1 files changed, 0 insertions, 247 deletions
diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi
deleted file mode 100644
index a43eb7e81e36..000000000000
--- a/crypto/heimdal/doc/setup.texi
+++ /dev/null
@@ -1,247 +0,0 @@
-@node Setting up a realm, Things in search for a better place, Building and Installing, Top
-@chapter Setting up a realm
-
-A
-@cindex realm
-realm is an administrative domain.  The name of a Kerberos realm is
-usually the Internet domain name in uppercase.  Call your realm the same
-as your Internet domain name if you do not have strong reasons for not
-doing so.  It will make life easier for you and everyone else.
-
-@section Configuration file
-
-To setup a realm you will first have to create a configuration file:
-@file{/etc/krb5.conf}. The @file{krb5.conf} file can contain many
-configuration options, some of which are described here.
-
-There is a sample @file{krb5.conf} supplied with the distribution.
-
-The configuration file is a hierarchical structure consisting of
-sections, each containing a list of bindings (either variable
-assignments or subsections). A section starts with
-@samp{[section-name]}.  A binding consists of a left hand side, an equal
-(@samp{=}) and a right hand side (the left hand side tag must be
-separated from the equal with some whitespace.) Subsections has a
-@samp{@{} as the first non-whitespace character after the equal. All
-other bindings are treated as variable assignments. The value of a
-variable extends to the end of the line.
-
-@example
-[section1]
-        a-subsection = @{
-                var = value1
-                other-var = value with @{@}
-                sub-sub-section = @{ 
-                        var = 123
-                @}
-        @}
-        var = some other value
-[section2]
-        var = yet another value
-@end example
-
-In this manual, names of sections and bindings will be given as strings
-separated by slashes (@samp{/}). The @samp{other-var} variable will thus
-be @samp{section1/a-subsection/other-var}.
-
-For in-depth information about the contents of the config file, refer to
-the @file{krb5.conf} manual page. Some of the more important sections
-are briefly described here.
-
-The @samp{libdefaults} section contains a list of library configuration
-parameters, such as the default realm and the timeout for kdc
-responses. The @samp{realms} section contains information about specific
-realms, such as where they hide their KDC. This section serves the same
-purpose as the Kerberos 4 @file{krb.conf} file, but can contain more
-information. Finally the @samp{domain_realm} section contains a list of
-mappings from domains to realms, equivalent to the Kerberos 4
-@file{krb.realms} file.
-
-To continue with the realm setup, you will have to create a config file,
-with contents similar to the following.
-
-@example
-[libdefaults]
-        default_realm = MY.REALM
-[realms]
-        MY.REALM = @{
-                kdc = my.kdc
-        @}
-[domain_realm]
-        .my.domain = MY.REALM
-
-@end example
-
-If you use a realm name equal to your domain name, you can omit the
-@samp{libdefaults}, and @samp{domain_realm}, sections. If you have a
-SRV-record for your realm, or your kerberos server has CNAME called
-@samp{kerberos.my.realm}, you can omit the @samp{realms} section too.
-
-@section Creating the database
-
-The database library will look for the database in @file{/var/heimdal},
-so you should probably create that directory.
-
-The keys of all the principals are stored in the database.  If you
-choose to, these can be encrypted with a master key.  You do not have to
-remember this key (or password), but just to enter it once and it will
-be stored in a file (@file{/var/heimdal/m-key}).  If you want to have a
-master key, run @samp{kstash} to create this master key:
-
-@example
-# kstash
-Master key: 
-Verifying password - Master key: 
-@end example
-
-To initialise the database use the @code{kadmin} program, with the
-@samp{-l} option (to enable local database mode). First issue a
-@kbd{init MY.REALM} command. This will create the database and insert
-default principals for that realm. You can have more than one realm in
-one database, so @samp{init} does not destroy any old database.
-
-Before creating the database, @samp{init} will ask you some questions
-about max ticket lifetimes.
-
-After creating the database you should probably add yourself to it. You
-do this with the @samp{add} command. It takes as argument the name of a
-principal. The principal should contain a realm, so if you haven't setup
-a default realm, you will need to explicitly include the realm.
