1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
In the Beta 4 distribution, we have included a new build system, which
was built using the Free Software Foundation's autoconf program. This
system will hopefully make Kerberos V5 much simpler to build for most
people, and reduce the amount of effort required in porting Kerberos V5
to a new platform.
In the future, we will be supporting only the configure method as the
method for configuring and building Kerberos. In this release, both
the autoconf and the old imake system are included, both to make
things easier for sites who have existing imake config files to
convert, and because the autoconf makefiles aren't quite as flexible
as the old imake system (although this will be fixed where the
flexibility is really needed) and because not all of the application
directories have been converted over to use configure.
If you want to use the old imake system, skip down to the section
labeled "HOW TO BUILD KERBEROS V5 USING IMAKE".
HOW TO BUILD KERBEROS V5 USING CONFIGURE
========================================
A) Find about 65 meg free; untar the krb5 sources. For example,
we will assume that you've untar'ed the sources into /u1/krb5,
so that the top of the source tree is /u1/krb5/src.
B) If you don't want separate build trees for each architecture, then
use the following abbreviated procedure.
1) cd /u1/krb5/src
2) ./configure
3) make
C. If you want to separate build trees for different architectures,
then create each build tree in the top level; for example,
/u1/krb5/solaris, /u1/krb5/pmax, etc. Then on each platform, do
something like the following:
1) cd /u1/krb5/pmax
2) ../src/autotools/lndir /u1/krb5/src
3) ./configure
4) make
If you have a make that supports VPATH (GNU make, for example), you
can simplify this procedure slightly:
1) cd /u1/krb5/pmax
2) ../src/configure
3) make
That's all there is to it!
By default, Kerberos will expect its configuration files to be in
/krb5. This can be changed by passing the
"--with-krb5-root=/KRB5_ROOT_DIR" option to configure, where
/KRB5_ROOT_DIR should be replaced with the appropriate pathname.
If you want Kerberos V4 backwards compatibility, pass the
"--with-krb4=/KRB4_DIRECTORY" option to configure. This requires that
the V4 include files be available in /KRB4_DIRECTORY/include, and that
the V4 Kerberos library be available in /KRB4_DIRECTORY/lib.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HOW TO BUILD KERBEROS V5 USING IMAKE
====================================
To build kerberos v5 Beta four distribution (using imake):
A) find about 65M free.
B) pick up and build the following support pieces/programs if you don't
have them already installed:
isode from ftp.psi.com:/isode/
ISODE 6.8 works, but you must apply our
patches (pepsy-diffs) before buidling. ISODE
7.0 is what we're using in-house. I believe
ISODE 8.0 should also work
n.b. The isode in the sources isn't linked
into the imake build files. So you can use
this isode, but you'll have to compile it
yourself manually.
C) building the system:
1) edit any files you need to change (see below)
2) run 'make world' and everything should get built.
3) If you want to install stuff, you can later run 'make install'.
Most of things you should need to change will be in
include/krb5/stock/osconf.h, config/site.def and/or an
architecture-specific file in config/.
config/site.def:
---------------
If you don't have pepsy in your $PATH, then add #defines to
config/site.def to give its location. See the top of Project.tmpl for
the #define'ed names you should use.
If you need additional library search paths to get the libraries, then
put the appropriate -L flag(s) into the #define of LdLibLocations in
config/site.def.
See the other comments in config/site.def for other options you may wish
to turn on (such as moving the default locations for various installed
programs & manual pages).
config/<machine>.cf:
------------------
Imake uses a separate configuration file to turn on/off certain options
on a per-system/architecture basis. See config/Imake.tmpl if you need
to figure out the name of the config file your machine will use.
[They're the same as those for X11R4, except that BSD on a VAX uses
<vaxbsd.cf> rather than <bsd.cf> (XXX)]
See ultrix.cf, sun.cf, vaxbsd.cf, ibm.cf for examples of things you
might want to include in this file.
Certain options which control some conditional compilations of interest
are:
HasVoidSignalReturn YES if signal catching functions should
be void; NO if they should return int.
HasPosixTermios YES if you have POSIX termios terminal controls
NO if you have BSD/V7 sgtty stuff.
(if you have neither, check out the code
in lib/os/read_pwd.c)
HasPosixFileLocks YES if you have POSIX file locking commands
NO if you have BSD-style flock() commands
(if you have neither, check out the code
in lib/os/lock_file.c)
HasPosixTypes YES if you have POSIX *_t types in your
header files
NO if you don't
HasStringH YES if you have <string.h>
NO if you don't
HasStdlibH YES if you have <stdlib.h>
NO if you don't
UseSysTimeH YES if you should use <sys/time.h> for
struct timeval
NO if you shouldn't
UseTimeH YES if you should use <time.h> for ...
if neither this nor UseSysTimeH is defined,
then <sys/time.h> will be used if OS_BSD
is set, otherwise <time.h> will be used.
