Note on ksu ----------- This program is not installed setuid root be default. If you want to install it setuid root, then you can override the package permissions with: dpkg-statoverride --update --add root root 4755 /usr/bin/ksu Note on ipropd and/or hpropd ---------------------------- The following entries may be required in you /etc/services file (see bug #139845): krb_prop 754/tcp # Kerberos slave propagation iprop 2121/tcp # incremental propagation Note on kerberos.8 man page --------------------------- This man page is not currently included due to conflict with kerberos4kth-kdc package. For more information on Kerberos, see: http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html Installing heimdal for Debian ----------------------------- (Note: if you do not have a krb4 KDC, you may need to include "krb4_get_tickets = no" in the [libdefaults] section of kdc.conf; otherwise kinit will complain with an error). Things you will have to do manually (see info documentation for details): On KDC: 1. Add adminstrator keys using kadmin. For example: # kadmin -l kadmin> add bam/admin Max ticket life [unlimited]: Max renewable life [unlimited]: Principal expiration time [never]: Password expiration time [never]: Attributes []: bam/admin@CHOCBIT.ORG.AU's Password: Verifying password - bam/admin@CHOCBIT.ORG.AU's Password: 2. Add kadmin/admin key to KDC: For example: # kadmin -l kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU Max ticket life [unlimited]: Max renewable life [unlimited]: Principal expiration time [never]: Password expiration time [never]: Attributes []: (note: this key doesn't need to be extracted). 3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl For example: echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl 4. Test. For example: # kadmin -p bam/admin bam/admin@CHOCBIT.ORG.AU's Password: kadmin> list * [should list all keys] 5. Add user keys For example: # kadmin -p bam/admin bam/admin@CHOCBIT.ORG.AU's Password: kadmin> add bam On other computers: 1. If you installed heimdal-clients-x or heimdal-servers-x, then you will need to add the following entry to /etc/services kx 2111/tcp # X over kerberos (check to make sure this doesn't already exist). 2. edit /etc/krb5.conf 3. setup secret keys each computer, using kadmin and/or ktutil. For example, on remote computer dewey.chocbit.org.au: bam/admin@CHOCBIT.ORG.AU's Password: kadmin> add -r host/dewey.chocbit.org.au [...] kadmin> ext host/dewey.chocbit.org.au kadmin> add -r ftp/dewey.chocbit.org.au [...] kadmin> ext ftp/dewey.chocbit.org.au The ext command extracts keys to /etc/krb5.keytab, where they can be inspected with the "ktutil list" command at the shell prompt. Tell me if any files conflict with any other package - do not try to force the package to install, otherwise things may break... In general, this package conflicts with kerberos4kth and probably MIT Kerberos (not packaged as of potato). Local installations under /usr/local should be OK. Changes from upstream source: 1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/ in that order. 2. /var/lib/heimdal-kdc used instead of /var/heimdal 3. /usr/bin/login moved to /usr/lib/heimdal-servers 4. /usr/lib/heimdal-servers used instead of /usr/libexec 5. kdc config files kdc.conf and kadmind.acl stored in /etc/heimdal-kdc instead of /usr/lib/heimdal-servers. Automatically creating users ----------------------------- Option #1: Use perl glue found at Option #2: cat kadmin-commands | kadmin For more details, see . -- Brian May , Wed, 8 Dec 1999 11:54:13 +1100