Chapter 14, Security, Kerberos V (admin_server).

Tillman Hodgson tillman at seekingfire.com
Fri Oct 22 19:04:15 UTC 2004 

On Fri, Oct 22, 2004 at 02:04:56PM +0100, Lewis Thompson wrote:
> Hi,
> 
> I just got bitten by not having admin_server in my krb5.conf file.

Oh, hey, another Kerberos user. Hi!

> This is not mentioned at all in the handbook and is surprisingly hard
> to track down (maybe I was looking at the wrong logs ;).  An addition
> explaining what admin_server does would be very welcome.

I've been thinking about updating that section recently. I haven't been
keeping it up-to-date with the rcNG changes and so forth, made
especially difficult because my KDC is MIT and not the base Heimdal and
so my /etc/rc.conf issues are different than default. I'd also like to
provide more rc.conf info in general, PAM info, more security info,
disconnecteed network scenario info, sample setups, stuff like that ...

>   If you guys are all busy now I am willing to provide a line or two
> myself.  Just let me know.

... not that should stop you. First man to the post and all that *grin*.

A docbook and "process" mentor (best way to work on the doc private
privately, etc) would be great ... I'd like to contribute more to the
handbook (and other guides), but my brain has LaTeX stamped onto it and
so I could use a hand ;-)

I have some older public documents generated for various user group
presentations and technical college classes I've taught up at
http://www.seekingfire.com/documents/, if anyone is interested in taking
a peek. I love writing, I love FreeBSD, and I'd love to contribute
more.  I'm short of copious spare time and docbook knowledge. I've read
the stuff at http://www.freebsd.org/docproj/index.html before, but
that's not the same as seeing how other people who do this daily go
about it -- they've already worn the sharp edges off.

On a different topic, a minor pet peeve: try a `man -a ftpd` on a
Kerberized (with MIT) system some day. There's three ftpds, each with
slightly different options available (`-a otp` is notable) ... and it's
*not* easy to distinguish which man page corresponds to which ftpd.
Gah.  This has been me too many times to count. Any suggestions on a
clean way to handle situations like this?

-T


-- 
I think it only makes sense to seek out and identify structures of authority,
hierarchy, and domination in every aspect of life, and to challenge them;
unless a justification for them can be given, they are illegitimate, and
should be dismantled, to increase the scope of human freedom.
    -- Noam Chomsky (Red and Black Revolution, 1996)

More information about the freebsd-doc mailing list