1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
|
.. _options2configure:
Options to *configure*
======================
There are a number of options to configure which you can use to
control how the Kerberos distribution is built.
Most commonly used options
--------------------------
**-**\ **-help**
Provides help to configure. This will list the set of commonly
used options for building Kerberos.
**-**\ **-prefix=**\ *PREFIX*
By default, Kerberos will install the package's files rooted at
``/usr/local``. If you desire to place the binaries into the
directory *PREFIX*, use this option.
**-**\ **-exec-prefix=**\ *EXECPREFIX*
This option allows one to separate the architecture independent
programs from the host-dependent files (configuration files,
manual pages). Use this option to install architecture-dependent
programs in *EXECPREFIX*. The default location is the value of
specified by **-**\ **-prefix** option.
**-**\ **-localstatedir=**\ *LOCALSTATEDIR*
This option sets the directory for locally modifiable
single-machine data. In Kerberos, this mostly is useful for
setting a location for the KDC data files, as they will be
installed in ``LOCALSTATEDIR/krb5kdc``, which is by default
``PREFIX/var/krb5kdc``.
**-**\ **-with-netlib**\ [=\ *libs*]
Allows for suppression of or replacement of network libraries. By
default, Kerberos V5 configuration will look for ``-lnsl`` and
``-lsocket``. If your operating system has a broken resolver
library or fails to pass the tests in ``src/tests/resolv``, you
will need to use this option.
**-**\ **-with-tcl=**\ *TCLPATH*
Some of the unit-tests in the build tree rely upon using a program
in Tcl. The directory specified by *TCLPATH* specifies where the
Tcl header file (TCLPATH/include/tcl.h) as well as where the Tcl
library (TCLPATH/lib) should be found.
**-**\ **-enable-dns-for-realm**
Enable the use of DNS to look up a host's Kerberos realm,
if the information is not provided in
:ref:`krb5.conf(5)`. See :ref:`mapping_hostnames`
for information about using DNS to determine the default realm.
DNS lookups for realm names are disabled by default.
**-**\ **-with-system-et**
Use an installed version of the error-table (et) support software,
the compile_et program, the com_err.h header file and the com_err
library. If these are not in the default locations, you may wish
to specify ``CPPFLAGS=-I/some/dir`` and
``LDFLAGS=-L/some/other/dir`` options at configuration time as
well.
If this option is not given, a version supplied with the Kerberos
sources will be built and installed along with the rest of the
Kerberos tree, for Kerberos applications to link against.
**-**\ **-with-system-ss**
Use an installed version of the subsystem command-line interface
software, the mk_cmds program, the ``ss/ss.h`` header file and the
ss library. If these are not in the default locations, you may
wish to specify ``CPPFLAGS=-I/some/dir`` and
``LDFLAGS=-L/some/other/dir`` options at configuration time as
well. See also the **SS_LIB** option.
If this option is not given, the ss library supplied with the
Kerberos sources will be compiled and linked into those programs
that need it; it will not be installed separately.
**-**\ **-with-system-db**
Use an installed version of the Berkeley DB package, which must
provide an API compatible with version 1.85. This option is
unsupported and untested. In particular, we do not know if the
database-rename code used in the dumpfile load operation will
behave properly.
If this option is not given, a version supplied with the Kerberos
sources will be built and installed. (We are not updating this
version at this time because of licensing issues with newer
versions that we haven't investigated sufficiently yet.)
Environment variables
---------------------
**CC=**\ *COMPILER*
Use *COMPILER* as the C compiler.
**CFLAGS=**\ *FLAGS*
Use *FLAGS* as the default set of C compiler flags.
**CPP=**\ *CPP*
C preprocessor to use. (e.g., ``CPP='gcc -E'``)
**CPPFLAGS=**\ *CPPOPTS*
Use *CPPOPTS* as the default set of C preprocessor flags. The
most common use of this option is to select certain #define's for
use with the operating system's include files.
**DB_HEADER=**\ *headername*
If db.h is not the correct header file to include to compile
against the Berkeley DB 1.85 API, specify the correct header file
name with this option. For example, ``DB_HEADER=db3/db_185.h``.
**DB_LIB=**\ *libs*...
If ``-ldb`` is not the correct library specification for the
Berkeley DB library version to be used, override it with this
option. For example, ``DB_LIB=-ldb-3.3``.
**DEFCCNAME=**\ *ccachename*
Override the built-in default credential cache name.
For example, ``DEFCCNAME=DIR:/var/run/user/%{USERID}/ccache``
See :ref:`parameter_expansion` for information about supported
parameter expansions.
**DEFCKTNAME=**\ *keytabname*
Override the built-in default client keytab name.
The format is the same as for *DEFCCNAME*.
**DEFKTNAME=**\ *keytabname*
Override the built-in default keytab name.
