+++ /dev/null
-Incompatibility notes:
-======================
-
-Currently, all of the MIT implementations of the Kerberos protocol are
-not fully compliant with the Kerberos RFC --- specifically, we do not
-implement the DES w/ MD5 checksum which is required by the RFC. This
-includes the Beta 4 release, although I expect to have this fixed in a
-patch release as soon as possible. I believe that we can fix this with
-minimal compatibility impacts; vendors contemplating shipment of this
-code as product should wait for the patch release or contact us for
-futher details.
-
-MIT implementations release Beta 2 and earlier are buggy in that they
-incorrectly generate the ASN.1 for a TGS request message. This was
-fixed in Beta 3, but the fix causes Beta 2 KDC's to be unable to
-respond to Beta 3 and more recent versions due to a checksum error.
-The Beta 3 KDC contains backwards compatibility code so that Beta 2
-and earlier application programs can continue to work with a Beta 3
-and more recent KDC.
+++ /dev/null
-Operating systems notes.... this file contains notes about various
-different operating systems and some quirks that you have to be aware
-of when compiling for them.
-
---------------------------------------------------------------------------
-Alpha OSF/1 V2.0
-
-md4.c can not be compiled with the optimizer on. (Could it possibly
-be the same bug as the Dec Ultrix bug? The bug report makes it sound
-identical!)
-
-(Reported by Marc Kenig)
-
---------------------------------------------------------------------------
-
-BSDI
-
-BSDI reportedly has a bad sed which causes it to go into an infinite
-loop during the build. The workaround is to get a sed from somewhere
-else, such as GNU.
-
-------------------------------------------------------------------------
-Solaris versions 2.0 through 2.3:
-
-The gethostbyname() routine is broken; it does not return a fully
-qualified domain name, even if you are using the DNS. Since Kerberos
-V5 uses the fully qualified domain name as the second component of a
-service principal (i.e, "host/tsx-11.mit.edu@ATHENA.MIT.EDU), this
-causes problems for servers who try to figure out their own fully
-qualified domain name. (It turns out clients win because Kerberos
-calls gethostbyname() and then calls gethostbyaddr() on the address,
-and SunSoft didn't screw up gethostbyaddr() except when it is your own
-local hostname!)
-
-Workarounds:
-
-1) Supply your own resolver library.
-
-2) Upgrade to Solaris 2.4
-
-3) Make sure your /etc/nsswitch.conf has the line:
-
- hosts: files dns
-
-and then in /etc/hosts, make sure there is a line with your
-workstation's IP address and hostname, with the fully qualified domain
-name first. Example:
-
- 18.172.1.4 dcl.mit.edu dcl
-
---------------------------------------------------------------------------
-
-Solaris 2.X:
-
-You *must* compile Kerberos V5 *without* the UCB compatibility libraries.
-
-This means that /usr/ucblib must *not* be in the LD_LIBRARY_PATH
-environment variable when you compile it.
-
-Alternatively you can place the -i option on the cc line. So you can
-put --with-ccopts=-i on the configure line. (Thanks to Dan Nessett
-for this suggestion.
-
---------------------------------------------------------------------------
-
-Ultrix 4.2/3 (Decstation Mips)
-
-md4.c and md5.c can not be compiled with the optimizer set at level 1.
-(Either -O or -g will work; leaving ccopts blank won't.) The
-optimizer isn't hung; it just takes a long time, due to an exponential
-time bug. Calculations estimate around something like 4 billion
-years. :-)
-
+++ /dev/null
-Source tree organization (15 Jun 1994):
-
-admin: administrative tools
- aname: manipulate aname/lname translation database
- convert: convert a V4 database to a V5 database
- create: create database
- destroy: destroy database
- edit: edit database [the most useful of the bunch]
- stash: store db key for unattended service
-
-autotools: Tools to allow rebuild the configure scripts; requires that
- you have GNU autoconf installed.
-
-appl: applications
- bsd: The Berkeley rlogin/rsh/rcp suite
- movemail: Emacs 18.57 'movemail' program with Kerberos
- hooks for POP support.
- popper: Berkeley POP server, with Kerberos and other
- athena mods
- gss-sample: sample client & server using the GSSAPI library
- sample: sample client & server (using byte stream sockets)
- simple: another sample client & server (using datagrams)
- telnet: telnet client (v4 & v5 kerberized, plus other goodies)
- libtelnet: support for telnet/telnetd
- telnet: the client-side
- telnetd: BSD UNIX telnet daemon
- login: a version of login(8) which has the '-f' flag
- necessary for using authenticated telnet
- connections without a password
- user-user: sample client & server using the user-to-user
- protocol features. (NOTE: the client and server
- programs are somewhat "backwards" in terms of how
- they call the Kerberos 5 routines. Don't let this
- confuse you.)
