KerbNet includes software and documentation developed at the Massachusetts Institute of Technology, which includes this copyright information:
Copyright © 1995, 1997 by the Massachusetts Institute of Technology.
Export of software employing encryption from the United States of America is assumed to require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
KerbNet includes software and documentation developed by OpenVision Technologies, Inc., which includes this copyright notice:
The following copyright and permission notice applies to the OpenVision Kerberos Administration system located in kadmin/create, kadmin/dbutil, kadmin/server, lib/kadm, and portions of lib/rpc:
Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved WARNING: Retrieving the OpenVision Kerberos Administration system source code, as described below, indicates your acceptance of the following terms. If you do not agree to the following terms, do not retrieve the OpenVision Kerberos administration system. You may freely use and distribute the Source Code and Object Code compiled from it, but this Source Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON.OpenVision retains all rights, title, and interest in the donated Source Code. With respect to OpenVision's copyrights in the donated Source Code, OpenVision also retains rights to derivative works of the Source Code whether created by OpenVision or a third party. OpenVision Technologies, Inc. has donated this Kerberos Administration system to MIT for inclusion in the standard Kerberos 5 distribution. This donation underscores our commitment to continuing Kerberos technology development and our gratitude for the valuable work which has been performed by MIT and the Kerberos community.
KerbNet includes software and documentation developed at the University of California at Berkeley, which includes this copyright notice:
Copyright © 1983 Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
This product includes software developed by the University of California, Berkeley and its contributors.
Permission is granted to make and distribute verbatim copies of this manual provided the copyright notices and this permission notice are preserved on all copies.
Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions.
KerbNet is supplied in source form for a number of reasons:
KerbNet is a large package. Cygnus Solutions has streamlined the build process through use of several tools and packages, and through use of a build script, `buildcns5full'. This script is set up with conditionalized defaults, such that using the defaults will result in a successful build on each supported platform. (For example, the default compiler is the vendor-supplied C compiler on systems where the native compiler is known to work, and is `gcc' on systems where the native compiler is known not to work.) For this reason, Cygnus Solutions recommends running `buildcns5full', specifying only those options for which you require behavior different from the defaults.
At the very minimum, you need a UNIX-like operating system with an ANSI
C compiler. (The MacOS and Windows ports are not discussed here.)
While the build process checks for particular requirements and is often
able to compensate if they are not met, this is not possible in every
instance. Of course, Cygnus Solutions recommends gcc
, but we have
attempted to make the compilation work with both gcc
and the
"native" or OS-vendor-supplied compiler, whenever possible.
You need GNU
make
(1) and GNU
m4
(2).
In order to run all of the tests in the built-in KerbNet test
suite, you will need to have runtest
from the DejaGnu package
(3) installed. You will also need Tcl, Tk, and expect,
which are required by the DejaGnu package.
If you will be making an install kit (See section Constructing an Install Kit.), you will need gzip(4).
Finally, if you will be building `xdm', the X display manager, you need the following:
% xmkmf ; make
works on a simple X program.
Note: If you are using gcc
, the imake
config files should
check for the HasGcc
and HasGcc2
flags, and set the
compiler options appropriately if needed. If
% xmkmf ; make CC=gcc
works, you should still be able to build Xdm.
/usr/cygnus/kerbnet-1.2/source/krb5
.
/usr/cygnus/kerbnet-1.2/source/progressive
.
/usr/cygnus/kerbnet-1.2/source
.
% rm -rf src
% ./krb5/etc/buildcns5full --option1 --option2 ...
substituting the options you need in place of --option1 and --option2.
The following options are defined in the `buildcns5full' script:
--config
configure
before performing build. This is the default.
--no-config
configure
before performing the build.
--wipe
--no-wipe
--clean
make clean
before performing the build.
--no-clean
make clean
before performing the build. This is the
default.
--pack
--no-pack
--check
make check
after performing the build. This is the default.
--no-check
make check
after performing the build.
--top TOPDIR
--top=TOPDIR
krb5
.
--make MAKE-PROGRAM
--make=MAKE-PROGRAM
gmake
for NetBSD; make
for other platforms. Note,
however, that the values of the variable refer to the name of the
make
program. The make
program must be the GNU version.
(see section Requirements.)