The format is the same as for *DEFCCNAME*.
**LD=**\ *LINKER*
Use *LINKER* as the default loader if it should be different from
C compiler as specified above.
**LDFLAGS=**\ *LDOPTS*
This option informs the linker where to get additional libraries
(e.g., ``-L<lib dir>``).
**LIBS=**\ *LDNAME*
This option allows one to specify libraries to be passed to the
linker (e.g., ``-l<library>``)
**SS_LIB=**\ *libs*...
If ``-lss`` is not the correct way to link in your installed ss
library, for example if additional support libraries are needed,
specify the correct link options here. Some variants of this
library are around which allow for Emacs-like line editing, but
different versions require different support libraries to be
explicitly specified.
This option is ignored if **-**\ **-with-system-ss** is not specified.
**YACC**
The 'Yet Another C Compiler' implementation to use. Defaults to
the first program found out of: '`bison -y`', '`byacc`',
'`yacc`'.
**YFLAGS**
The list of arguments that will be passed by default to $YACC.
This script will default YFLAGS to the empty string to avoid a
default value of ``-d`` given by some make applications.
Fine tuning of the installation directories
-------------------------------------------
**-**\ **-bindir=**\ *DIR*
User executables. Defaults to ``EXECPREFIX/bin``, where
*EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
configuration option.
**-**\ **-sbindir=**\ *DIR*
System admin executables. Defaults to ``EXECPREFIX/sbin``, where
*EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
configuration option.
**-**\ **-sysconfdir=**\ *DIR*
Read-only single-machine data such as krb5.conf.
Defaults to ``PREFIX/etc``, where
*PREFIX* is the path specified by **-**\ **-prefix** configuration
option.
**-**\ **-libdir=**\ *DIR*
Object code libraries. Defaults to ``EXECPREFIX/lib``, where
*EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
configuration option.
**-**\ **-includedir=**\ *DIR*
C header files. Defaults to ``PREFIX/include``, where *PREFIX* is
the path specified by **-**\ **-prefix** configuration option.
**-**\ **-datarootdir=**\ *DATAROOTDIR*
Read-only architecture-independent data root. Defaults to
``PREFIX/share``, where *PREFIX* is the path specified by
**-**\ **-prefix** configuration option.
**-**\ **-datadir=**\ *DIR*
Read-only architecture-independent data. Defaults to path
specified by **-**\ **-datarootdir** configuration option.
**-**\ **-localedir=**\ *DIR*
Locale-dependent data. Defaults to ``DATAROOTDIR/locale``, where
*DATAROOTDIR* is the path specified by **-**\ **-datarootdir**
configuration option.
**-**\ **-mandir=**\ *DIR*
Man documentation. Defaults to ``DATAROOTDIR/man``, where
*DATAROOTDIR* is the path specified by **-**\ **-datarootdir**
configuration option.
Program names
-------------
**-**\ **-program-prefix=**\ *PREFIX*
Prepend *PREFIX* to the names of the programs when installing
them. For example, specifying ``--program-prefix=mit-`` at the
configure time will cause the program named ``abc`` to be
installed as ``mit-abc``.
**-**\ **-program-suffix=**\ *SUFFIX*
Append *SUFFIX* to the names of the programs when installing them.
For example, specifying ``--program-suffix=-mit`` at the configure
time will cause the program named ``abc`` to be installed as
``abc-mit``.
**-**\ **-program-transform-name=**\ *PROGRAM*
Run ``sed -e PROGRAM`` on installed program names. (*PROGRAM* is a
sed script).
System types
------------
**-**\ **-build=**\ *BUILD*
Configure for building on *BUILD*
(e.g., ``--build=x86_64-linux-gnu``).
**-**\ **-host=**\ *HOST*
Cross-compile to build programs to run on *HOST*
(e.g., ``--host=x86_64-linux-gnu``). By default, Kerberos V5
configuration will look for "build" option.
Optional features
-----------------
**-**\ **-disable-option-checking**
Ignore unrecognized --enable/--with options.
**-**\ **-disable-**\ *FEATURE*
Do not include *FEATURE* (same as --enable-FEATURE=no).
**-**\ **-enable-**\ *FEATURE*\ [=\ *ARG*]
Include *FEATURE* [ARG=yes].
**-**\ **-enable-maintainer-mode**
Enable rebuilding of source files, Makefiles, etc.
**-**\ **-disable-delayed-initialization**
Initialize library code when loaded. Defaults to delay until
first use.
**-**\ **-disable-thread-support**
Don't enable thread support. Defaults to enabled.
**-**\ **-disable-rpath**
Suppress run path flags in link lines.
**-**\ **-enable-athena**
Build with MIT Project Athena configuration.
