NetNews Usenet Archive 1993 #3

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1993 #3 / NN_1993_3.iso / spool / comp / protocol / kerberos / 1029 < prev next >

Wrap

Text File | 1993-01-28 | 16.6 KB | 607 lines

Newsgroups: comp.protocols.kerberos Path: sparky!uunet!ukma!usenet.ins.cwru.edu!agate!stanford.edu!ksr.com!dean From: dean@ksr.com (Dean Anderson) Subject: Re: Help wanted: Kerberos' entries in config files Message-ID: <9301282159.AA10015@maryann.ksr.com> Sender: news@shelby.stanford.edu (USENET News System) Organization: Internet-USENET Gateway at Stanford University References: <1k9h5fINN936@OIT.PeachNet.EDU> Date: Thu, 28 Jan 1993 21:59:45 GMT Lines: 595 I have built both kerb4.9 and kerb4.10 under SunOS 4.1.2. I also use hesiod (changed to use IN class records instead of HS class). --Dean Dean Anderson dean@ksr.com | Support the League for KSR Computing Facilities | Programming Freedom! Email Kendall Square Research | lpf@uunet.uu.net for info. Here's what I have in my /etc/services for kerberos. I think there are newer port numbers for some of these, though. This works for me: klogin 543/tcp # Kerberos authenticated rlogin kerberos 750/udp kdc # Kerberos authentication--udp kerberos 750/tcp kdc # Kerberos authentication--tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication passwd_server 752/udp # Kerberos passwd server userreg_server 753/udp # Kerberos userreg server kpop 1109/tcp # Pop with Kerberos knetd 2053/tcp # Kerberos de-multiplexor kshell 544/tcp cmd # and remote shell eklogin 2105/tcp # Kerberos encrypted rlogin krb_prop 754/tcp # Kerberos slave propagation sample 906/tcp # Kerberos sample server erlogin 888/tcp # Login and environment passing Here is what I have in /etc/inetd.conf eklogin stream tcp nowait root /usr/local/etc/klogind eklogind klogin stream tcp nowait root /usr/local/etc/klogind klogind kshell stream tcp nowait root /usr/local/etc/kshd kshd I also chnaged my kerberized r commands (rlogin, rcp, and rsh) to be kr commands (krlogin, krcp, and krsh), to avoid confusion with the regular commands. To disable access via the regular r commands, take the following entries out of /etc/inetd.conf: shell stream tcp nowait root /usr/etc/in.rshd in.rshd #login stream tcp nowait root /usr/etc/in.rlogind in.rlogind login stream tcp nowait root /usr/local/etc/klogind rlogind Here is my sunobj/util/imake.includes/config.Imakefile: /**/# $Source: /afs/net.mit.edu/project/krb4/src/util/imake.includes/RCS/config.Imakefile,v $ /**/# $Author: tytso $ /**/# $Id: config.Imakefile,v 4.42 92/12/08 19:13:29 tytso Exp $ /**/# /* * Configuration options. */ /* GLOBAL_CDEFS are passed to every C compile statement */ /* Here are some of the common definitions which you might add to GLOBAL_CDEFS: * BSD42 - needed for compiling on BSD-type systems (selects * hostname retrieval method) * ATHENA_COMPAT - compatibility with old Athena software * ATHENA - Athena-local modifications to r-commands (rlogin, rsh, rcp) * ATHENA_CONF_FALLBACK - compatibility location of krb config files * ATHENA_OLD_SRVTAB - compatibility with srvtabs w/o proper realm names * ATHENA_OLD_KLOGIN - compatibility with old-style klogin files * KERBEROS - should ALWAYS be turned on * VFS - Virtual