-
-clients: base-level kerberos clients
- kinit: get tickets using password
- klist: list ticket cache
- kdestroy: destroy ticket cache
- ksu: kerberized su program
-
-config: configuration control for source
- >>> look at site.def, vaxbsd.cf, ultrix.cf, ibm.cf in
- >>> particular for hints on things you might want to modify.
- >>> Ignore the comments on the X11 stuff for now.
-
-doc: documentation hierarchy
- api: The Kerberos api
-
-include: include hierarchy
- krb5: kerberos-specific includes
- kerberosIV: copies of kerberos v4 include files (used
- for some programs which support both)
-
-isode: isode hierarchy. A subset of ISODE 8.0. Used only for
- the autoconf setup.
-
-kadmin: Remote kerberos administration tools
- client: The client program
- kpasswd: User-client which allos users to change their
- passwords
- server: The server daemon
- v4server: A V4 kadmin server which updates a V5 database
-
-kdc: Kerberos Server/Key Distribution Center
-
-krb524: Program which issues krb4 tickets when handed a krb5 TGT
-
-lib: library hierarchy
- crypto: The cryptographic routines
- crc-32: CRC-32 function(s)
- des: MIT DES library
- md4: MD4 code from Internet RFC 1186B
- md5: MD5 code from Internet
- os: Operating-system or configuration-specific code
-
- kdb: database interface routines
-
- krb425: link-level compatibility library; lets you link
- v4 applications with v5 back-end code
-
- krb5: The Kerberos library
- asn.1: ASN.1 definitions & glue files
- The current set-up assumes that you
- have ISODE 7.0 (or later) installed.
- A subset of ISODE can be found in the
- same directory where you picked up the
- Kerberos distribution.
-
- ccache: credentials cache
- file: file descriptor-based ccache
- stdio: STDIO-based ccache
- error_tables: Common Error description files & headers
- free: routines to free various allocated data
- structures
- gssapi: GSSAPI implementation for Kerberos V5
- keytab: server key table routines
- file: STDIO-based keytab
- krb: Main kerberos library functions
- os: Operating-system or configuration-specific code
- posix: POSIX routines provided for systems
- that don't have them
- rcache: authenticator replay-cache code
-
-slave: Routines to propagate the Kerberos database from the
- master to the slave databases (kprop/kpropd)
-
-tests: various tests
- create: create a bunch of principals in a KDC database
- verify: verify that the principals have the right keys
- hammer: "hammer" the KDC with requests to help assure
- proper KDC operation
-
-util: Utilities
- et: The com_err library
- ss: The subsystem library
- makedepend: Program to rebuild the makefile dependencies
- unifdef: Removes #ifdef/#endif code
+++ /dev/null
-
- |-aname------
- |-convert----
- |-admin--------|-create-----
- | |-destroy----
- | |-edit-------
- | |-stash------
- |
- | |-bsd--------
- | |-gss-sample-
- | |-movemail---
- | |
- | |-popper-----|-orig-makefiles-
- | |
- | |-sample-----|-sclient--------
- | | |-sserver--------
- | |
- |-appl---------|-simple-----|-client---------
- | | |-server---------
- | |
- | | |-arpa-----------
- | |-telnet-----|-libtelnet------
- | | |-telnet---------
- | | |-telnetd--------
- | |-user_user--
- |-autotools----
- |
- | |-kdestroy---
- |-clients------|-kinit------
- | |-klist------
- | |-ksu--------
- |
- |-config-------|-doc--------
- |-config-files-
- |
- | |-gssapi-----
- | |-kerberosIV-
- | |
- |-include------|-krb5-------|-asn.1----------
- | | |-stock----------
- | |-sys--------
- |
- | |-compat-----
- | |-h----------
- | |
- |-isode--------|-pepsy------|-doc------------
- | |
- | |-psap-------|-test-----------
- | |-support----
-|-src-| |-util-------
- |
- | |-client-----
- |-kadmin-------|-kpasswd----
- | |-server-----
- | |-v4server---
- |-kdc----------
- |-krb524-------
- |
- | |-crc32----------
- | |
- | |-des------------|-doc---
- | |-crypto-----|-md4------------
- | | |-md5------------
- | | |-os-------------
- | |-des425-----
- | |
- | | |-generic--------
- | |-gssapi-----|-krb5-----------
- | | |-sample---------
- | |-kdb--------
- |-lib----------|-krb425-----
- | |
- | | |-asn.1----------
- | | |
- | | |-ccache---------|-file--
- | | | |-stdio-
- | | |-error_tables---
- | |-krb5-------|-free-----------
- | |
- | |-keytab---------|-file--
- | |-krb------------
- | |-os-------------
- | |-posix----------
- | |-rcache---------
- |-prototype----
- |-slave--------
- |
- | |-create-----
- |-tests--------|-hammer-----
- | |-verify-----
- |
- | |-et---------
- |-util---------|-makedepend-
- |-ss---------
- |-unifdef----
projects / krb5.git / commitdiff