home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.qualcomm.com
/
2014.06.ftp.qualcomm.com.tar
/
ftp.qualcomm.com
/
eudora
/
eudorapro
/
windows
/
extras
/
kerberos
/
readme.txt
< prev
Wrap
Text File
|
1997-03-26
|
4KB
|
93 lines
1.0 Installing the WinSock version of MIT's Windows Kerberos
If you already have the MIT or University of Michigan Windows Kerberos
installed, just copy KClient.dll into the directory where containing
Windows Kerberos.
If you need to install Windows Kerberos and KClient.dll, here are some
setup details. The example below is for MIT's Windows Kerberos.
1) Create the directory c:\net\kerb and copy in the following files:
o krbv4win.dll
o kclient.dll
o krb.con
o kerbmem.exe (optional)
2) Add c:\net\kerb to the path. For information on using a directory
other than c:\net\kerb, see the section Customizing your installation.
3) Edit the text file krb.con. The krb.con file used at Cornell is
supplied as a template. Before editing, krb.con will look like this:
CIT.CORNELL.EDU
CIT.CORNELL.EDU kerberos.cit.cornell.edu
On the first line, replace CIT.CORNELL.EDU with your Kerberos realm. On
the second line, again replace CIT.CORNELL.EDU with your Kerberos realm,
and replace kerberos.cit.cornell.edu with the host name of your Kerberos
server. Watch out, the realm entry is case sensitive. For example, if
your Kerberos realm is MST.EDU and your Kerberos server is
tomservo.mst.edu, your krb.con file would look like:
MST.EDU
MST.EDU tomservo.mst.edu
4) The following line needs appear in the services file used by your
Windows Sockets stack. Services is usually located in the directory in
which your stack resides. Although some stacks, like LAN Workplace,
keep the services file in a related subdirectory.
kerberos 750/udp kerberos # kerberos UDP
5) The Date and Time on the machine running Microsoft Windows will need
to be "accurately" set. If the date or time is off "too far", Kerberos
authentication will not work. Both the Kerberos server and the Kerberos
client depend on having clocks that are synchronized within a certain margin.
Storing tickets - file or memory? The choice is yours.
Previous versions of MIT's Windows Kerberos required a small memory
resident (TSR) program, kerbmem.exe, be run prior to starting Windows.
This set aside a small chunk of memory in DOS in which to store Kerberos
tickets. Kerbmem.exe is now optional, and as an alternative, Windows
Kerberos can store tickets in a file on disk.
There is some controversy over storing Kerberos tickets on disk for
microcomputer operating systems like Windows, OS/2, and Macintosh. If
stroring Kerberos tickets on disk gives you the heebie-jeebies, go with
kerbmem.exe. If running yet another DOS TSR gives you the heebie-jeebies,
go with tickets on disk.
If kerbmem.exe is not loaded, Windows Kerberos will store tickets in a
file on disk. You can specify the name of the ticket file and the
directory in which it is stored via the environment variable KRBTKFILE.
For example, to store your tickets in a file called ticket.krb in the
directory c:\net\kerb, use the follwing statement:
set KRBTKFILE= c:\net\kerb\ticket.krb
If the environment variable KRBTKFILE is not used, the default value
c:\tmp\ticket.krb will be used. That is, tickets will be stored in the
file ticket.krb in c:\tmp; which means you'll have to make sure the
directory c:\tmp exists, or Windows Kerberos will report an error.
Customizing your installation.
The previous installation example suggested using the path c:\net\kerb.
Actaully, the files krbv4win.dll and kclient.dll can go anywhere on your
path. However, the file krb.con does have to go into a specific directory
named kerb. In a somewhat odd way, you do have control over where the
kerb directory lives. The environment variable NDIR can specify the drive
and directory under which the kerb directory can live. For example:
set NDIR=d:\mandarin
means that Windows Kerberos will look for the settings file krb.con in
d:\mandarin\kerb. Disclaimer: this is an MIT convention. If the
environment variable NDIR is not used, the path c:\net\kerb is used by default.