From 7cb8eb037b08eae16d439c3bdb0efd63faac0af2 Mon Sep 17 00:00:00 2001 From: tholo <> Date: Sat, 16 Dec 1995 21:12:10 +0000 Subject: [PATCH] Add sample kerberosIV configuration files --- src/etc/Makefile | 9 +++++++++ src/etc/kerberosIV/README | 36 +++++++++++++++++++++++++++++++++++ src/etc/kerberosIV/krb.conf | 2 ++ src/etc/kerberosIV/krb.equiv | 1 + src/etc/kerberosIV/krb.realms | 1 + 5 files changed, 49 insertions(+) create mode 100644 src/etc/kerberosIV/README create mode 100644 src/etc/kerberosIV/krb.conf create mode 100644 src/etc/kerberosIV/krb.equiv create mode 100644 src/etc/kerberosIV/krb.realms diff --git a/src/etc/Makefile b/src/etc/Makefile index 52aeea22..03295f22 100644 --- a/src/etc/Makefile +++ b/src/etc/Makefile @@ -56,6 +56,15 @@ distribution: distrib-dirs rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ ln ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc; \ ln ${DESTDIR}/root/.profile ${DESTDIR}/.profile) + (cd kerberosIV; \ + install -c -o root -g wheel -m 644 README \ + ${DESTDIR}/etc/kerberosIV; \ + install -c -o root -g wheel -m 644 krb.conf \ + ${DESTDIR}/etc/kerberosIV; \ + install -c -o root -g wheel -m 644 krb.equiv \ + ${DESTDIR}/etc/kerberosIV; \ + install -c -o root -g wheel -m 444 krb.realms \ + ${DESTDIR}/etc/kerberosIV) (cd mtree; \ install -c -o root -g wheel -m 600 special \ ${DESTDIR}/etc/mtree; \ diff --git a/src/etc/kerberosIV/README b/src/etc/kerberosIV/README new file mode 100644 index 00000000..d314aa22 --- /dev/null +++ b/src/etc/kerberosIV/README @@ -0,0 +1,36 @@ +# from @(#)README 8.1 (Berkeley) 6/9/93 +# $Id: README,v 1.1 1995/12/16 21:12:08 tholo Exp $ + +Notes about the contents of the /etc/kerberosIV directory: + +The file master_key contains a copy of the master key under which the +entire Kerberos database is encrypted. Disclosing this key would be bad +news. The reason it is stored in the filesystem is because the following +programs need to inspect or modify the kereros database, and so the key +must be available for them, (or else it would have to be typed in by +hand): + - kerberos (the server itself) + - registerd (for new user registration) + - kpasswdd (for changing passwords) + +The srvtab file contains the encryption keys for each service on the local +host. Any host offering network services would have a key here, although +many such files can be used. + +The principal.* files comprise the Kerberos database itself, and contain +keys for all principles, and should not be world-readable. + +The kerberos.conf file contains the configuration for this machine: + - which realm I'm in + - which servers I should talk to for this realm + +The kerberos.realms file contains the name of Kerberos servers for +various (sub)domains. + +Kerberos log information it placed in /var/log/kerberos.log +(see rc.local to change it) + +The register_keys directory contains a set of files (all of which begin +with "."), each of which contains a des key used for registering new users +with the system. It is used only by the "registerd" program, and only on +a Kerberos server host. diff --git a/src/etc/kerberosIV/krb.conf b/src/etc/kerberosIV/krb.conf new file mode 100644 index 00000000..1a1de44e --- /dev/null +++ b/src/etc/kerberosIV/krb.conf @@ -0,0 +1,2 @@ +MY.DOMAIN +MY.DOMAIN me.my.domain admin server diff --git a/src/etc/kerberosIV/krb.equiv b/src/etc/kerberosIV/krb.equiv new file mode 100644 index 00000000..86e83305 --- /dev/null +++ b/src/etc/kerberosIV/krb.equiv @@ -0,0 +1 @@ +#1.2.3.4 4.3.2.1 diff --git a/src/etc/kerberosIV/krb.realms b/src/etc/kerberosIV/krb.realms new file mode 100644 index 00000000..fdb1e885 --- /dev/null +++ b/src/etc/kerberosIV/krb.realms @@ -0,0 +1 @@ +.my.domain MY.DOMAIN