File System (for most Sun NFS machines) * OQUOTA - if defined, use the quota system call * SYSLOG42 - if defined, use 4.2BSD-style syslog routines * POSIX - if defined, conform to POSIX library calls and data structures. * ULTRIX022 - if you are running on pre-3.0 Ultrix. * SunOS=xx - if you are running SunOS. Set xx to 10 times the release * number (e.g. SunOS 3.5 => -DSunOS=35, SunOS 4.0 => -DSunOS=40) * NO_GETUSERSHELL - if your system doesn't have getusershell() in libc * (type 'nm /lib/libc.a | grep getusershell', if something * shows up, you should NOT turn this flag on) * NOTTYENT - if your system doesn't have ttyent.h (4.3-style /etc/ttys) * NO_WINSIZE - if your system doesn't have struct winsize, but * has struct ttysize (e.g. older Suns) (check <sys/ioctl.h>) * NO_UIDGID_T - if your system does not have uid_t's and gid_t's * (check <sys/types.h>) * HAS_DIRENT - if you've got struct dirent rather than struct direct * (was conditional on POSIX before) * NOSTBLKSIZE - if your struct stat doesn't have st_blksize * NOVFORK - if you don't have vfork at all, use fork instead * NOUTHOST - if your struct utmp doesn't have ut_host */ INSTALLUCB=$(INSTALLPROG) #define ATHENA_OLD_SRVTAB #define ATHENA_OLD_KLOGIN #define ATHENA_CONF_FALLBACK #define NEED_SETENV #define HAVE_PUTENV GLOBAL_CDEFS= -DKERBEROS $(SITEDEFS) $(OSDEFS) SITEDEFS=-DSunOS=42 -DATHENA $(HESIOD) $(AFS) $(NOENCFLAG) $(COMPAT) -I$(INCLDIR) /* * Operating specific definitions */ #if defined(_AIX) #if defined(_AIX) && (AIXV < 30) OSFLAGS= -q -DBSD42 -DVFS -D_BSD -DPOSIX #else OSFLAGS= -DBSD42 -DVFS -DNO_GETUSERSHELL -DNOTTYENT -D_BSD -D_BSD_INCLUDES -DPOSIX #endif /* AIXV */ #endif /* _AIX */ #if defined(vax) || defined(ibm032) OSFLAGS= -DBSD42 -DVFS -DUSE_BCOPY #endif #if defined(ultrix) OSFLAGS= -DBSD42 -DVFS -DNO_GETUSERSHELL -DPOSIX -DHAS_DIRENT #endif #if defined(_AUX_SOURCE) OSFLAGS= -DBSD42 -DNOTTYENT -DPOSIX -D_POSIX_SOURCE -Dvfork=fork #endif #if defined(sun) OSFLAGS= -DBSD42 -DVFS -DUSE_BCOPY #endif OSDEFS= $(OSFLAGS) $(DBMFLAG) $(SHMFLAG) $(TIMEHFLAG) /* SRCTOP is the root of the Kerberos source tree */ SRCTOP=/u1/src/misc/kerb4.10/src /* DESTDIR is the root of the tree to install into. * If null, install into the running system. * * DESTDIR='/' is guaranteed to cause trouble for systems which don't * like double slashes in pathnames. * * All the installed programs and files are put into ${DESTDIR}/wherever, e.g. * kinit would get installed into ${DESTDIR}${PROGDIR}/kuser */ DESTDIR= MKDIRS= $(DESTDIR) $(DESTDIR)/etc \ $(DESTDIR)/usr $(DESTDIR)/usr/athena $(DESTDIR)/usr/lib /* * These directories should be subdirectories of DESTDIR; * they show up as absolute pathnames here. */ BASEDIR=/usr USRDIR= /usr/local SVRDIR=/usr/local/etc DAEMDIR=/usr/local/etc PROGDIR=/usr/local/bin LIBDIR=/usr/local/lib LINTLIBDIR=/usr/lib/lint INCLDIR=/usr/local/include MANDIR=/usr/local/man ETCDIR=/usr/local/etc CONFDIR=/etc USRLIB= /usr/lib /* KDBDIR has the acl's and the key database */ KDBDIR=/kerberos/database /* KLOGDIR has the security related logs */ KLOGDIR=/kerberos/database /* Fill this in with your Kerberos Realm */ SITE_KRB_REALM=KSR.COM /* This is where to find the srvtab file */ SRVTAB_FILE= $(CONFDIR)/srvtab #ifdef sgi