Fix POD syntax errors in kftgt man page

[kerberos/kftgt.git] / README

                            kftgt release 1.14
                     (Kerberos v4 ticket forwarding)

          Originally written by Roland Schemers and Booker Bense
         Currently maintained by Russ Allbery <rra@stanford.edu>

  Copyright 1994, 1996, 1997, 1999, 2001, 2002, 2003, 2005, 2006, 2007
  Board of Trustees, Leland Stanford Jr. University.  This software is
  distributed under a BSD-style license.  Please see the file LICENSE for
  terms of use and redistribution.

DESCRIPTION

  This package includes a client and daemon to forward and accept
  forwarded Kerberos v4 tickets, for remote login support in Kerberos v4
  environments.  It also contains Perl wrappers around rsh, rlogin, and
  telnet to forward tickets before connecting to the remote system.  This
  package is largely obsoleted by Kerberos v5 and its built-in ticket
  forwarding support, but may still be useful for sites running AFS
  kaserver and using Kerberos v4 tickets for AFS access.

  This package is largely frozen, and no significant additional
  development is anticipated.  Stanford is migrating to a pure Kerberos v5
  environment, after which this software will be dropped.  It is currently
  supported solely for compatibility with our existing infrastructure
  while we make that migration.

  Note that forwarding of Kerberos v4 tickets is likely to only work with
  the AFS kaserver as the Kerberos v4 KDC and probably will not work with
  other Kerberos v4 KDCs.

REQUIREMENTS

  As a Kerberos program, kftgt requires Kerberos v4 libraries to link
  against.  It has been tested only with the MIT Kerberos v4 compatibility
  libraries from the Kerberos v5 distribution, but likely will also build
  against the KTH Kerberos v4 libraries.

  The krsh and klogin wrappers require Perl 5.004 or later.  krsh also
  expects to find aklog, kdestroy, and unlog on the user's path, the first
  to obtain AFS tokens from a Kerberos v4 ticket.  You may need to change
  krsh if your aklog is spelled afslog.

  As mentioned above, ticket forwarding will likely only work if your
  Kerberos v4 KDC is the AFS kaserver.

INSTALLATION

  The best way to build kftgt/kftgtd is to do something like (assuming
  your make program understands VPATH):

      mkdir sun4x_58    # (for example)
      cd sun4x_58
      ../configure
      make
      make install

  You'll probably have to specify some options to configure. By default
  things gets installed using the prefix /usr/local (in other words, kftgt
  is placed in /usr/local/bin, kftgtd in /usr/local/sbin, and so on).

  To change the prefix use the --prefix option:

      ../configure --prefix=/opt/kerberos

  If your kerberos libraries and includes aren't in /usr/local/include and
  /usr/local/lib (or some other include directory and library directory
  searched by default by your compiler), then you need to also specify
  --with-kerberos=path:

      ../configure --prefix=/opt/kerberos --with-kerberos=/usr/pubsw

  To specify a particular krb5-config script to use, either set the
  KRB5_CONFIG environment variable or pass it to configure like:

      ./configure KRB5_CONFIG=/path/to/krb5-config

  You may also need to change the path to Perl on the first line of the
  klogin and krsh scripts.

  kftgtd is started from inetd so you need to add an entry to inetd.conf:

      kftgtd stream  tcp  nowait  root  /usr/local/sbin/kftgtd kftgtd

  And an entry in /etc/services like:

      kftgt  2109/tcp  kftgtd  # K4 TGT forwarding service

  If you change the service port you should also change it in kftgt.h and
  rebuild kftgt.  It uses the value in kftgt.h in case it can't find it in
  /etc/services.

  You can pass the --enable-reduced-depends flag to configure to try to
  minimize the shared library dependencies encoded in the binaries.  This
  omits from the link line all the libraries included solely because the
  Kerberos libraries depend on them and instead links the programs only
  against libraries whose APIs are called directly.  This will only work
  with shared Kerberos libraries and will only work on platforms where
  shared libraries properly encode their own dependencies (such as Linux).
  It is intended primarily for building packages for Linux distributions
  to avoid encoding unnecessary shared library dependencies that make
  shared library migrations more difficult.  If none of the above made any
  sense to you, don't bother with this flag.

PORTING

  kftgt should compile cleanly on most systems.  I've tested it on the
  following platforms:

      Digital UNIX 4.0F
      Linux (glibc 2.1, 2.2, and 2.3)
      HP-UX 11.00
      AIX 4.3
      IRIX 6.5
      Solaris 2.6 and 8

  but it should work on any Unix system on which MIT Kerberos will
  compile.

FUTURE WORK

  I didn't want to complicate things too much so I didn't worry much about
  multiple realms (we only have one) or being able to forward a TGT that
  is different then the one you have.  A simple wrapper could handle the
  second one (set KRBTKFILE to a temp variable, kinit, then run kftgt,
  followed by kdestroy).

  No significant development is planned on this package.  Users are
  encouraged to migrate to a pure Kerberos v5 environment as soon as they
  can for improved security and functionality.  This package is basically
  a hack to duplicate functionality that is handled better and more
  securely by Kerberos v5.

  Please send any comments or bugs to rra@stanford.edu.