In addition to those listed in the previous section, you can give
`buildcns5full' any of the standard options to configure
, or
any of the options defined below, and `buildcns5full' will pass
those options to configure
. The available options, as defined in
`aclocal.m4' and/or in the `configure.in' files are:
--enable-athena
kadmin.v4
, the KerbNet V4 compatible Kerberos
Administration Server, and krb524
, the conversion tools to allow
users to generate V4 tickets from V5 tickets. For further details, see
the section `KerbNet V4 Backward Compatibility Support' in Cygnus Network Security -- Version 5.
It also causes KRB5_ATHENA_COMPAT
to be defined, which may have
affects in future releases, but is currently unused.
--prefix pathname
--with-cc=COMPILER
Makefile
s as the default value of CC
.
--with-linker=LINKER
Makefile
s as the default value of LD
. This is useful for
building with Purify.
--with-ccopts=CCOPTS
Makefile
s as the default value of CCOPTS
. This is useful
for building with debugging or optimization.
--with-cppopts=CPPOPTS
Makefile
s as the default value of CPPOPTS
.
useful for setting flags.
--with-netlib=libs
-lresolv
in order to get a proper domain name resolver.
--enable-shared
--disable-shared
--with-shared
--without-shared
--enable-telnet-encryption
--disable-telnet-encryption
--enable-xdm
--disable-xdm
--with-oracle
--with-oracle-logging
--with-tcl=TCL-PATH
--with-tk
--with-tk=TK-PATH
--with-tk
is specified without a value for TK-PATH, use the
version of Tcl and Tk preinstalled in `/usr/local/lib' or
`/usr/lib'. If the `tkConfig.sh'(5) script
does not exist in either of these directories, build and use the
versions of Tk and Tcl that were included in the source tarfile. The
default value is --with-tk
.
--with-netscape=NETSCAPEDIR
--without-netscape
--with-predictive-securid
--without-predictive-securid
--with-vague-errors
--without-vague-errors
--with-kdc-kdb-update
--without-kdc-kdb-update
--enable-des-cbc-crc
--disable-des-cbc-crc
If, for any reason, you need to run the KerbNet tests manually,
cd to the `tests' directory under the `build' directory, and
run make check
. This will run a number of built-in tests of:
kadmin
The test suite will also run a set of live application tests, creating a
test realm, starting a Kerberos server (krb5kdc
), admin server
(kadmind
), and clients, and testing their features the way a user
would use them. The end summary should list no unexpected failures.
If you do find problems, you can get specific details by changing to the
`tests/dejagnu' directory and running runtest
with the
`-d' option, and examining the `dbg.log' file produced. (This
will not be necessary with any platform supported by Cygnus Solutions.)
Note also that some of the tests are run as root. If you are not able to log in as root using the command rlogin -l root hostname, this will result in at least two untested test cases.
An install kit is a gzipped tarfile that will unpack from /
into
the install directory (/usr/cygnus/kerbnet-1.2
unless otherwise
specified by the --prefix
option). You can make an install kit
by giving the --pack
option to the `buildcns5full' script.
Alternatively, once your build is complete, you can make an install kit
by running make tgz-bin
from the build directory. Note that this
requires that you have `gzip' installed. (see section Requirements.)
The following configure
options appear in the source code.
However, Cygnus Solutions does not support them, and they are not known
to work. (In fact, some of these are known not to work.) They
are included in this document for completeness.
--with-dbm
dbm
for the key database. This optional database is
most useful when users have principals in multiple realms that have
common access. However, this situation rarely occurs.
--without-dbm
db
. This is the default.
--with-dbm-lname
dbm
for aname
to lname
conversion
database. This optional database is most useful when users have
principals in multiple realms that have common access. However, this
situation rarely occurs.
--without-dbm-lname
db
. This is the default.
--without-krb4
--with-krb4
--with-krb4=KRB4DIR
--without-afs
asetkey
, aklog
, and
kascvt
.
--with-afs=AFSDIR
krb524d
.
--enable-popmail
--disable-popmail
--enable-minimal-ftp
--disable-minimal-ftp
--enable-des-cbc-md5
--disable-des-cbc-md5
--enable-des3-cbc-sha
--disable-des3-cbc-sha
--enable-des-cbc-raw
--disable-des-cbc-raw
--enable-des3-cbc-raw
--disable-des3-cbc-raw
--enable-des-cbc-cksum
--disable-des-cbc-cksum
--enable-crc32
--disable-crc32
--enable-rsa-md4
--disable-rsa-md4
--enable-rsa-md5
--disable-rsa-md5
--enable-nist-sha
--disable-nist-sha