f9e6d882fd
* Add IPv6 support to changepw.c * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=13
202 lines
7.2 KiB
Plaintext
202 lines
7.2 KiB
Plaintext
|
|
|
|
Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/appl/sample/sserver/sserver.M
|
|
+++ krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
|
|
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
|
using a line in
|
|
/etc/inetd.conf that looks like this:
|
|
.PP
|
|
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
|
|
+sample stream tcp nowait root @mansbindir@/sserver sserver
|
|
.PP
|
|
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
|
usually have to add a line to /etc/services which looks like this:
|
|
Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/config-files/kdc.conf.M
|
|
+++ krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
|
@@ -82,14 +82,14 @@ This
|
|
.B string
|
|
specifies the location of the access control list (acl) file that
|
|
kadmin uses to determine which principals are allowed which permissions
|
|
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
|
|
+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl.
|
|
|
|
.IP admin_keytab
|
|
This
|
|
.B string
|
|
Specifies the location of the keytab file that kadmin uses to
|
|
authenticate to the database. The default value is
|
|
-/usr/local/var/krb5kdc/kadm5.keytab.
|
|
+@manlocalstatedir@/krb5kdc/kadm5.keytab.
|
|
|
|
.IP database_name
|
|
This
|
|
@@ -254,7 +254,7 @@ tickets should be checked against the tr
|
|
realm names and the [capaths] section of its krb5.conf file
|
|
|
|
.SH FILES
|
|
-/usr/local/var/krb5kdc/kdc.conf
|
|
+@manlocalstatedir@/krb5kdc/kdc.conf
|
|
|
|
.SH SEE ALSO
|
|
krb5.conf(5), krb5kdc(8)
|
|
Index: krb5-1.8-alpha1/src/configure.in
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/configure.in
|
|
+++ krb5-1.8-alpha1/src/configure.in
|
|
@@ -1052,6 +1052,58 @@ if test "$ac_cv_lib_socket" = "yes" -a "
|
|
fi
|
|
|
|
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
|
+
|
|
+mansysconfdir=$sysconfdir
|
|
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"`
|
|
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+mansbindir=$sbindir
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"`
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"`
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+manlocalstatedir=$localstatedir
|
|
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"`
|
|
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+manlibexecdir=$libexecdir
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"`
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"`
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+AC_SUBST(mansysconfdir)
|
|
+AC_SUBST(mansbindir)
|
|
+AC_SUBST(manlocalstatedir)
|
|
+AC_SUBST(manlibexecdir)
|
|
+AC_OUTPUT([
|
|
+ appl/sample/sclient/sclient.M
|
|
+ appl/sample/sserver/sserver.M
|
|
+ clients/kcpytkt/kcpytkt.M
|
|
+ clients/kdeltkt/kdeltkt.M
|
|
+ clients/kdestroy/kdestroy.M
|
|
+ clients/kinit/kinit.M
|
|
+ clients/klist/klist.M
|
|
+ clients/kpasswd/kpasswd.M
|
|
+ clients/ksu/ksu.M
|
|
+ clients/kvno/kvno.M
|
|
+ config-files/kdc.conf.M
|
|
+ config-files/krb5.conf.M
|
|
+ gen-manpages/k5login.M
|
|
+ gen-manpages/kerberos.M
|
|
+ kadmin/cli/k5srvutil.M
|
|
+ kadmin/cli/kadmin.local.M
|
|
+ kadmin/cli/kadmin.M
|
|
+ kadmin/dbutil/kdb5_util.M
|
|
+ kadmin/ktutil/ktutil.M
|
|
+ kadmin/server/kadmind.M
|
|
+ kdc/krb5kdc.M
|
|
+ krb5-config.M
|
|
+ plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
|
|
+ slave/kpropd.M
|
|
+ slave/kprop.M
|
|
+ tests/create/kdb5_mkdums.M
|
|
+ util/et/com_err.3
|
|
+ util/et/compile_et.1
|
|
+ util/profile/profile.5
|
|
+ util/send-pr/send-pr.1
|
|
+])
|
|
+
|
|
V5_AC_OUTPUT_MAKEFILE(.