**-**\ **-disable-kdc-lookaside-cache**
Disable the cache which detects client retransmits.
**-**\ **-disable-pkinit**
Disable PKINIT plugin support.
**-**\ **-disable-aesni**
Disable support for using AES instructions on x86 platforms.
Optional packages
-----------------
**-**\ **-with-**\ *PACKAGE*\ [=ARG\]
Use *PACKAGE* (e.g., ``--with-imap``). The default value of *ARG*
is ``yes``.
**-**\ **-without-**\ *PACKAGE*
Do not use *PACKAGE* (same as ``--with-PACKAGE=no``)
(e.g., ``--without-libedit``).
**-**\ **-with-size-optimizations**
Enable a few optimizations to reduce code size possibly at some
run-time cost.
**-**\ **-with-system-et**
Use the com_err library and compile_et utility that are already
installed on the system, instead of building and installing
local versions.
**-**\ **-with-system-ss**
Use the ss library and mk_cmds utility that are already installed
on the system, instead of building and using private versions.
**-**\ **-with-system-db**
Use the berkeley db utility already installed on the system,
instead of using a private version. This option is not
recommended; enabling it may result in incompatibility with key
databases originating on other systems.
**-**\ **-with-netlib=**\ *LIBS*
Use the resolver library specified in *LIBS*. Use this variable
if the C library resolver is insufficient or broken.
**-**\ **-with-hesiod=**\ *path*
Compile with Hesiod support. The *path* points to the Hesiod
directory. By default Hesiod is unsupported.
**-**\ **-with-ldap**
Compile OpenLDAP database backend module.
**-**\ **-with-tcl=**\ *path*
Specifies that *path* is the location of a Tcl installation.
Tcl is needed for some of the tests run by 'make check'; such tests
will be skipped if this option is not set.
**-**\ **-with-vague-errors**
Do not send helpful errors to client. For example, if the KDC
should return only vague error codes to clients.
**-**\ **-with-crypto-impl=**\ *IMPL*
Use specified crypto implementation (e.g., **-**\ **-with-crypto=**\
*openssl*). Default is a native MIT Kerberos implementation
``builtin``. The other currently implemented crypto backends are
``openssl`` and ``nss``. (See :ref:`mitK5features`)
**-**\ **-with-prng-alg=**\ *ALG*
Use specified PRNG algorithm. For example, to use the OS native
prng specify ``--with-prng-alg=os``.
Default is the ``fortuna`` PRNG algorithm. For the ``nss`` crypto
backend use one must explicitly specify ``--with-prng-alg=nss``.
(See :ref:`mitK5features`)
**-**\ **-with-pkinit-crypto-impl=**\ *IMPL*
Use the specified pkinit crypto implementation *IMPL*.
Defaults to using OpenSSL.
**-**\ **-without-libedit**
Do not compile and link against libedit. Some utilities will no
longer offer command history or completion in interactive mode if
libedit is disabled.
**-**\ **-with-readline**
Compile and link against GNU readline, as an alternative to libedit.
Building with readline breaks the dejagnu test suite, which is a
subset of the tests run by 'make check'.
**-**\ **-with-system-verto**
Use an installed version of libverto. If the libverto header and
library are not in default locations, you may wish to specify
``CPPFLAGS=-I/some/dir`` and ``LDFLAGS=-L/some/other/dir`` options
at configuration time as well.
If this option is not given, the build system will try to detect
an installed version of libverto and use it if it is found.
Otherwise, a version supplied with the Kerberos sources will be
built and installed. The built-in version does not contain the
full set of back-end modules and is not a suitable general
replacement for the upstream version, but will work for the
purposes of Kerberos.
Specifying **-**\ **-without-system-verto** will cause the built-in
version of libverto to be used unconditionally.
**-**\ **-with-krb5-config=**\ *PATH*
Use the krb5-config program at *PATH* to obtain the build-time
default credential cache, keytab, and client keytab names. The
default is to use ``krb5-config`` from the program path. Specify
``--without-krb5-config`` to disable the use of krb5-config and
use the usual built-in defaults.
Examples
--------
For example, in order to configure Kerberos on a Solaris machine using
the suncc compiler with the optimizer turned on, run the configure
script with the following options::
% ./configure CC=suncc CFLAGS=-O
For a slightly more complicated example, consider a system where
several packages to be used by Kerberos are installed in
``/usr/foobar``, including Berkeley DB 3.3, and an ss library that
needs to link against the curses library. The configuration of
Kerberos might be done thus::
./configure CPPFLAGS=-I/usr/foobar/include LDFLAGS=-L/usr/foobar/lib \
--with-system-et --with-system-ss --with-system-db \
SS_LIB='-lss -lcurses' DB_HEADER=db3/db_185.h DB_LIB=-ldb-3.3
|