diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2002-01-08 15:05:08 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2002-01-08 15:05:08 +0000 |
| commit | 6108625cb97276aff8379562b790597113dec921 (patch) | |
| tree | 6eeb8081e5f84731d96b61f0c4766d93e5e91482 /security/krb5/files/README.FreeBSD | |
| parent | A minor nit: -I. -> -I${.CURDIR}... (diff) | |
In order to make the MIT KRB5 port compatible with FreeBSD, the port
now makes use of login.conf and login.access. This is performed by
using FreeBSD login(1) instead of MIT KRB5 login.krb5(8).
The MIT KRB5 login.krb5(8) can still be used by specifying "-L" in
the klogind and telnetd arguments in inetd.conf. This is documented
in a new file called README.FreeBSD.
Reviewed by: nectar
Notes
Notes:
svn path=/head/; revision=52768
Diffstat (limited to 'security/krb5/files/README.FreeBSD')
| -rw-r--r-- | security/krb5/files/README.FreeBSD | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/krb5/files/README.FreeBSD b/security/krb5/files/README.FreeBSD new file mode 100644 index 000000000000..e888e689eb04 --- /dev/null +++ b/security/krb5/files/README.FreeBSD @@ -0,0 +1,32 @@ +The MIT KRB5 port provides its own login program at +${PREFIX}/sbin/login.krb5. However, login.krb5 does not make use of +the FreeBSD login.conf and login.access files that provide a means of +setting up and controlling sessions under FreeBSD. To overcome this, +the MIT KRB5 port uses the FreeBSD /usr/bin/login program to provide +interactive login password authentication instead of the login.krb5 +program provided by MIT KRB5. The FreeBSD /usr/bin/login program does +not have support for Kerberos V password authentication, +e.g. authentication at the console. The pam_krb5 port must be used to +provide Kerberos V password authentication. + +For more information about pam_krb5, please see pam(8) and pam_krb5(8). + +If you wish to use login.krb5 that is provided by the MIT KRB5 port, +the arguments "-L ${PREFIX}/sbin/login.krb5" must be +specified as arguments to klogind and KRB5 telnetd, e.g. + +klogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -L ${PREFIX}/sbin/login.krb5 +eklogin stream tcp nowait root ${PREFIX}/sbin/klogind klogind -k -c -e -L ${PREFIX}/sbin/login.krb5 +telnet stream tcp nowait root ${PREFIX}/sbin/telnetd telnetd -a none -L ${PREFIX}/sbin/login.krb5 + +Additionally, if you wish to use the MIT KRB5 provided login.krb5 instead +of the FreeBSD provided /usr/bin/login for local tty logins, +"lo=${PREFIX}/sbin/login.krb5" must be specified in /etc/gettytab, e.g., + +default:\ + :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ + :if=/etc/issue:\ + :lo=${PREFIX}/sbin/login.krb5: + +It is recommended that the FreeBSD /usr/bin/login be used with the +pam_krb5 port instead of the MIT KRB5 provided login.krb5. |