1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
Building & Running Kerberos 5 on Windows
----------------------------------------
Kerberos 5 builds on Windows with MSVC++ 6.0. It may or may not build
with other compilers or make utilities.
These build instructions assume that you have the standalone source
distribution of Kerberos 5 rather than the MIT Kerberos for Windows
distribution (which includes a working Kerberos 4).
There are two methods for building a Windows version of Kerberos 5.
The traditional method involves starting on a Unix machine and
creating a distribution that can be built on Windows. The second
method works from the sources that come from the Unix distribution if
you have certain Unix-type utilities (see below).
IMPORTANT NOTE: By default, the sources are built with debug
information and linked against the debug version of the Microsoft C
Runtime library, which is not found on most Windows systems unless
they have development tools. To build a release version, you need to
define NODEBUG either in the environment or the nmake command-line.
DNS Support: To support DNS lookups, you will need to define
KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, or KRB5_DNS_LOOKUP_REALMS. The
DNS code will default to trying to use the wshelper library. If you
would rather use a resolver library whose include files more closely
match the Unix resolver library, define KRB5_NO_WSHELPER. You will
also need to define DNS_INC to point to the include directory for the
library and DNS_LIB to library itself. The default is not to support
DNS because the build cannot know whether there is a DNS resolver
library around for it to use.
Traditional Build Method:
------------------------
On the Unix side
1) cd xxx/src # Go to where the source lives
2) make -f Makefile.in kerbsrc.zip # Do some Unix-side configuring
# ...and create kerbsrc.zip
3) <transfer kerbsrc.zip to the PC>
On the PC side
1) md \krb5 # Create dir where we'll put the tree
2) cd \krb5
3) unzip kerbsrc.zip
- or -
pkunzip -d kerbsrc.zip
4) nmake [NODEBUG=1] [DNS-options] # Build the sources
5) nmake install [NODEBUG=1] # Copy headers, libs, executables
All-Windows Build Method:
------------------------
First, make sure you have sed, gawk, cat, and cp.
1) cd xxx/src # Go to where the source lives
2) nmake -f Makefile.in prep-windows # Create Makefile for Windows
3) nmake [NODEBUG=1] [DNS-options # Build the sources
4) nmake install [NODEBUG=1] # Copy headers, libs, executables
Notes on the install Target:
---------------------------
For the install target, you will need to define KRB_INSTALL_DIR to
point to the directory where the header, library, and executable files
will be installed. You can either define this in the environment or
at the nmake command-line. For example:
nmake install [NODEBUG=1] KRB_INSTALL_DIR=c:\sdk\krb5
Make sure you create the directory first. Otherwise, nmake will
complain. The files will get installed into include, lib, and bin
subdirectories. You can then copy the binaries to where ever you want
have them (probably somewhere in your path).
Running Kerberos 5 Apps:
-----------------------
Make sure you have a valid krb5.ini file. That will look just like a
Unix krb5.conf file. You can place this file in the same directory as
your krb5_32.dll or in your Windows directory. You should then be
able to run the applications that are built. Note that Kerberos 5
will not look for the krb5.ini file in your path.
krb5.ini File:
-------------
WARNING: Despite its name, this is not a Windows .ini file.
Therefore, do not try to use any .ini tools, including the Windows API
or any installer tools to manipulate this file. Its format is subtly
different from Windows .ini files!
Controlling the Kerberos 5 Run-Time Environment:
-----------------------------------------------
The Kerberos 5 configuration file and credentials cache can be
controlled with environment variables and registry settings. The
environment variable for a particular setting always takes precedence.
Next in precedence comes the setting in the registry under
HKEY_CURRENT_USER\Software\MIT\Kerberos5. Then comes the registry
setting under HKEY_LOCAL_MACHINE\Software\MIT\Kerberos5. If none of
those are found, a default value is used.
Configuration File:
- Environment: KRB5_CONFIG
- Registry Value: config
- Default: looks in krb5_32.dll's dir and Windows directory
Default Credentials Cache:
- Environment: KRB5CCNAME
- Registry Value: ccname
- Default: API:krb5cc or FILE:%TEMP%\krb5cc or FILE:<windows dir>\krb5cc
Credentials Cache:
-----------------
In addition to standard FILE: (disk file) and MEMORY: (in-process
non-shared memory) Windows supports the API: cache type, which is a
shared memory cache. This is implemented by krbcc32.dll, which is not
included the the krb5-only distribution. Rather, it is part of MIT's
Kerberos for Win32 suite.
Othes Issues:
------------
The krb4_32.dll that is built (but not installed) is not supported.
If you need Kerberos 4, you can use the krbv4w32.dll that MIT
distributes as part of the MIT Kerberos for Windows distribution.
More Information:
----------------
For more information, please read the Kerberos 5 documentation in
the doc directory of the distribution.
|
