diff --git a/README.md b/README.md index 812d3c7..85c1cf4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # krb5 +Kerberos V5 is a trusted-third-party network authentication system. +It is designed to provide strong authentication for client/server applications by using secret-key cryptography. +A free implementation of this protocol is available from the Massachusetts Institute of Technology. +Kerberos is available in many commercial products as well. + diff --git a/krb5-1.8.6-signed.tar b/krb5-1.8.6-signed.tar new file mode 100644 index 0000000..ea5b94b Binary files /dev/null and b/krb5-1.8.6-signed.tar differ diff --git a/krb5-conf b/krb5-conf new file mode 100644 index 0000000..8a12617 --- /dev/null +++ b/krb5-conf @@ -0,0 +1,17 @@ +[libdefaults] +default_realm=EXAMPLE +#dns_lookup_kdc=0 +#dns_lookup_realm=0 +dns_fallback=0 +kdc_timesync=1 +default_tkt_enctypes = des-cbc-crc des-cbc-md5 rc4-hmac +default_tgs_enctypes = des-cbc-crc des-cbc-md5 rc4-hmac +permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-crc des-cbc-md5 arcfour-hmac-md5 arcfour-hmac-md5-exp + +[realms] +EXAMPLE = { + kdc=pdc.example.org +} + +[logging] +#kdc = console diff --git a/krb5.spec b/krb5.spec new file mode 100644 index 0000000..35bc201 --- /dev/null +++ b/krb5.spec @@ -0,0 +1,370 @@ +%define libname libkrb5 +%define majversion %(echo %version | cut -d. -f 1-2) + +Name: krb5 +Version: 1.8.6 +Release: 1mamba +Summary: The kerberos network authentication system +Group: Applications/Security +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://web.mit.edu/kerberos/ +Source0: http://web.mit.edu/kerberos/dist/krb5/%{majversion}/krb5-%{version}-signed.tar +Source1: krb5-conf +License: MIT +#PreReq: %{__install_info} +Requires: %{libname} = %{version} +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libe2fs-devel +BuildRequires: libncurses-devel +BuildRequires: libtermcap-devel +## AUTOBUILDREQ-END +BuildRequires: libopenssl-devel +%if "%{stage1}" != "1" +BuildRequires: libtcl >= 8.4.4 +%endif +BuildRequires: perl +BuildRequires: flex +BuildRequires: bison +BuildRequires: diffutils +Requires(post):%{__install_info} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +Kerberos V5 is a trusted-third-party network authentication system. +It is designed to provide strong authentication for client/server applications by using secret-key cryptography. +A free implementation of this protocol is available from the Massachusetts Institute of Technology. +Kerberos is available in many commercial products as well. + +%package server +Group: System/Servers +Summary: The server programs for Kerberos 5 +Requires: %{name} = %{version} + +%description server +Kerberos V5 is a trusted-third-party network authentication system. +The %{name}-server package contains the programs that must be installed on a Kerberos 5 server. + +%package -n %{libname} +Group: System/Libraries +Summary: The shared libraries used by Kerberos 5 + +%description -n %{libname} +Kerberos V5 is a trusted-third-party network authentication system. +It is designed to provide strong authentication for client/server applications by using secret-key cryptography. +The %{libname} package contains the shared libraries needed by Kerberos 5. +If you're using Kerberos, you'll need to install this package. + +%package -n %{libname}-devel +Group: Development/Libraries +Summary: Development files needed for compiling kerberos 5 programs +Requires: %{libname} = %{version} + +%description -n %{libname}-devel +Kerberos V5 is a trusted-third-party network authentication system. +The %{libname}-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. +If you want to develop kerberos-aware programs, you'll need to install this package. + +%package ftp +Group: Applications/Networking +Summary: The kerberos FTP (File Transfer Protocol) client +Conflicts: ftp + +%description ftp +Kerberos V5 is a trusted-third-party network authentication system. +This package contains the kerberos FTP (File Transfer Protocol) client. + +%package telnet +Group: Applications/Networking +Summary: The kerberos Telnet (File Transfer Protocol) client +Conflicts: telnet + +%description telnet +Kerberos V5 is a trusted-third-party network authentication system. +This package contains the kerberos Telnet client. + +%prep +%setup -q -c krb5-%{version} +tar xzf krb5-%{version}.tar.gz +mv krb5-%{version}/* . +rmdir krb5-%{version} +gzip doc/*.ps + +# fix paths of `comm_err.h' header files +# find -name "*\.