ae77177087
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
$FreeBSD$
Note: If you modify these files, please keep hier(7) updated!
These files are used to create empty file hierarchies for building the
system into. Some notes about working with them are placed here to try
and keep them in good working order.
a) The files use 4 space indentation, and other than in the header
comments, should not contain any tabs. An indentation of 4 is
preferable to the standard indentation of 8 because the indentation
of levels in these files can become quite deep causing the line to
overflow 80 characters.
This also matches with the files generated when using the
mtree -c option, which was implemented that way for the same reason.
b) Only directories should be listed here.
c) The listing should be kept in filename sorted order.
d) Sanity checking changes to these files can be done by following
this procedure (the sed -e is ugly, but fixing mtree -c to
not emit the trailing white space would be even uglier):
mkdir /tmp/MTREE
mtree -deU -f BSD.X.dist -p /tmp/MTREE
mtree -cdin -k uname,gname,mode -p /tmp/MTREE | \
sed -e 's/ *$//' >BSD.X.new
diff -u BSD.X.dist BSD.X.new
rm -r /tmp/MTREE
Note that you will get some differences about /set lines,
and uname= gname= on certain directory areas, mainly man page
sections. This is caused by mtree not having a look ahead
mechanism for making better selections for these as it
traverses the hierarchy.
The BSD.X.new file should NOT be committed, as it will be missing
the correct header, and important keywords like ``nochange''.
Simply use the diff for a sanity check to make sure things are in
the correct order and correctly indented.
e) Further sanity checking of the system builds with DESTDIR=/someplace
are more complicated, but can often catch missing entries in these
files. I tend to run this more complete sanity check shortly after
the target date for a new release is announced.
If you want details on it bug me about it via email to
rgrimes@FreeBSD.org.