--- /dev/null
+debian/files
+debian/libpam-krb5-migrate-heimdal
+debian/libpam-krb5-migrate-heimdal.substvars
--- /dev/null
+pam-krb5-migrate for Debian
+---------------------------
+This package has been built with support for accessing the Kerberos
+administration over the network.
+
+SETTING UP THE PAM_KRB5_MIGRATE MODULE
+
+If you do not already have a KDC, you will need to set up a Kerberos
+database for your realm. See the Kerberos V5 Installation Guide for
+details.
+
+If you will be updating against a live database from a machine other than
+the KDC, or if you intend to run the migration module on more than one
+machine at a time, you will need to use kadmin (or kadmin.local) to create
+a special Kerberos principal called pam_migrate/<hostname>, where
+<hostname> is the full domain name (FQDN) of the host where you're
+deploying the pam module.
+
+% kadmin
+Authenticating as principal admin/admin@REALM with password.
+kadmin.local: add --use-defaults -r pam_migrate/hostname@REALM
+WARNING: no policy specified for pam_migrate/hostname@REALM; defaulting to no policy
+Principal "pam_migrate/hostname@REALM" created.
+
+Then extract the key for this principal to a keytab for use on the host:
+
+kadmin.local: ext -k /var/kerberos/krb5kdc/hostname.keytab pam_migrate/hostname
+Entry for principal pam_migrate/hostname with kvno 4, encryption type DES cbc mode with CRC-32 added to keytab
+WRFILE:/var/kerberos/krb5kdc/hostname.keytab.
+Entry for principal pam_migrate/hostname with kvno 4, encryption type Triple DES cbc mode raw added to keytab
+WRFILE:/var/kerberos/krb5kdc/hostname.keytab.
+
+
+This principal should *only* have permission to add principals to the
+database and should have no other permissions. To give the principal
+permission to add to the database, add this line to the top of your
+kadmind.acl file:
+
+pam_migrate/hostname@REALM add
+
+You can also give all principals of the form pam_migrate/<hostname>
+permission to add by using the line
+
+pam_migrate/*@REALM add
+
+You will then need to copy your new keytab (securely!) to the appropriate
+machine and install it as /etc/security/pam_krb5.keytab. Like all
+keytabs, this file should be readable only by root and should be treated
+with the utmost care when transferring it to the destination host.
+*Anyone with access to this keytab will be able to create new Kerberos
+principals in your realm.*
--- /dev/null
+libpam-krb5-migrate-heimdal (0.0.5-1) unstable; urgency=low
+
+ * Initial release.
+
+ -- Jelmer Vernooij <jelmer@samba.org> Sat, 11 Nov 2006 13:58:49 +0100
--- /dev/null
+Source: libpam-krb5-migrate-heimdal
+Section: net
+Priority: optional
+Maintainer: Jelmer Vernooij <jelmer@samba.org>
+Standards-Version: 3.7.2.0
+Build-Depends: debhelper (>= 5.0.2), heimdal-dev (>= 0.3e-1), libpam0g-dev
+
+Package: libpam-krb5-migrate-heimdal
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: PAM module for migrating to Kerberos
+ A stackable authentication module that takes a username and password from an
+ earlier module in the stack and attempts to transparently add the user to a
+ Kerberos realm using the Kerberos 5 kadmin service. The module can be used to
+ ease the administrative burdens of migrating a large installed userbase from
+ pre-existing authentication methods to a Kerberos-based setup.
+ .
+ This package allows updating the database of a remote Heimdal server.
--- /dev/null
+This package was Debianized by Jelmer Vernooij <jelmer@samba.org>
+on Sat Nov 11 14:01:19 CET 2006.
+
+The upstream source was downloaded from ftp://ftp.netexpress.net/pub/pam/pam_krb5_migrate.tgz
+
+Copyright (c) Steve Langasek <vorlon@netexpress.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+The GPL is available on Debian systems in /usr/share/common-licenses/GPL.
--- /dev/null
+lib/security
+usr/share/man/man5
--- /dev/null
+pam_krb5_migrate.so lib/security/
--- /dev/null
+#!/usr/bin/make -f
+# Based loosely on debian/rules from libpam-heimdal
+export DH_COMPAT=5
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+ $(MAKE) CFLAGS=-fPIC
+ touch build-stamp
+
+clean: clean1
+clean1:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+ [ ! -f Makefile ] || $(MAKE) distclean
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+ dh_install
+
+binary-indep: build install
+
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installdocs README
+ dh_installchangelogs CHANGELOG
+ dh_installman pam_krb5_migrate.5
+ dh_installexamples login.pam
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
git.samba.org / jelmer / pam-krb5-migrate.git / commitdiff