1 diff -urbB heimdal-0.7/configure.ac heimdal-0.7.org/configure.ac
2 --- heimdal-0.7/configure.ac 2005-06-16 18:29:14.000000000 +0200
3 +++ heimdal-0.7.org/configure.ac 2005-07-03 18:58:54.158074120 +0200
5 AC_PREFIX_DEFAULT(/usr/heimdal)
7 test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
8 -test "$localstatedir" = '${prefix}/var' && localstatedir='/var/heimdal'
9 +test "$localstatedir" = '${prefix}/var' && localstatedir='/var/lib'
13 --- heimdal-1.1/doc/setup.texi.orig 2008-01-24 14:11:44.000000000 +0100
14 +++ heimdal-1.1/doc/setup.texi 2008-03-09 19:11:01.901155461 +0100
16 Make sure the directory has restrictive permissions.
20 +# mkdir /var/lib/heimdal
23 The keys of all the principals are stored in the database. If you
24 choose to, these can be encrypted with a master key. You do not have to
25 remember this key (or password), but just to enter it once and it will
26 -be stored in a file (@file{/var/heimdal/m-key}). If you want to have a
27 +be stored in a file (@file{/var/lib/heimdal/m-key}). If you want to have a
28 master key, run @samp{kstash} to create this master key:
32 one below to your @file{/etc/inetd.conf}.
35 -kerberos-adm stream tcp nowait root /usr/heimdal/libexec/kadmind kadmind
36 +kerberos-adm stream tcp nowait root /usr/sbin/kadmind kadmind
39 You might need to add @samp{kerberos-adm} to your @file{/etc/services}
42 Access to the administration server is controlled by an ACL file,
43 -(default @file{/var/heimdal/kadmind.acl}.) The file has the following
44 +(default @file{/var/lib/heimdal/kadmind.acl}.) The file has the following
47 principal [priv1,priv2,...] [glob-pattern]
51 slave# ktutil get -p foo/admin hprop/`hostname`
52 -slave# mkdir /var/heimdal
53 +slave# mkdir /var/lib/heimdal
58 The program that runs on the master is @command{ipropd-master} and all
59 clients run @command{ipropd-slave}.
61 -Create the file @file{/var/heimdal/slaves} on the master containing all
62 +Create the file @file{/var/lib/heimdal/slaves} on the master containing all
63 the slaves that the database should be propagated to. Each line contains
64 the full name of the principal (for example
65 @samp{iprop/hemligare.foo.se@@FOO.SE}).
70 -master# /usr/heimdal/sbin/ktutil get iprop/`hostname`
71 +master# /usr/sbin/ktutil get iprop/`hostname`
75 -slave# /usr/heimdal/sbin/ktutil get iprop/`hostname`
76 +slave# /usr/sbin/ktutil get iprop/`hostname`
80 The next step is to start the @command{ipropd-master} process on the master
81 server. The @command{ipropd-master} listens on the UNIX domain socket
82 -@file{/var/heimdal/signal} to know when changes have been made to the
83 +@file{/var/lib/heimdal/signal} to know when changes have been made to the
84 database so they can be propagated to the slaves. There is also a
85 safety feature of testing the version number regularly (every 30
86 seconds) to see if it has been modified by some means that do not raise
87 this signal. Then, start @command{ipropd-slave} on all the slaves:
90 -master# /usr/heimdal/libexec/ipropd-master &
91 -slave# /usr/heimdal/libexec/ipropd-slave master &
92 +master# /usr/sbin/ipropd-master &
93 +slave# /usr/sbin/ipropd-slave master &
96 To manage the iprop log file you should use the @command{iprop-log}
98 Note that the file name is space sensitive.
101 -# cat /var/heimdal/pki-mapping
102 +# cat /var/lib/heimdal/pki-mapping
103 # comments starts with #
104 lha@@EXAMPLE.ORG:C=SE,O=Stockholm universitet,CN=Love,UID=lha
105 lha@@EXAMPLE.ORG:CN=Love,UID=lha
106 diff -urbB heimdal-0.7/kadmin/kadmind.8 heimdal-0.7.org/kadmin/kadmind.8
107 --- heimdal-0.7/kadmin/kadmind.8 2005-06-16 18:27:56.000000000 +0200
108 +++ heimdal-0.7.org/kadmin/kadmind.8 2005-07-03 18:58:54.160073816 +0200
110 Principals are always allowed to change their own password and list
111 their own principal. Apart from that, doing any operation requires
112 permission explicitly added in the ACL file
113 -.Pa /var/heimdal/kadmind.acl .
114 +.Pa /var/lib/heimdal/kadmind.acl .
115 The format of this file is:
122 -.Pa /var/heimdal/kadmind.acl
123 +.Pa /var/lib/heimdal/kadmind.acl
127 diff -urbB heimdal-0.7/kdc/kdc.8 heimdal-0.7.org/kdc/kdc.8
128 --- heimdal-0.7/kdc/kdc.8 2005-06-16 18:27:58.000000000 +0200
129 +++ heimdal-0.7.org/kdc/kdc.8 2005-07-03 18:58:54.161073664 +0200
131 .Fl -config-file= Ns Ar file
133 Specifies the location of the config file, the default is
134 -.Pa /var/heimdal/kdc.conf .
135 +.Pa /var/lib/heimdal/kdc.conf .
136 This is the only value that can't be specified in the config file.
139 diff -urbB heimdal-0.7/lib/krb5/krb5.conf.5 heimdal-0.7.org/lib/krb5/krb5.conf.5
140 --- heimdal-0.7/lib/krb5/krb5.conf.5 2005-06-16 18:28:09.000000000 +0200
141 +++ heimdal-0.7.org/lib/krb5/krb5.conf.5 2005-07-03 18:58:54.162073512 +0200
143 default_domain = foo.se
146 - kdc = FILE:/var/heimdal/kdc.log
147 + kdc = FILE:/var/lib/heimdal/kdc.log
149 default = SYSLOG:INFO:USER
151 diff -urbB heimdal-0.7/lib/krb5/krb5.conf.cat5 heimdal-0.7.org/lib/krb5/krb5.conf.cat5
152 --- heimdal-0.7/lib/krb5/krb5.conf.cat5 2005-06-16 18:33:58.000000000 +0200
153 +++ heimdal-0.7.org/lib/krb5/krb5.conf.cat5 2005-07-03 18:58:54.163073360 +0200
155 default_domain = foo.se
158 - kdc = FILE:/var/heimdal/kdc.log
159 + kdc = FILE:/var/lib/heimdal/kdc.log
161 default = SYSLOG:INFO:USER