HasInet YES if you have BSD internet sockets
NO if you don't (not much will work in
this dist without them, though... see lib/os/)
HaveSetenv YES if you have setenv() in your library
NO if you don't
HasGcc YES if you have gcc and want to use it,
NO if you don't
HasNdbm YES if you have ndbm(3), <ndbm.h>
NO if you have dbm(3)
Bitsize32 #define'd if you have 32-bit words
if not, good luck with the DES library.
Bitsize16
Bitsize64
DesDefines -D flags to configure the DES library.
common flags here are:
-DMSBFIRST (big-endian)
-DLSBFIRST (little-endian)
-DMUSTALIGN (if you have to align
references to longwords)
-DBIG (32 bits)
HasSaberC YES if you have Saber-C (this turns on
Makefile additions to make loading easier)
NO if you don't (but you should get it!)
SaberDefines extra -D flags for Saber-C loading
(such as -Dconst= to avoid a bug in
older versions of saber)
WantPrototypes YES if your C compiler supports function
prototypes. redundant if your compiler
defines __STDC__, but may be useful if
your compiler has prototypes but isn't
fully __STDC__
NeedNarrowPrototypes YES if your C compiler supports function
prototypes AND you do not want the
parameter types to be widened/promoted.
NO if you want them widened (normal
setting, since narrow versions can lead
to interoperability problems between
modules compiled with different compilers)
MakeDependFlags extra defines to be passed onto
makedepend when generating include file
dependencies. These might be flags that
your compiler sends automatically but
makedepend doesn't know about, e.g.:
-D__STDC__ -I/local/gcc-includes
STDCTopIncludes XXX include path for alternate STDC-ized
include files
StandardDefines -D flags for this system, e.g.
-YPOSIX -D_POSIX_SOURCE
StandardCppDefines -D flags to pass when only calling cpp, e.g.
-DPOSIX -D_POSIX_SOURCE
telnet/telnetd need special configuration options, which are sometimes
determined by the operating system defines. see
appl/telnet/telnet/Imakefile, appl/telnet/telnetd/Imakefile, and
appl/telnet/old-makefiles/* for details.
include/krb5/stock/osconf.h:
---------------------------
There are several defaults you may wish to adjust in osconf.h:
DEFAULT_CONFIG_FILENAME The pathname to the file which defines
the known realms and their KDCs. Same
format as V4 krb.conf
DEFAULT_TRANS_FILENAME The pathname to the file which a priori
assigns hosts to realms. Same format as
V4 krb.realms
DEFAULT_LNAME_FILENAME The pathname to the database mapping
authentication names to local account names.
See kdb5_anadd(8).
DEFAULT_KEYTAB_NAME The type and pathname to the default
server keytab file (the equivalent of v4
/etc/srvtab).
DEFAULT_KDC_ETYPE The default encryption type for the KDC.
DEFAULT_KDC_KEYTYPE The default keytype for the KDC.
KDCRCACHE The name of the replay cache used by
the KDC.
RCTMPDIR The directory which stores replay
caches.
include/krb5/stock/config.h
----------------------------
Most of the defines in this file should be adjusted using your imake
.cf file; however, some of the defines located at the end of the file
may be of interest (and are adjusted manually since they tend to be of
interest on a site-wide basis)
KRBCONF_VAGUE_ERRORS If defined, give vague and unhelpful
error messages to the client... er,
attacker. (Needed to meet silly
government regulations; most other
sites will want to keep this
undefined.)
KRBCONF_KDC_MODIFIES_KDB Define this if you want to allow the
KDC to modify the Kerberos database;
this allows the last request
information to be updated, as well as
the failure count information.
Note that this doesn't work if you're
using slave servers!!! It also causes
the database to be modified (and thus
need to be locked) frequently.
NOTE for building Kerberos for multiple platforms
=================================================
This is how we build Kerberos for multiple platforms here at MIT:
1) Use the synctree program to build a symlink tree. The .rconf files
included in the distribution are for use with synctree. You can find
the synctree program in the same directory as you found this release,
athena-dist.mit.edu.
Assuming you have a directory hierarchy which looks something like this:
|-decmips-
|-hpux----
|-krb5-|-linux---
|-solaris-
|-src-----
A typical invokation of synctree might be:
cd XXX/krb5
mkdir decmips; cd decmips
synctree -s ../src -d .
2) At the top level of the build tree (in the example above, krb5/decmips)
execute the following command to regenerate the top level makefile:
imake -I./config
3) Run a "make world". It is often advisiable to redirect the output
to a file, so that you can puruse any error messages when the compile
is finished.
|
