[179] in Kerberos-V5-bugs
Re: Missing documentation
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Jul 30 21:06:40 1991
Date: Tue, 30 Jul 91 21:06:36 -0400
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: uris@handies.UCAR.EDU
Cc: krb5-bugs@ATHENA.MIT.EDU
In-Reply-To: Mark Uris's message of Tue, 30 Jul 91 10:45:37 MDT,
Reply-To: tytso@ATHENA.MIT.EDU
Date: Tue, 30 Jul 91 10:45:37 MDT
From: uris@handies.UCAR.EDU (Mark Uris)
I'm installing Kerberos on our NCAR system. I can't seem to find any
documentation for kprop or kpropd for release 4, the man page is missing
for release 5. Can you e-mail to me or point me where to look to set
up the propagation for let's say release 4 ( ex., what services have
to be added in /etc/services, if the inetd.conf needs to be changed,
what the fname parameter on the kpropd command line means).
Are you trying to install Kerberos V4 or Kerberos V5? kprop and kpropd
were completely rewritten for Kerberos V5. I apologize for not having
manual pages for kprop and kpropd; given our limited resources for
developing Kerberos V5, we've been concentrating on getting the code
working and stable and writing documentation has taken a back seat to
this goal.
(I assume you know that Kerberos V5 is a new version of the Kerberos
protocol, not just a new "release"; Kerberos V5 is currently in beta
test, and is not yet ready for production use. For example, the
Kerberos admin server, which is used for remote administration of the
Kerberos database and which is also used to allow users to change their
passwords (without requiring an administrator to login to the Kerberos
KDC and manually changing it for them) has not been written yet. In
addition, the documentation for Kerberos version 5 is spotty at best.)
In any case, for the Kerberos V5 kprop: you need a new /etc/services
entry for "krb5_prop" (which port you use isn't that important, as long
as both the master and slave Kerberos servers use the same port!) You
can run kpropd either out of inetd.conf, in which case you put in a
standard TCP line in /etc/inetd.conf --- use the fingerd line as a model
--- or you can run kpropd in standalone mode, if you use the -S option.
In ttandalone mode, kpropd places itself in the background and forks
copies of itself as it accepts connections. The [-f slave_file]
paramter on the kpropd command line denotes the name of the temporary
file name that should be used to store the dumped kerberos database
before it is loaded using kdb5_edit. You don't need to specify it,
since it will use a default file.
I hope this helps! If you have any more questions, please let me know!
- Ted