UCBDIR=/usr/bsd SLASHBINDIR=/usr/bsd #else /* sgi */ #ifdef ultrix SLASHBINDIR=/usr/ucb UCBDIR=/usr/ucb #else /* ultrix */ SLASHBINDIR=/bin UCBDIR=/usr/ucb #endif /* ultrix */ #endif /* sgi */ #ifdef notdef /* * An alternate scheme of arranging things, in an non-Athena environment.... */ BASEDIR=/usr USRDIR= /usr/kerberos SVRDIR= /usr/kerberos/etc DAEMDIR= /usr/kerberos/etc PROGDIR=/usr/kerberos/bin LIBDIR= /usr/kerberos/lib USRLIB= /usr/lib LINTLIBDIR = /usr/lib/lint INCLDIR= /usr/kerberos/include MANDIR= /usr/kerberos/man /* KDBDIR has the acl's and the key database */ KDBDIR=/usr/kerberos/database /* KLOGDIR has the security related logs */ KLOGDIR=/usr/kerberos/database SITE_KRB_REALM=error-default-realm SRVTAB_FILE =/etc/krb-srvtab /* this is where krb.realms and krb.conf go. */ CONFDIR=$(LIBDIR) #endif /* * Define LOCAL_LIBS if the libss and libcom_err libraries (and supporting * include files) are not installed * on your running system, and therefore should be built locally. * [If you do not select this, the compile_et and mk_cmds programs * are assumed to be in the standard command search path, and the * com_err and ss libraries are assumed to be installed in the C library * search path. WARNING: not selecting this assumes you have the new * versions of the libss & libcom_err support on your system!] */ #define LOCAL_LIBS /* * Define LOCAL_makedepend if makedepend needs to be built before being * used (e.g. if makedepend is not already installed on your system) * [If you do not select this, the makedepend program is assumed to be * in the standard command search path.] */ #define LOCAL_makedepend /* * COMPILE_ET The name of a command which compiles error tables. * COM_ERR Loader argument to get the com_err library. * COM_ERR_DEP Dependency name for COM_ERR, if any. * MAKE_COMMANDS The name of a command which compiles command tables. * SS_LIB Loader argument to get the ss library. * SS_LIBDEP Dependency name for SS_LIB, if any. */ /* * Define OLD_ET_COMPAT if you want the kerberos libraries to include * the old et variables */ #ifdef LOCAL_LIBS COMPILE_ET= $(BUILDTOP)/util/et/compile_et COM_ERR = $(BUILDTOP)/util/et/libcom_err.a COM_ERR_DEP = $(COM_ERR) MAKE_COMMANDS = $(BUILDTOP)/util/ss/mk_cmds SS_LIB = $(BUILDTOP)/util/ss/libss.a SS_LIBDEP = $(SS_LIB) #else #define OLD_ET_COMPAT COMPILE_ET= compile_et COM_ERR = -lcom_err COM_ERR_DEP = MAKE_COMMANDS= mk_cmds SS_LIB = -lss SS_LIBDEP = #endif /* The makedepend program */ #ifdef LOCAL_makedepend DEPEND=$(BUILDTOP)/util/makedepend/makedepend #else DEPEND=makedepend #endif /* * The Imake command line * If you need to build Imake, define LOCAL_IMAKE */ #ifdef LOCAL_IMAKE IMAKE=$(BUILDTOP)/util/imake/imake -I$(BUILDTOP)/util/imake.includes #else IMAKE=imake -I$(BUILDTOP)/util/imake.includes -TImake.template #endif /* * Set USE_HESIOD to be true if Kerberos should try to use Hesiod. */ #define USE_HESIOD #ifdef USE_HESIOD HESIOD=-DHESIOD HESIOD_LIB= -L/usr/local/lib -lhesiod -lresolv HESIOD_LIBDEP= #endif /* * Set USE_AFS to be true if we login should try to use the AFS libraries to * support AFS. */ /* #define USE_AFS */ #ifdef USE_AFS AFS=-DAFS AFS_LIB=/usr/local/lib/afs/libauth.a /usr/local/lib/afs/libsys.a #endif /* * Set ORGANIZATION