[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch for some irritating white spots in the docs.

To: heimdal-discuss@sics.se
Subject: Patch for some irritating white spots in the docs.
From: Måns Nilsson <mansaxel@sunet.se>
Date: Tue, 02 Apr 2002 15:31:56 +0200
Sender: owner-heimdal-discuss@sics.se

Hi, 

frustrated with the lack of hands-on advice for client and server setup in
the docs, I've made a little hackish add-on to them. Patch attached. 

Test and use, if you feel it's appropriate. If I'm beating the wrong horse,
please tell me so, not forgetting to point me in the right direction.

rgds, 
-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

--- setup.texi	2002/02/03 09:54:10	1.1
+++ setup.texi	2002/04/02 13:21:34
@@ -288,8 +288,46 @@
 @node Testing clients and servers, Slave Servers, Password changing, Setting up a realm
 @section Testing clients and servers
 
-Now you should be able to run all the clients and servers.  Refer to the
-appropriate man pages for information on how to use them.
+Now you should be able to run all the clients and servers.  
+
+Some examples:
+
+@subsection su
+"su" works like normal su, but for Kerberos functionality (ie
+privileges elevation using a root instance) the su-ing users instance
+must be present in a file called @code{.k5login} in the home directory
+of the "target user". So, if @code{joe@@REALM} wants to be root on a
+machine, his root instance (@code{joe/root@@REALM}) must be present on a
+line in @code{~root/.k5login.} If not, su will fall back to the normal
+Unix root password authentication.
+
+@subsection Telnetd
+For telnet, the host instance is used for authentication. In
+@code{/etc/inetd.conf}, insert the following:
+@example
+telnet  stream  tcp nowait  root /usr/heimdal/libexec/telnetd  telnetd -a user
+@end example
+Restart/kill -HUP inetd. 
+
+@subsection Ftpd
+For ftp, a new instance is needed. It must be called
+@code{ftp/hostname.fqdn@@REALM} and it is created analogously to the host instance, with the commands 
+@example
+kadmin> ank --random-password ftp/hostname.fqdn@@REALM
+@end example
+which creates the key, and 
+@example
+kadmin> ext ftp/hostname.fqdn@@REALM
+@end example
+which extracts it. The latter must be done on the host, because it
+extracts data to a local file.  In
+@code{/etc/inetd.conf}, insert the following:
+@example
+ftp     stream  tcp nowait root /usr/heimdal/libexec/ftpd ftpd 
+@end example 
+Restart/kill -HUP inetd.
+
+Refer to the appropriate man pages for further information on clients and servers.
 
 @node Slave Servers, Incremental propagation, Testing clients and servers, Setting up a realm
 @section Slave servers, Incremental propagation, Testing clients and servers, Setting up a realm

Next by Date: Default max-ticket-life for a principal
Next by thread: Default max-ticket-life for a principal
Index(es):
- Date
- Thread