[hc]" -exec sed -i 's,\([<"]\)com_err.h,\1et/com_err.h,' {} \; + +%build +cd src +#export DB_LIB="-ldb-4" +#export SS_LIB="-lss -lcom_err" +%configure \ + --with-krb4 \ + --enable-shared \ + --enable-dns \ + --cache-file= \ + --with-system-et \ + --with-system-ss \ + CFLAGS="-I%{_includedir}/et" \ +%if "%{_host}" != "%{_build}" + LDFLAGS="-ldl -lpthread" +%endif + +# override the RPATH_FLAG and PROG_LIBPATH to drop the rpath: +#export RPATH_FLAG= +#export PROG_RPATH= +# override LDCOMBINE to use gcc instead of ld to build shared libraries +#export LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)' +make +#make check TMPDIR=%{_tmppath} + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall -C src + +# info docs +install -d %{buildroot}%{_infodir} +install -m 644 doc/*.info* %{buildroot}%{_infodir}/ + +# currently we don't use and want to use kerberos ftp and telnet daemons +rm -f %{buildroot}%{_sbindir}/ftpd +rm -f %{buildroot}%{_mandir}/man8/ftpd.* +rm -f %{buildroot}%{_sbindir}/telnetd +rm -f %{buildroot}%{_mandir}/man8/telnetd.* + +# fixup strange shared library permissions +chmod 755 %{buildroot}%{_libdir}/*.so* + +## rename rsh, rlogin and rcp +#for i in rcp rlogin rsh; do +# mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.krb5 +# mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/$i.krb5.1 +#done + +# remove libcom_err devel stuff +rm -f %buildroot%{_bindir}/compile_et +rm -f %buildroot%{_libdir}/libcom_err.{a,so} +rm -f %buildroot%{_mandir}/man1/compile_et* +#rm -f %buildroot%{_includedir}/com_err.h +rm -rf %buildroot%{_datadir}/et + +install -m 0644 -D %{SOURCE1} %{buildroot}%{_sysconfdir}/krb5.conf + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -n krb5 +%install_info krb5-user.info +: + +%preun -n krb5 +%uninstall_info krb5-user.info +: + +#%post server +#% install_info krb425.info +#% install_info krb5-admin.info +#% install_info krb5-install.info + +#%preun server +#% uninstall_info krb425.info +#% uninstall_info krb5-admin.info +#% uninstall_info krb5-install.info +#exit 0 + +%post -n %{libname} -p /sbin/ldconfig +%postun -n %{libname} -p /sbin/ldconfig + +%files -n krb5 +%defattr(-,root,root) +%{_bindir}/gss-client +%{_bindir}/kdestroy +%{_bindir}/kinit +%{_bindir}/klist +%{_bindir}/ktutil +%{_bindir}/kpasswd +#%{_bindir}/krb524init +%attr(0755,root,root) %{_bindir}/ksu +%{_bindir}/kvno +%{_bindir}/sim_client +%{_bindir}/uuclient +#%attr(0755,root,root) %{_bindir}/v4rcp +%{_sbindir}/gss-server +#%{_sbindir}/kadmin +#%{_sbindir}/klogind +%{_sbindir}/krb5-send-pr +#%{_sbindir}/kshd +#%{_sbindir}/login.krb5 +%{_sbindir}/uuserver +%{_infodir}/krb5-user.info* +%{_mandir}/man1/kdestroy.1* +%{_mandir}/man1/kerberos.1* +%{_mandir}/man1/kinit.1* +%{_mandir}/man1/klist.1* +%{_mandir}/man1/kpasswd.1* +%{_mandir}/man1/krb5-send-pr.1* +#%{_mandir}/man1/krb524init.1* +%{_mandir}/man1/ksu.1* +%{_mandir}/man1/kvno.1* +#%{_mandir}/man1/rcp.krb5.1* +#%{_mandir}/man1/rlogin.krb5.1* +#%{_mandir}/man1/rsh.krb5.1* +#%{_mandir}/man1/tmac.doc* +#%{_mandir}/man1/v4rcp.1* +%{_mandir}/man5/.k5login.5* +%{_mandir}/man5/krb5.conf.5* +%{_mandir}/man1/kadmin.1* +#%{_mandir}/man8/klogind.8* +#%{_mandir}/man8/kshd.8* +%{_mandir}/man1/ktutil.1* +#%{_mandir}/man8/login.krb5.8* +%{_datadir}/gnats/mit +%doc README doc/*.html doc/user*.ps.gz src/config-files/services.append +%attr(0755,root,root) %doc src/config-files/convert-config-files + +%files server +%defattr(-,root,root) +%{_bindir}/k5srvutil +%{_bindir}/kadmin +%{_sbindir}/kadmind +%{_sbindir}/kadmin.local +%{_sbindir}/kdb5_util +%{_sbindir}/kprop +%{_sbindir}/kproplog +%{_sbindir}/kpropd +#%{_sbindir}/krb524d +%{_sbindir}/krb5kdc +%{_sbindir}/sim_server +%{_mandir}/man1/krb5-config.1* +%{_mandir}/man5/kdc.conf.5* +%{_mandir}/man8/kadmind.8* +%{_mandir}/man8/kadmin.local.8* +%{_mandir}/man8/kdb5_util.8* +%{_mandir}/man8/kprop.8* +%{_mandir}/man8/kpropd.8* +%{_mandir}/man8/krb5kdc.8* +#%{_mandir}/man8/krb524d.8* +# `sclient' and `sserver' are usefull for testing purpose +%{_bindir}/sclient +%{_sbindir}/sserver +%{_mandir}/man1/sclient.1* +%{_mandir}/man1/k5srvutil.1* +%{_mandir}/man8/kproplog.8* +%{_mandir}/man8/sserver.8* +#%{_infodir}/krb425.info.gz +%{_infodir}/krb5-admin.info* +%{_infodir}/krb5-install.info* +%{_datadir}/examples/krb5/* +%doc doc/admin*.ps.gz +#%doc doc/krb425*.ps.gz +%doc doc/install*.ps.gz + +%files -n %{libname} +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/krb5.conf +%{_libdir}/*.so.* +%{_libdir}/krb5/plugins/kdb/db2.so +%{_libdir}/krb5/plugins/preauth/encrypted_challenge.so +%{_libdir}/krb5/plugins/preauth/pkinit.so +%doc README + +%files -n %{libname}-devel +%defattr(-,root,root) +%{_bindir}/krb5-config +%{_includedir}/*.h +%dir %{_includedir}/krb5 +%{_includedir}/krb5/krb5.h +%{_includedir}/krb5/locate_plugin.h +%dir %{_includedir}/kadm5 +%{_includedir}/kadm5/*.h +#%dir %{_includedir}/kerberosIV +#%{_includedir}/kerberosIV/*.h +%dir %{_includedir}/gssapi +%{_includedir}/gssapi/*.h +%dir %{_includedir}/gssrpc +%{_includedir}/gssrpc/*.h +%{_libdir}/*.so +# `sclient' and `sserver' are usefull for testing purpose +#%{_bindir}/sclient +#%{_sbindir}/sserver +#%{_mandir}/man1/sclient.1* +#%{_mandir}/man8/sserver.8* +%doc doc/api +%doc doc/implement +%doc doc/kadm5 +%doc doc/kadmin +#%doc doc/krb5-admin +%doc doc/krb5-protocol +%doc doc/rpc + +#%files ftp +#%defattr(-,root,root) +#%{_bindir}/ftp +#%{_mandir}/man1/ftp.* + +#%files telnet +#%defattr(-,root,root) +#%{_bindir}/telnet +#%{_mandir}/man1/telnet.* + +%changelog +* Fri Aug 10 2012 Automatic Build System 1.8.6-1mamba +- automatic version update by autodist + +* Mon Feb 06 2012 Silvan Calarco 1.8.5-1mamba +- update to 1.8.5 + +* Thu May 26 2011 Automatic Build System 1.8.4-1mamba +- automatic update by autodist + +* Mon Dec 06 2010 Automatic Build System 1.8.3-1mamba +- update to 1.8.3 + +* Mon Jul 12 2010 Silvan Calarco 1.8.2-1mamba +- update to 1.8.2 + +* Tue Feb 02 2010 Silvan Calarco 1.6.3-2mamba +- rebuilt using system libcom_err and libcompile_et + +* Tue Jun 17 2008 Silvan Calarco 1.6.3-1mamba +- update to 1.6.3 + +* Fri Nov 04 2005 Davide Madrisan 1.4.2-2qilnx +- added missing %%defattr lines +- install/uninstall info pages + +* Thu Nov 03 2005 Silvan Calarco 1.4.2-1qilnx +- update to version 1.4.2 by autospec, incorporating fixes for + MIT-KRB5-SA-2005-001, MIT-KRB5-SA-2005-002, and MIT-KRB5-SA-2005-003 + +* Wed Jun 01 2005 Silvan Calarco 1.3.6-6qilnx +- added default configuration file (/etc/krb5.conf) + +* Wed Mar 31 2005 Silvan Calarco 1.3.6-5qilnx +- fixed security issue QSA-2005-033 (CAN-2005-0468) + +* Wed Jan 05 2005 Silvan Calarco 1.3.6-3qilnx +- remove libcom_err devel files to avoid a conflict with libe2fs' same library + +* Thu Dec 23 2004 Davide Madrisan 1.3.6-1qilnx +- update to version 1.3.6 by autospec +- version 1.3.6 fixes the security issue QSA-2004-070 (CAN-2004-1189) +- use system libe2fs to avoid a conflict between libe2fs-devel and + libkrb5-devel packages +- added info pages, html, and ps documentation +- splitted krb5 package into krb5 (client) and krbd-server +- fixed the permissions of a few binary files and some libraries + +* Sun Sep 26 2004 Silvan Calarco 1.3.5-1qilnx +- update to version 1.3.5 by autospec +- moved /usr/bin/krb5-config to devel package + +* Mon Sep 13 2004 Davide Madrisan 1.3.4-2qilnx +- security fixes: CAN-2004-0642, CAN-2004-0643, CAN-2004-0644, CAN-2004-0772 + +* Mon Jun 21 2004 Silvan Calarco 1.3.4-1qilnx +- new version build + +* Fri Nov 14 2003 Silvan Calarco 1.3.1-1qilnx +- first build