summaryrefslogtreecommitdiff
path: root/debian/zephyr-server-krb.README.Debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian/zephyr-server-krb.README.Debian')
-rw-r--r--debian/zephyr-server-krb.README.Debian30
1 files changed, 30 insertions, 0 deletions
diff --git a/debian/zephyr-server-krb.README.Debian b/debian/zephyr-server-krb.README.Debian
new file mode 100644
index 0000000..4b03c1d
--- /dev/null
+++ b/debian/zephyr-server-krb.README.Debian
@@ -0,0 +1,30 @@
+To run a zephyr server with MIT Kerberos support, you need to generate a
+Kerberos IV srvtab for the principal zephyr.zephyr@YOUR.REALM.NAME.
+
+Doing this with the MIT Kerberos V server is a somewhat convoluted process,
+but here we go:
+
+[Note that this presumes that you have Kerberos administrator privileges, if
+you don't, find someone who does.]
+
+At the kadmin prompt, type
+
+ank -randkey zephyr/zephyr
+
+this creates the Kerberos principal, with whatever key types and cryptosystems
+your realm defaults to. Next, also at the kadmin prompt, type the following
+substituting appropriately for your realm name and various file locations:
+
+xst -k /tmp/keytab -e des-cbc-crc:v4 zephyr/zephyr@YOUR.REALM.NAME
+
+The key type is necessary because zephyr uses an older version of Kerberos
+that used only single-DES. Now run ktutil:
+
+rkt /tmp/keytab
+wst /etc/zephyr/srvtab
+q
+
+You now want to make sure that the /tmp/keytab file is written-over and
+removed. Fortunately, you have Kerberos, you have kdestroy.
+
+env KRB5CCNAME=/tmp/keytab kdestroy
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-06 22:42:24 +0000