Subject: Kerberos V and xdm
To: None <netbsd-users@netbsd.org, heimdal-discuss@sics.se>
From: David S. <davids@idiom.com>
List: netbsd-users
Date: 09/25/2001 11:12:59
I've modified 'xdm' to authenticate against Kerberos V and issue tickets.
I've got two versions, one built from 'xdm' in XFree86 3.3.6 and tested
against Heimdal 0.3e on NetBSD 1.5.1, and the other from XFree86 4.1.0
tested against Heimdal 0.4d on Slackware Linux 8.0. (The changes I made
are the same for both, but the versions of 'xdm' are slightly different.)
Both versions require Heimdal Kerberos; I'm still working on an MIT
version. Available at
ftp://idiom.com/users/davids/xdm.3.3.6-krb5.tar.bz2
ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2
In operation, the program will first try to authenticate a user against
the Unix password database. Failing that, it tries Kerberos, and, with
success there, will issue tickets. There's no way to set a different
authentication policy via command line arguments or configuration files,
in the manner of PAM. However, if anyone would like such facilities,
I'm open to suggestions.
To build the program, edit the the fields "KRB5_INCLUDE" and "KRB5_LIBS"
in 'Imakefile' and 'greeter/Imakefile' to reflect the location of your
Kerberos installation. Then try
xmkmf -a
make
make install
It will install in whatever 'xmkmf' thinks is your X directory, probably
something like '/usr/X11R6'. If you don't want it there, skip the "make
install" step and copy the executable by hand to wherever you want it to
go.
I tried to make this program a proper NetBSD package, but got stuck trying
to get it to install under '/usr/pkg' - or whatever $LOCALBASE is - rather
than '/usr/X11R6'. If anyone can offer any guidance, I'd be grateful.
Questions, comments, and criticisms welcomed.
David Simas
davids@idiom.com