1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
In the Beta 4 distribution, we have included a new build system, which
was built using the Free Software Foundation's autoconf program. This
system will hopefully make Kerberos V5 much simpler to build for most
people, and reduce the amount of effort required in porting Kerberos V5
to a new platform.
The imake system has been removed from this patch release, as most of
the tree is now under autoconf control.
HOW TO BUILD KERBEROS V5
========================
A) Find about 65 meg free; untar the krb5 sources. For example,
we will assume that you've untar'ed the sources into /u1/krb5,
so that the top of the source tree is /u1/krb5/src.
B) If you don't want separate build trees for each architecture, then
use the following abbreviated procedure.
1) cd /u1/krb5/src
2) ./configure
3) make
If you have a make that supports VPATH (GNU make, for example), you
can keep your source tree pure by making a build directory, e.g.
/u1/krb5/pmax.
1) cd /u1/krb5/pmax
2) ../src/configure
3) make
That's all there is to it!
It is possible to pass compiler flags to to configure by using, for
example, the "--with-ccopts=FLAGS" option. Please take note that if
you use the native Ultrix compiler on a DECstation you are likely to
lose if you pass no flags to cc; md4.c takes an estimated 33 million
years to compile if you provide neither the "-g" flag nor the "-O"
flag to cc.
It is also possible to explicitly specify a compiler to configure,
e.g. "--with-cc=gcc".
By default, Kerberos will expect its configuration files to be in
/krb5. This can be changed by passing the
"--with-krb5-root=/KRB5_ROOT_DIR" option to configure, where
/KRB5_ROOT_DIR should be replaced with the appropriate pathname.
If you want Kerberos V4 backwards compatibility, pass the
"--with-krb4=/KRB4_DIRECTORY" option to configure. This requires that
the V4 include files be available in /KRB4_DIRECTORY/include, and that
the V4 Kerberos library be available in /KRB4_DIRECTORY/lib.
If, for some reason, you want to build with isode-based ASN.1 encoders
and decoders rather than our hand-coded ones, use the "--enable-isode"
flag to configure. This has not been thoroughly tested, so beware.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
include/krb5/stock/osconf.h:
---------------------------
There are several defaults you may wish to adjust in osconf.h:
DEFAULT_CONFIG_FILENAME The pathname to the file which defines
the known realms and their KDCs. Same
format as V4 krb.conf
DEFAULT_TRANS_FILENAME The pathname to the file which a priori
assigns hosts to realms. Same format as
V4 krb.realms
DEFAULT_LNAME_FILENAME The pathname to the database mapping
authentication names to local account names.
See kdb5_anadd(8).
DEFAULT_KEYTAB_NAME The type and pathname to the default
server keytab file (the equivalent of v4
/etc/srvtab).
DEFAULT_KDC_ETYPE The default encryption type for the KDC.
DEFAULT_KDC_KEYTYPE The default keytype for the KDC.
KDCRCACHE The name of the replay cache used by
the KDC.
RCTMPDIR The directory which stores replay
caches.
include/krb5/stock/config.h
----------------------------
You might wish to adjust these flags as well:
KRBCONF_VAGUE_ERRORS If defined, give vague and unhelpful
error messages to the client... er,
attacker. (Needed to meet silly
government regulations; most other
sites will want to keep this
undefined.)
KRBCONF_KDC_MODIFIES_KDB Define this if you want to allow the
KDC to modify the Kerberos database;
this allows the last request
information to be updated, as well as
the failure count information.
Note that this doesn't work if you're
using slave servers!!! It also causes
the database to be modified (and thus
need to be locked) frequently.
NOTE for building Kerberos for multiple platforms
=================================================
This is how we build Kerberos for multiple platforms here at MIT:
Use the synctree program to build a symlink tree. The .rconf files
included in the distribution are for use with synctree. You can find
the synctree program in the same directory as you found this release,
athena-dist.mit.edu.
Assuming you have a directory hierarchy which looks something like this:
|-decmips-
|-hpux----
|-krb5-|-linux---
|-solaris-
|-src-----
A typical build using synctree might be:
cd XXX/krb5
mkdir decmips; cd decmips
synctree -s ../src -d .
./configure
make
|