to be the desired organization string printed * by the 'kinit' program. It may have spaces. */ ORGANIZATION=Kendall Square Research /* * Define NOENCRYPTION if you do not have the DES library. */ /* #define NOENCRYPTION */ /* * Define NDBM if you are using the 4.3 ndbm library (which is part of * libc). If not defined, 4.2 dbm will be assumed. */ #if !defined(_AUX_SOURCE) #define NDBM #endif /* * Define NEED_SETENV if you don't have setenv() in your libc. * (likely for older 4.3 systems and pre-4.3 systems) */ #if defined(_AIX) || defined(_AUX_SOURCE) #define NEED_SETENV #endif /* * Define NEED_STRCASECMP if you don't have strcasecmp() in your libc. * (likely for older 4.3 systems and pre-4.3 systems) */ #if defined(_AIX) && (AIXV < 30) #define NEED_STRCASECMP #endif /* * Define NEED_GETOPT if you don't have getopt() in your libc. */ /* #define NEED_GETOPT */ /* * Define TKT_SHMEM if you want to use shared memory for the session * keys in your ticket caches. */ #if defined(_AIX) #define TKT_SHMEM #endif /* * Define NEED_TIME_H if you need to include <time.h> before <sys/time.h>. * Many SYS V derivatives require this, but BSD does not allow this multiple * inclusion. */ #if defined(_AIX) || defined(_AUX_SOURCE) #define NEED_TIME_H #endif /* * LINTLIBFLAG should be the flag used to tell lint to create a lint * library. On most BSD systems, this is -C. * Define NO_LINT, if you do not wish to build and install lint libraries. */ #if (defined(vax) && !defined(ultrix)) || (defined(ibm032)) || defined(sun) LINTLIBFLAG=-C #else LINTLIBFLAG=-o #endif #if defined(_AIX) && (AIXV > 30) || defined(_AUX_SOURCE) #define NO_LINT #endif /* * Define SHARED_LIBS if you want to use shared libraries on this system. * All programs except "login" will be compiled with the shared version * of the library. Make sure the rules in Imake.rules are proper for your * system. * * This does NOT yet work (tested on the RIOS) !!! */ #if defined(_AIX) && (AIXV > 30) /* #define SHARED_LIBS */ SHEXT= SHDIR=shared/ SHLIBDIR=$(LIBDIR).shared MKSHLIB=sh /mit/rios/src/util/scripts/mkshlib.rios #endif #ifndef SHARED_LIBS SHEXT= SHDIR= SHLIBDIR=$(LIBDIR) #endif KRB_LINTLIB=$(BUILDTOP)/lib/krb/llib-lkrb.ln KRB_STLIBDEP=$(BUILDTOP)/lib/krb/libkrb$(SHEXT).a KRB_LIBDEP=$(BUILDTOP)/lib/krb/$(SHDIR)libkrb$(SHEXT).a KADM_LIBDEP=$(BUILDTOP)/lib/kadm/$(SHDIR)libkadm$(SHEXT).a KDB_LIBDEP=$(BUILDTOP)/lib/kdb/$(SHDIR)libkdb$(SHEXT).a ACL_LIBDEP=$(BUILDTOP)/lib/acl/$(SHDIR)libacl$(SHEXT).a KRB_STLIB=$(KRB_STLIBDEP) KRB_LIB=$(KRB_LIBDEP) KADM_LIB=$(KADM_LIBDEP) ACL_LIB=$(ACL_LIBDEP) KSTREAM_LIB=$(BUILDTOP)/lib/kstream/libkstream.a KSTREAM_LIBDEP=$(KSTREAM_LIB) #ifdef NOENCRYPTION NOENCFLAG=-DNOENCRYPTION DES_STLIB= DES_STLIBDEP= DES_LIB= DES_LIBDEP= DES_LINTLIB= #else /* Do encryption */ NOENCFLAG= DES_STLIB=$(DES_STLIBDEP) DES_STLIBDEP=$(BUILDTOP)/lib/des/libdes.a DES_LIB=$(DES_LIBDEP) DES_LIBDEP=$(BUILDTOP)/lib/des/$(SHDIR)libdes$(SHEXT).a DES_LINTLIB=$(BUILDTOP)/lib/des/llib-ldes.ln #endif /* NOENCRYPTION */ #ifdef NDBM DBMFLAG=-DNDBM KDB_LIB=$(KDB_LIBDEP) #else DBMFLAG= KDB_LIB=$(KDB_LIBDEP) -ldbm #endif #ifdef TKT_SHMEM SHMFLAG=-DTKT_SHMEM #else SHMFLAG= #endif #ifdef NEED_TIME_H TIMEHFLAG=-DNEED_TIME_H #else TIMEHFLAG= #endif /* * Define