end smallexample
 
@@ -1006,7 +1004,7 @@ server processes, if any.
 @smallexample
 @group
 @b{shell%} kdb5_edit -r @value{PRIMARYREALM} -R 'dump_db' > 
-@result{} @value{ROOTDIR}/lib/krb5kdc/old-kdb-dump
+@result{} @value{ROOTDIR}/var/krb5kdc/old-kdb-dump
 @b{shell%}
 @end group
 @end smallexample
@@ -1018,7 +1016,7 @@ command:
 @smallexample
 @group
 @b{shell%} ovsec_adm_export -r @value{PRIMARYREALM} > 
-@result{} @value{ROOTDIR}/lib/krb5kdc/old-adb-dump
+@result{} @value{ROOTDIR}/var/krb5kdc/old-adb-dump
 @b{shell%}
 @end group
 @end smallexample
@@ -1034,7 +1032,7 @@ your current database, you must choose the same master password.
 
 @smallexample
 @group
-@b{shell%} kdb5_util load @value{ROOTDIR}/lib/krb5kdc/old-kdb-dump
+@b{shell%} kdb5_util load @value{ROOTDIR}/var/krb5kdc/old-kdb-dump
 @b{shell%}
 @end group
 @end smallexample
@@ -1045,7 +1043,7 @@ your policy database with @code{kdb5_util}'s ``load'' command with the
 
 @smallexample
 @group
-@b{shell%} kdb5_util load -update @value{ROOTDIR}/lib/krb5kdc/old-adb-dump
+@b{shell%} kdb5_util load -update @value{ROOTDIR}/var/krb5kdc/old-adb-dump
 @b{shell%}
 @end group
 @end smallexample
@@ -1305,7 +1303,7 @@ to close them.
 As stated earlier in this section, @value{COMPANY} recommends that on a
 secure host, you disable the standard @code{ftp}, @code{login},
 @code{telnet}, @code{shell}, and @code{exec} services in
-@code{/etc/services}.  We also recommend that secure hosts have an empty
+@code{/etc/inetd.conf}.  We also recommend that secure hosts have an empty
 @code{/etc/hosts.equiv} file and that there not be a @code{.rhosts} file
 in @code{root}'s home directory.  You can grant Kerberos-authenticated
 root access to specific Kerberos principals by placing those principals
@@ -1367,12 +1365,12 @@ example:
 @smallexample
 @group
 [kdc]
-    profile = @value{ROOTDIR}/lib/krb5kdc/kdc.conf
+    profile = @value{ROOTDIR}/var/krb5kdc/kdc.conf
 
 [logging]
-    kdc = FILE:/dev/ttyp9
-    admin_server = FILE:/dev/ttyp9
-    default = FILE:/dev/ttyp9
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmin.log
+    default = FILE:/var/log/krb5lib.log
 @end group
 @end smallexample
 
@@ -1394,13 +1392,13 @@ Here's an example of a generic kdc.conf file:
 [realms]
     @value{PRIMARYREALM} = @{
         profile = /etc/krb5.conf
-        database_name = @value{ROOTDIR}/lib/krb5kdc/principal
-        admin_database_name = @value{ROOTDIR}/lib/krb5kdc/principal.kadm5
-        admin_database_lockfile = @value{ROOTDIR}/lib/krb5kdc/principal.kadm5.lock
-        admin_keytab = @value{ROOTDIR}/lib/krb5kdc/kadm5.keytab
-        acl_file = @value{ROOTDIR}/lib/krb5kdc/kadm5.acl
-        dict_file = @value{ROOTDIR}/lib/krb5kdc/kadm5.dict
-        key_stash_file = @value{ROOTDIR}/lib/krb5kdc/.k5.@value{PRIMARYREALM}
+        database_name = @value{ROOTDIR}/var/krb5kdc/principal
+        admin_database_name = @value{ROOTDIR}/var/krb5kdc/principal.kadm5
+        admin_database_lockfile = @value{ROOTDIR}/var/krb5kdc/principal.kadm5.lock
+        admin_keytab = @value{ROOTDIR}/var/krb5kdc/kadm5.keytab
+        acl_file = @value{ROOTDIR}/var/krb5kdc/kadm5.acl
+        dict_file = @value{ROOTDIR}/var/krb5kdc/kadm5.dict
+        key_stash_file = @value{ROOTDIR}/var/krb5kdc/.k5.@value{PRIMARYREALM}
         kadmind_port = 749
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s