from ubuntu 7.10

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21994 ec53bebd-3082-4978-b11e-865c3cabbd6b

packages/debian/README.Debian

@@ -0,0 +1,120 @@
+Note on ksu
+-----------
+This program is not installed setuid root be default. If you want to
+install it setuid root, then you can override the package permissions
+with:
+
+dpkg-statoverride --update --add root root 4755 /usr/bin/ksu
+
+Note on ipropd and/or hpropd
+----------------------------
+The following entries may be required in you /etc/services
+file (see bug #139845):
+
+krb_prop      754/tcp                         # Kerberos slave propagation
+iprop         2121/tcp                        # incremental propagation
+
+Note on kerberos.8 man page
+---------------------------
+This man page is not currently included due to conflict with kerberos4kth-kdc
+package. For more information on Kerberos, see:
+http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
+
+Installing heimdal for Debian
+-----------------------------
+(Note: if you do not have a krb4 KDC, you may need to include
+"krb4_get_tickets = no" in the [libdefaults] section of
+kdc.conf; otherwise kinit will complain with an error).
+
+Things you will have to do manually (see info documentation for
+details):
+
+On KDC:
+1. Add adminstrator keys using kadmin.
+
+For example:
+# kadmin -l
+kadmin> add bam/admin
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes []:
+bam/admin@CHOCBIT.ORG.AU's Password:
+Verifying password - bam/admin@CHOCBIT.ORG.AU's Password:
+
+2. Add kadmin/admin key to KDC:
+
+For example:
+# kadmin -l
+kadmin> add -r kadmin/admin@CHOCBIT.ORG.AU
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
+Attributes []:
+
+(note: this key doesn't need to be extracted).
+
+3. Enable remote admistration by creating /etc/heimdal-kdc/kadmind.acl
+
+For example:
+echo 'bam/admin@CHOCBIT.ORG.AU all' > /etc/heimdal-kdc/kadmind.acl
+
+4. Test.
+
+For example:
+# kadmin -p bam/admin
+bam/admin@CHOCBIT.ORG.AU's Password:
+kadmin> list *
+[should list all keys]
+
+5. Add user keys
+
+For example:
+# kadmin -p bam/admin
+bam/admin@CHOCBIT.ORG.AU's Password:
+kadmin> add bam
+
+
+On other computers:
+1. If you installed heimdal-clients-x or heimdal-servers-x,
+then you will need to add the following entry to /etc/services
+kx              2111/tcp                        # X over kerberos
+(check to make sure this doesn't already exist).
+2. edit /etc/krb5.conf
+3. setup secret keys each computer, using kadmin and/or ktutil.
+
+For example, on remote computer dewey.chocbit.org.au:
+bam/admin@CHOCBIT.ORG.AU's Password:
+kadmin> add -r host/dewey.chocbit.org.au
+[...]
+kadmin> ext host/dewey.chocbit.org.au
+kadmin> add -r ftp/dewey.chocbit.org.au
+[...]
+kadmin> ext ftp/dewey.chocbit.org.au
+
+The ext command extracts keys to /etc/krb5.keytab, where
+they can be inspected with the "ktutil list" command at the
+shell prompt.
+
+Tell me if any files conflict with any other package - do not
+try to force the package to install, otherwise things may break...
+In general, this package conflicts with kerberos4kth and
+probably MIT Kerberos (not packaged as of potato). Local
+installations under /usr/local should be OK.
+
+Changes from upstream source:
+1. popper checks for $HOME/Maildir, $HOME/Mailbox and /var/spool/mail/<user>
+in that order.
+2. /var/lib/heimdal-kdc used instead of /var/heimdal
+3. /usr/bin/login moved to /usr/lib/heimdal-servers
+4. /usr/lib/heimdal-servers used instead of /usr/libexec
+5. telnet and ftp have been renamed to ktelnet and kftp, and
+use the update-alternatives mechanism. In the future, this
+should allow heimdal-clients to exist at the same time
+as telnet-ssl.
+6. kdc config files kdc.conf and kadmind.acl stored in
+/etc/heimdal-kdc instead of /usr/lib/heimdal-servers.
+
+ -- Brian May <bam@debian.org>, Wed,  8 Dec 1999 11:54:13 +1100