- Copy stable/9 to releng/9.2 as part of the 9.2-RELEASE cycle.

[FreeBSD/releng/9.2.git] / crypto / heimdal / packages / debian / README.Debian

Note on ksu
-----------
This program is not installed setuid root be default. If you want to
install it setuid root, then you can override the package permissions
with:

dpkg-statoverride --update --add root root 4755 /usr/bin/ksu

Note on ipropd and/or hpropd
----------------------------
The following entries may be required in you /etc/services
file (see bug #139845):

krb_prop      754/tcp                         # Kerberos slave propagation
iprop         2121/tcp                        # incremental propagation

Note on kerberos.8 man page
---------------------------
This man page is not currently included due to conflict with kerberos4kth-kdc
package. For more information on Kerberos, see:
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html

Installing heimdal for Debian
-----------------------------
(Note: if you do not have a krb4 KDC, you may need to include
"krb4_get_tickets = no" in the [libdefaults] section of
kdc.conf; otherwise kinit will complain with an error).

Things you will have to do manually (see info documentation for
details):

On KDC:
1. Add adminstrator keys using kadmin.

For example:
# kadmin -l
kadmin> add bam/admin
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
bam/admin@CHOCBIT.ORG.AU's Password:
Verifying password - bam/admin@CHOCBIT.ORG.AU's Password:

2. Add kadmin/admin key to KDC:

For example:
# kadmin -l
kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:

(note: this key doesn't need to be extracted).

3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl

For example:
echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl

4. Test.

For example:
# kadmin -p bam/admin
bam/admin@CHOCBIT.ORG.AU's Password:
kadmin> list *
[should list all keys]

5. Add user keys

For example:
# kadmin -p bam/admin
bam/admin@CHOCBIT.ORG.AU's Password:
kadmin> add bam


On other computers:
1. If you installed heimdal-clients-x or heimdal-servers-x,
then you will need to add the following entry to /etc/services
kx              2111/tcp                        # X over kerberos
(check to make sure this doesn't already exist).
2. edit /etc/krb5.conf
3. setup secret keys each computer, using kadmin and/or ktutil.

For example, on remote computer dewey.chocbit.org.au:
bam/admin@CHOCBIT.ORG.AU's Password:
kadmin> add -r host/dewey.chocbit.org.au
[...]
kadmin> ext host/dewey.chocbit.org.au
kadmin> add -r ftp/dewey.chocbit.org.au
[...]
kadmin> ext ftp/dewey.chocbit.org.au

The ext command extracts keys to /etc/krb5.keytab, where
they can be inspected with the "ktutil list" command at the
shell prompt.

Tell me if any files conflict with any other package - do not
try to force the package to install, otherwise things may break...
In general, this package conflicts with kerberos4kth and
probably MIT Kerberos (not packaged as of potato). Local
installations under /usr/local should be OK.

Changes from upstream source:
1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user>
in that order.
2. /var/lib/heimdal-kdc used instead of /var/heimdal
3. /usr/bin/login moved to /usr/lib/heimdal-servers
4. /usr/lib/heimdal-servers used instead of /usr/libexec
5. telnet and ftp have been renamed to ktelnet and kftp, and
use the update-alternatives mechanism. In the future, this
should allow heimdal-clients to exist at the same time
as telnet-ssl.
6. kdc config files kdc.conf and kadmind.acl stored in
/etc/heimdal-kdc instead of /usr/lib/heimdal-servers.

 -- Brian May <bam@debian.org>, Wed,  8 Dec 1999 11:54:13 +1100