Page MenuHomeFreeBSD
Files F147835018

D23596.diff
No OneTemporary
Actions

D23596.diff
View Options

Index: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1207,12 +1207,17 @@
<acronym>KDC</acronym> is recommended for security
reasons.</para>
- <para>To begin setting up a <acronym>KDC</acronym>, add these
- lines to <filename>/etc/rc.conf</filename>:</para>
+ <para>To begin, install the <package>security/heimdal</package>
+ package as follows:</para>
- <programlisting>kdc_enable="YES"
-kadmind_enable="YES"</programlisting>
+ <screen>&prompt.root; <userinput>pkg install heimdal</userinput></screen>
+ <para>Next, update <filename>/etc/rc.conf</filename> using
+ <command>sysrc</command> as follows:</para>
+
+ <screen>&prompt.root; <userinput>sysrc kdc_enable=yes</userinput>
+&prompt.root; <userinput>sysrc kadmind_enable=yes</userinput></screen>
+
<para>Next, edit <filename>/etc/krb5.conf</filename> as
follows:</para>
@@ -1295,25 +1300,32 @@
<para>Lastly, while still in <command>kadmin</command>, create
the first principal using <command>add</command>. Stick to
the default options for the principal for now, as these can be
- changed later with <command>modify</command>. Type
- <literal>?</literal> at the prompt to see the available
+ <command>kadmin</command>, using the <command>add</command>.
+ Stick to the default options for the admin principal for now,
+ as these can be changed later with <command>modify</command>.
+ Type <literal>?</literal> at the prompt to see the available
options.</para>
- <screen>kadmin&gt; <userinput>add <replaceable>tillman</replaceable></userinput>
+ <screen>kadmin&gt; <userinput>add tillman</userinput>
Max ticket life [unlimited]:
Max renewable life [unlimited]:
+Principal expiration time [never]:
+Password expiration time [never]:
Attributes []:
Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
- <para>Next, start the <acronym>KDC</acronym> services by running
- <command>service kdc start</command> and
- <command>service kadmind start</command>. While there will
- not be any kerberized daemons running at this point, it is
- possible to confirm that the <acronym>KDC</acronym> is
- functioning by obtaining a ticket for the
- principal that was just created:</para>
+ <para>Next, start the <acronym>KDC</acronym> services by
+ running:</para>
+ <screen>&prompt.root; <userinput>service kdc start</userinput>
+&prompt.root; <userinput>service kadmind start</userinput></screen>
+
+ <para>While there will not be any kerberized daemons running at
+ this point, it is possible to confirm that the
+ <acronym>KDC</acronym> is functioning by obtaining a ticket
+ for the principle that was just created:</para>
+
<screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
tillman@EXAMPLE.ORG's Password:</screen>
@@ -1380,8 +1392,9 @@
<command>kadmin</command> will prompt for the password to get
a fresh ticket. The principal authenticating to the kadmin
service must be permitted to use the <command>kadmin</command>
- interface, as specified in <filename>kadmind.acl</filename>.
- See the section titled <quote>Remote administration</quote> in
+ interface, as specified in
+ <filename>/var/heimdal/kadmind.acl</filename>. See the
+ section titled <quote>Remote administration</quote> in
<command>info heimdal</command> for details on designing
access control lists. Instead of enabling remote
<command>kadmin</command> access, the administrator could
@@ -1756,8 +1769,8 @@
<listitem>
<para><link
- xlink:href="https://www.h5l.org/">Heimdal
- <application>Kerberos</application> home
+ xlink:href="https://github.com/heimdal/heimdal/wiki">Heimdal
+ <application>Kerberos</application> project wiki
page</link></para>
</listitem>
</itemizedlist>

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 15, 1:17 AM (7 h, 52 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29695733
Default Alt Text
D23596.diff (4 KB)

Event Timeline