|
|
|
|
util util/support util/profile util/send-pr
|
|
Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/kadmin/cli/kadmin.M
|
|
+++ krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
|
@@ -869,9 +869,9 @@ option is specified, less verbose status
|
|
.RS
|
|
.TP
|
|
EXAMPLE:
|
|
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
|
|
+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin
|
|
Entry for principal kadmin/admin with kvno 3 removed
|
|
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
|
|
+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab.
|
|
kadmin:
|
|
.RE
|
|
.fi
|
|
@@ -913,7 +913,7 @@ passwords.
|
|
.SH HISTORY
|
|
The
|
|
.B kadmin
|
|
-prorgam was originally written by Tom Yu at MIT, as an interface to the
|
|
+program was originally written by Tom Yu at MIT, as an interface to the
|
|
OpenVision Kerberos administration program.
|
|
.SH SEE ALSO
|
|
.IR kerberos (1),
|
|
Index: krb5-1.8-alpha1/src/slave/kprop.M
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/slave/kprop.M
|
|
+++ krb5-1.8-alpha1/src/slave/kprop.M
|
|
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
|
This is done by transmitting the dumped database file to the slave
|
|
server over an encrypted, secure channel. The dump file must be created
|
|
by kdb5_util, and is normally KPROP_DEFAULT_FILE
|
|
-(/usr/local/var/krb5kdc/slave_datatrans).
|
|
+(@manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
.SH OPTIONS
|
|
.TP
|
|
\fB\-r\fP \fIrealm\fP
|
|
@@ -51,7 +51,7 @@ is used.
|
|
\fB\-f\fP \fIfile\fP
|
|
specifies the filename where the dumped principal database file is to be
|
|
found; by default the dumped database file is KPROP_DEFAULT_FILE
|
|
-(normally /usr/local/var/krb5kdc/slave_datatrans).
|
|
+(normally @manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
.TP
|
|
\fB\-P\fP \fIport\fP
|
|
specifies the port to use to contact the
|
|
Index: krb5-1.8-alpha1/src/slave/kpropd.M
|
|
===================================================================
|
|
--- krb5-1.8-alpha1.orig/src/slave/kpropd.M
|
|
+++ krb5-1.8-alpha1/src/slave/kpropd.M
|
|
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
|
This is done by adding a line to the inetd.conf file which looks like
|
|
this:
|
|
|
|
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
|
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
|
|
|
|
However, kpropd can also run as a standalone daemon, if the
|
|
.B \-S
|
|
@@ -111,13 +111,13 @@ is used.
|
|
\fB\-f\fP \fIfile\fP
|
|
specifies the filename where the dumped principal database file is to be
|
|
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
|
|
-(normally /usr/local/var/krb5kdc/from_master).
|
|
+(normally @manlocalstatedir@/krb5kdc/from_master).
|
|
.TP
|
|
.B \-p
|
|
allows the user to specify the pathname to the
|
|
.IR kdb5_util (8)
|
|
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
|
|
-(normally /usr/local/sbin/kdb5_util).
|
|
+(normally @mansbindir@/kdb5_util).
|
|
.TP
|
|
.B \-S
|
|
turn on standalone mode. Normally, kpropd is invoked out of
|
|
@@ -148,14 +148,14 @@ mode.
|
|
allows the user to specify the path to the
|
|
kpropd.acl
|
|
file; by default the path used is KPROPD_ACL_FILE
|
|
-(normally /usr/local/var/krb5kdc/kpropd.acl).
|
|
+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
.SH FILES
|
|
.TP "\w'kpropd.acl\ \ 'u"
|
|
kpropd.acl
|
|
Access file for
|
|
.BR kpropd ;
|
|
the default location is KPROPD_ACL_FILE (normally
|
|
-/usr/local/var/krb5kdc/kpropd.acl).
|
|
+@manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
Each entry is a line containing the principal of a host from which the
|
|
local machine will allow Kerberos database propagation via kprop.
|
|
.SH SEE ALSO
|