-
-@example
-# kadmin -l
-kadmin> init MY.REALM
-Realm max ticket life [unlimited]:
-Realm max renewable ticket life [unlimited]:
-kadmin> add me  
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-Password: 
-Verifying password - Password: 
-@end example
-
-Now start the KDC and try getting a ticket.
-
-@example
-# kdc &
-# kinit me
-me@@MY.REALMS's Password:
-# klist
-Credentials cache: /tmp/krb5cc_0
-        Principal: me@@MY.REALM
-
-  Issued           Expires          Principal
-Aug 25 07:25:55  Aug 25 17:25:55  krbtgt/MY.REALM@@MY.REALM
-@end example
-
-If you are curious you can use the @samp{dump} command to list all the
-entries in the database.  It should look something similar to the
-following example (note that the entries here are truncated for
-typographical reasons):
-
-@smallexample
-kadmin> dump
-me@@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
-kadmin/admin@@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
-krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
-kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
-@end smallexample
-
-@section keytabs
-
-To extract a service ticket from the database and put it in a keytab you
-need to first create the principal in the database with @samp{ank}
-(using the @kbd{--random} flag to get a random password) and then
-extract it with @samp{ext_keytab}.
-
-@example
-kadmin> add --random host/my.host.name
-Max ticket life [unlimited]:
-Max renewable life [unlimited]:
-Attributes []:
-kadmin> ext host/my.host.name
-# ktutil list
-Version  Type             Principal
-     1   des-cbc-md5      host/my.host.name@@MY.REALM
-     1   des-cbc-md4      host/my.host.name@@MY.REALM
-     1   des-cbc-crc      host/my.host.name@@MY.REALM
-     1   des3-cbc-sha1    host/my.host.name@@MY.REALM
-@end example
-
-@section Remote administration
-
-The administration server, @samp{kadmind}, is started by @samp{inetd}
-and you should add a line similar to the one below to your
-@file{/etc/inetd.conf}.
-
-@example
-kerberos-adm stream     tcp     nowait  root /usr/heimdal/libexec/kadmind kadmind
-@end example
-
-You might need to add @samp{kerberos-adm} to your @file{/etc/services}
-as 749/tcp.
-
-Access to the admin server is controlled by an acl-file, (default
-@file{/var/heimdal/kadmind.acl}.) The lines in the access file, has the
-following syntax:
-@smallexample
-principal       [priv1,priv2,...]
-@end smallexample
-
-The privileges you can assign to a principal are: @samp{add},
-@samp{change-password} (or @samp{cpw} for short), @samp{delete},
-@samp{get}, @samp{list}, and @samp{modify}, or the special privilege
-@samp{all}. All of these roughly corresponds to the different commands
-in @samp{kadmin}.
-
-@section Password changing
-
-To allow users to change their passwords, you should run @samp{kpasswdd}.
-It is not run from @samp{inetd}.
-
-You might need to add @samp{kpasswd} to your @file{/etc/services} as
-464/udp.
-
-@subsection Password quality assurance
-
-It is important that users have good passwords, both to make it harder
-to guess them and to avoid off-line attacks (pre-authentication provides
-some defense against off-line attacks).  To ensure that the users choose
-good passwords, you can enable password quality controls in
-@samp{kpasswdd}.  The controls themselves are done in a shared library
-that is used by @samp{kpasswdd}.  To configure in these controls, add
-lines similar to the following to your @file{/etc/krb5.conf}:
-
-@example
-[password_quality]
-        check_library = @var{library}
-        check_function = @var{function}
-@end example
-
-The function @var{function} in the shared library @var{library} will be
-called for proposed new passwords.  The function should be declared as:
-
-@example
-const char *
-function(krb5_context context, krb5_principal principal, krb5_data *pwd);
-@end example
-
-The function should verify that @var{pwd} is a good password for
-@var{principal} and if so return @code{NULL}.  If it is deemed to be of
-low quality, it should return a string explaining why that password
-should not be used.
-
-Code for a password quality checking function that uses the cracklib
-library can be found in @file{kpasswd/sample_password_check.c} in the
-source code distribution.  It requires the cracklib library built with
-the patch available at
-@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
-
-If no password quality checking function is configured, it is only
-verified that it is at least six characters of length.
-
-@section Testing clients and servers
-
-Now you should be able to run all the clients and servers.  Refer to the
-appropriate man pages for information on how to use them.