OLD_COMPAT if you want to be able to link old binaries with * the new library names */ /* #define OLD_COMPAT */ /* * Define DEBUG_LIBS if you want to create versions of the libraries * that have useful debugging information (the default rules will strip * out extra symbols, including debugging symbols, from the symbol * table.) NOTE: This only works if you do NOT turn on PROFILED_LIBS * below. * NOTE: this doesn't turn on the debugging flag for your compiler; do * that with the DBG make variable, below. */ /* #define DEBUG_LIBS */ /* * Define PROFILED_LIBS if you want to create profiled versions of the * libraries used in Kerberos */ #define PROFILED_LIBS /* * Define PROF_FLAG to be the flag to be passed to your C compiler to * turn on profiling. For 4.3BSD on a VAX, this should probably be -pg. * For most other systems, it should probably be -p */ #if (defined(vax) && !defined(ultrix)) || defined(ibm032) #define PROF_FLAG -pg #else #define PROF_FLAG -p #endif /* * The name of a command which builds an object library. */ ARCHIVE= ar cru /* * The name of another program needed to post-process the archive. */ #ifdef sgi RANLIB=true #else RANLIB= ranlib #endif /* * Install commands: installs a file into the destination tree. * These commands are called with two arguments: the source and the * destination of the install. */ #ifndef NOINSTALL /* install a file */ INSTALLFILE= install -c -m 444 /* install a library */ INSTALLLIB= install -c -m 444 /* install a program */ INSTALLPROG= install -c -s -m 555 /* invoke raw install program */ INSTALLRAW= install /* install a program which should run as root */ INSTALLSUID= install -c -s -m 4555 -o root #else /* install a file */ INSTALLFILE= cp /* install a library */ INSTALLLIB= cp /* install a program */ INSTALLPROG= cp /* invoke raw install program */ INSTALLRAW= cp /* install a program which should run as root */ INSTALLSUID= echo "FIX UID:"; cp #endif LD=ld /* The name of the target's linker */ AS=as /* The name of the target's assembler */ LINT=lint /* The name of `lint' */ #ifdef sgi CC=cc -cckr /* The name of the C compiler for the target */ CCRO=$(CC) /* Compile with initialized data read-only & shared (if possible) */ #else CC=cc -L$(LIBDIR) /* The name of the C compiler for the target */ CCRO=cc -R /* Compile with initialized data read-only & shared (if possible) */ #endif HCC=$(CC) /* The name of the C compiler on _this_ * machine */ CPP=$(CC) -E /* A command which invokes the C preprocessor */ DBG=-O /* Debug or optimize? */ HCFLAGS=$(CFLAGS) TAGGER=etags /* Program to index source files */ MAKE=make /* name of make program */ RM=rm -f /* delete one or more files/directories/links */ MV=mv /* rename/move a file */ CP=cp /* copy a file */ LN=ln -s /* create a link */ LPR=lpr -p /* print a file or files */ CHMOD=chmod /* change mode of a file */ /* turds */ /* XXX default's uid on Athena (for tftp) */ DEF_UID = nobody #if defined(_AIX) #if AIXV > 30 CC=cc -qro -L$(SHLIBDIR) -L$(LIBDIR) #else CC=cc -L$(LIBDIR) #endif CCRO=$(CC) OSLIBS=-lbsd #endif /* _AIX */ #if defined(_AUX_SOURCE) CC=cc -DPOSIX -D_POSIX_SOURCE -D_BSD_SOURCE -L$(LIBDIR) OSLIBS=-lposix RANLIB=\: #endif #ifdef vax /*XXX*/ #if 0 #define VAXASM #endif #define BIG #endif