------------------------------------------------------------
| NOTE: This is currently just experimental code, it might |
| not work as expected. You have been warned. |
------------------------------------------------------------
This is a quick attempt at a SIA module for Kerberos. To install this
you will have to do the following:
* Make sure libsia_krb4.so is available in /usr/athena/lib. You might
actually want it on local disk, so /usr/shlib might be a better
place if /usr/athena is not local.
* Copy krb4_matrix.conf to /etc/sia. If you put libsia_krb4.so in some
obscure place, you might have to edit krb4_matrix.conf.
* Apply security.patch to /sbin/init.d/security
* Turn on krb4 security by issuing `rcmgr set SECURITY KRB4' and
`rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf'
* Digital thinks you should reboot your machine, but that really
shouldn't be necessary. It's usually sufficient just to run
/sbin/init.d/security
Users with local passwords (like root) should be able to login safely.
When using Digital's xdm the KRBTKFILE environment variable doesn't
get passed along (since xdm zaps the environment). Instead you have to
set KRBTKFILE to the correct value in /usr/lib/X11/xdm/Xsession. Add a
line similar to
KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`
Also remember to export this variable.
There is currently no support for changing kerberos passwords. Use
kpasswd instead.
45de62a3c8