File: README

package info (click to toggle)
kftgt 1.6-2sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 276 kB
  • ctags: 110
  • sloc: ansic: 901; perl: 298; sh: 166; makefile: 138
file content (129 lines) | stat: -rw-r--r-- 4,966 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
                            kftgt release 1.6
                     (Kerberos v4 ticket forwarding)

          Originally written by Roland Schemers and Booker Bense
         Currently maintained by Russ Allbery <rra@stanford.edu>

  Copyright 1994, 1996, 1997, 1999, 2001, 2002, 2003 Board of Trustees,
  Leland Stanford Jr. University.  This software is distributed under a
  BSD-style license.  Please see the file LICENSE below for terms of use
  and redistribution.


DESCRIPTION

  This package includes a client and daemon to forward and accept
  forwarded Kerberos v4 tickets, for remote login support in Kerberos v4
  environments.  It also contains Perl wrappers around rsh, rlogin, and
  telnet to forward tickets before connecting to the remote system.  This
  package is largely obsoleted by Kerberos v5 and its built-in ticket
  forwarding support, but may still be useful for sites running AFS
  kaserver and using Kerberos v4 tickets for AFS access.

  This package is largely frozen, and no significant additional
  development is anticipated.  Stanford is migrating to a pure Kerberos v5
  environment, after which this software will be dropped.  It is currently
  supported solely for compatibility with our existing infrastructure
  while we make that migration.

  Note that forwarding of Kerberos v4 tickets is likely to only work with
  the AFS kaserver as the Kerberos v4 KDC and probably will not work with
  other Kerberos v4 KDCs.


REQUIREMENTS

  As a Kerberos program, kftgt requires Kerberos v4 libraries to link
  against.  It has been tested only with the MIT Kerberos v4 compatibility
  libraries from the Kerberos v5 distribution, but likely will also build
  against the KTH Kerberos v4 libraries.

  The krsh and klogin wrappers require Perl 5.004 or later.  krsh also
  expects to find aklog, kdestroy, and unlog on the user's path, the first
  to obtain AFS tokens from a Kerberos v4 ticket.  You may need to change
  krsh if your aklog is spelled afslog.

  As mentioned above, ticket forwarding will likely only work if your
  Kerberos v4 KDC is the AFS kaserver.


INSTALLATION

  The best way to build kftgt/kftgtd is to do something like (assuming
  your make program understands VPATH):

      mkdir sun4x_58    # (for example)
      cd sun4x_58
      ../configure
      make
      make install

  You'll probably have to specify some options to configure. By default
  things gets installed using the prefix /usr/local (in other words, kftgt
  is placed in /usr/local/bin, kftgtd in /usr/local/sbin, and so on).

  To change the prefix use the --prefix option:

      ../configure --prefix=/opt/kerberos

  If your kerberos libraries and includes aren't in /usr/local/include and
  /usr/local/lib (or some other include directory and library directory
  searched by default by your compiler), then you need to also specify
  --with-kerberos=path:

      ../configure --prefix=/opt/kerberos --with-kerberos=/usr/pubsw

  You may also need to change the path to Perl on the first line of the
  klogin and krsh scripts.

  kftgtd is started from inetd so you need to add an entry to inetd.conf:

kftgtd stream  tcp     nowait root      /usr/local/sbin/kftgtd kftgtd

  And an entry in /etc/services like:

kftgt           2109/tcp        kftgtd          # K4 TGT forwarding service

 If you change the service port you should also change it in kftgt.h and
 rebuild kftgt.  It uses the value in kftgt.h in case it can't find it in
 /etc/services.


PORTING

  kftgt should compile cleanly on most systems.  I've tested it on the
  following platforms:

  Digital UNIX 4.0F
  Linux (glibc 2.1 and 2.2)
  HP-UX 11.00
  AIX 4.3
  IRIX 6.5
  Solaris 2.6 and 8

  Besides the normal libraries (libkrb, libdes) you may also have to worry
  about libsocket and libnsl on SysV machines, the return type for signal
  functions, and whether or not you have the unsetenv function.  You also
  have to worry about the size of your "long" and "int" variables.
  configure tries to take care of all of this for you.

  The Cygnus Kerberos library uses KRB_INT32 and KRB_UINT32 and they are
  also defined in kftgt.h if not found elsewhere.  You might also have to
  worry about the "my_" typedefs in marsh.c if you have a strange system.


FUTURE WORK

  I didn't want to complicate things too much so I didn't worry much about
  multiple realms (we only have one) or being able to forward a TGT that
  is different then the one you have.  A simple wrapper could handle the
  second one (set KRBTKFILE to a temp variable, kinit, then run kftgt,
  followed by kdestroy).

  No significant development is planned on this package.  Users are
  encouraged to migrate to a pure Kerberos v5 environment as soon as they
  can for improved security and functionality.  This package is basically
  a hack to duplicate functionality that is handled better and more
  securely by Kerberos v5.

  Please send any comments or bugs to rra@stanford.edu.