README
README.Debian
1Note on ksu
2-----------
3This program is not installed setuid root be default. If you want to
4install it setuid root, then you can override the package permissions
5with:
6
7dpkg-statoverride --update --add root root 4755 /usr/bin/ksu
8
9Note on ipropd and/or hpropd
10----------------------------
11The following entries may be required in you /etc/services
12file (see bug #139845):
13
14krb_prop 754/tcp # Kerberos slave propagation
15iprop 2121/tcp # incremental propagation
16
17Note on kerberos.8 man page
18---------------------------
19This man page is not currently included due to conflict with kerberos4kth-kdc
20package. For more information on Kerberos, see:
21http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
22
23Installing heimdal for Debian
24-----------------------------
25(Note: if you do not have a krb4 KDC, you may need to include
26"krb4_get_tickets = no" in the [libdefaults] section of
27kdc.conf; otherwise kinit will complain with an error).
28
29Things you will have to do manually (see info documentation for
30details):
31
32On KDC:
331. Add adminstrator keys using kadmin.
34
35For example:
36# kadmin -l
37kadmin> add bam/admin
38Max ticket life [unlimited]:
39Max renewable life [unlimited]:
40Principal expiration time [never]:
41Password expiration time [never]:
42Attributes []:
43bam/admin@CHOCBIT.ORG.AU's Password:
44Verifying password - bam/admin@CHOCBIT.ORG.AU's Password:
45
462. Add kadmin/admin key to KDC:
47
48For example:
49# kadmin -l
50kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU
51Max ticket life [unlimited]:
52Max renewable life [unlimited]:
53Principal expiration time [never]:
54Password expiration time [never]:
55Attributes []:
56
57(note: this key doesn't need to be extracted).
58
593. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl
60
61For example:
62echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl
63
644. Test.
65
66For example:
67# kadmin -p bam/admin
68bam/admin@CHOCBIT.ORG.AU's Password:
69kadmin> list *
70[should list all keys]
71
725. Add user keys
73
74For example:
75# kadmin -p bam/admin
76bam/admin@CHOCBIT.ORG.AU's Password:
77kadmin> add bam
78
79
80On other computers:
811. If you installed heimdal-clients-x or heimdal-servers-x,
82then you will need to add the following entry to /etc/services
83kx 2111/tcp # X over kerberos
84(check to make sure this doesn't already exist).
852. edit /etc/krb5.conf
863. setup secret keys each computer, using kadmin and/or ktutil.
87
88For example, on remote computer dewey.chocbit.org.au:
89bam/admin@CHOCBIT.ORG.AU's Password:
90kadmin> add -r host/dewey.chocbit.org.au
91[...]
92kadmin> ext host/dewey.chocbit.org.au
93kadmin> add -r ftp/dewey.chocbit.org.au
94[...]
95kadmin> ext ftp/dewey.chocbit.org.au
96
97The ext command extracts keys to /etc/krb5.keytab, where
98they can be inspected with the "ktutil list" command at the
99shell prompt.
100
101Tell me if any files conflict with any other package - do not
102try to force the package to install, otherwise things may break...
103In general, this package conflicts with kerberos4kth and
104probably MIT Kerberos (not packaged as of potato). Local
105installations under /usr/local should be OK.
106
107Changes from upstream source:
1081. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user>
109in that order.
1102. /var/lib/heimdal-kdc used instead of /var/heimdal
1113. /usr/bin/login moved to /usr/lib/heimdal-servers
1124. /usr/lib/heimdal-servers used instead of /usr/libexec
1135. telnet and ftp have been renamed to ktelnet and kftp, and
114use the update-alternatives mechanism. In the future, this
115should allow heimdal-clients to exist at the same time
116as telnet-ssl.
1176. kdc config files kdc.conf and kadmind.acl stored in
118/etc/heimdal-kdc instead of /usr/lib/heimdal-servers.
119
120 -- Brian May <bam@debian.org>, Wed, 8 Dec 1999 11:54:13 +1100
121