%% Generated by Sphinx.
\def\sphinxdocclass{report}
\documentclass[letterpaper,10pt,english]{sphinxmanual}
\ifdefined\pdfpxdimen
   \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen
\fi \sphinxpxdimen=.75bp\relax

\usepackage[utf8]{inputenc}
\ifdefined\DeclareUnicodeCharacter
 \ifdefined\DeclareUnicodeCharacterAsOptional
  \DeclareUnicodeCharacter{"00A0}{\nobreakspace}
  \DeclareUnicodeCharacter{"2500}{\sphinxunichar{2500}}
  \DeclareUnicodeCharacter{"2502}{\sphinxunichar{2502}}
  \DeclareUnicodeCharacter{"2514}{\sphinxunichar{2514}}
  \DeclareUnicodeCharacter{"251C}{\sphinxunichar{251C}}
  \DeclareUnicodeCharacter{"2572}{\textbackslash}
 \else
  \DeclareUnicodeCharacter{00A0}{\nobreakspace}
  \DeclareUnicodeCharacter{2500}{\sphinxunichar{2500}}
  \DeclareUnicodeCharacter{2502}{\sphinxunichar{2502}}
  \DeclareUnicodeCharacter{2514}{\sphinxunichar{2514}}
  \DeclareUnicodeCharacter{251C}{\sphinxunichar{251C}}
  \DeclareUnicodeCharacter{2572}{\textbackslash}
 \fi
\fi
\usepackage{cmap}
\usepackage[T1]{fontenc}
\usepackage{amsmath,amssymb,amstext}
\usepackage{babel}
\usepackage{times}
\usepackage[Bjarne]{fncychap}
\usepackage[dontkeepoldnames]{sphinx}

\usepackage{geometry}

% Include hyperref last.
\usepackage{hyperref}
% Fix anchor placement for figures with captions.
\usepackage{hypcap}% it must be loaded after hyperref.
% Set up styles of URL: it should be placed after hyperref.
\urlstyle{same}

\addto\captionsenglish{\renewcommand{\figurename}{Fig.}}
\addto\captionsenglish{\renewcommand{\tablename}{Table}}
\addto\captionsenglish{\renewcommand{\literalblockname}{Listing}}

\addto\captionsenglish{\renewcommand{\literalblockcontinuedname}{continued from previous page}}
\addto\captionsenglish{\renewcommand{\literalblockcontinuesname}{continues on next page}}

\addto\extrasenglish{\def\pageautorefname{page}}

\setcounter{tocdepth}{0}



\title{Building MIT Kerberos}
\date{ }
\release{1.18.2}
\author{MIT}
\newcommand{\sphinxlogo}{\vbox{}}
\renewcommand{\releasename}{Release}
\makeindex

\begin{document}

\maketitle
\sphinxtableofcontents
\phantomsection\label{\detokenize{build/index::doc}}


This section details how to build and install MIT Kerberos software
from the source.


\chapter{Prerequisites}
\label{\detokenize{build/index:building-kerberos-v5}}\label{\detokenize{build/index:prerequisites}}\label{\detokenize{build/index:build-v5}}
In order to build Kerberos V5, you will need approximately 60-70
megabytes of disk space.  The exact amount will vary depending on the
platform and whether the distribution is compiled with debugging
symbol tables or not.

Your C compiler must conform to ANSI C (ISO/IEC 9899:1990, “c89”).
Some operating systems do not have an ANSI C compiler, or their
default compiler requires extra command-line options to enable ANSI C
conformance.

If you wish to keep a separate build tree, which contains the compiled
*.o file and executables, separate from your source tree, you will
need a make program which supports \sphinxstylestrong{VPATH}, or you will need to use
a tool such as lndir to produce a symbolic link tree for your build
tree.


\chapter{Obtaining the software}
\label{\detokenize{build/index:obtaining-the-software}}
The source code can be obtained from MIT Kerberos Distribution page,
at \sphinxurl{https://kerberos.org/dist/index.html}.
The MIT Kerberos distribution comes in an archive file, generally
named krb5-VERSION-signed.tar, where \sphinxstyleemphasis{VERSION} is a placeholder for
the major and minor versions of MIT Kerberos.  (For example, MIT
Kerberos 1.9 has major version “1” and minor version “9”.)

The krb5-VERSION-signed.tar contains a compressed tar file consisting
of the sources for all of Kerberos (generally named
krb5-VERSION.tar.gz) and a PGP signature file for this source tree
(generally named krb5-VERSION.tar.gz.asc).  MIT highly recommends that
you verify the integrity of the source code using this signature,
e.g., by running:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{tar} \PYG{n}{xf} \PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{VERSION}\PYG{o}{\PYGZhy{}}\PYG{n}{signed}\PYG{o}{.}\PYG{n}{tar}
\PYG{n}{gpg} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{n}{verify} \PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{VERSION}\PYG{o}{.}\PYG{n}{tar}\PYG{o}{.}\PYG{n}{gz}\PYG{o}{.}\PYG{n}{asc}
\end{sphinxVerbatim}

Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume
that you have chosen the top directory of the distribution the directory
\sphinxcode{/u1/krb5-VERSION}.

Review the README file for the license, copyright and other sprecific to the
distribution information.


\chapter{Contents}
\label{\detokenize{build/index:contents}}

\section{Organization of the source directory}
\label{\detokenize{build/directory_org::doc}}\label{\detokenize{build/directory_org:organization-of-the-source-directory}}
Below is a brief overview of the organization of the complete source
directory.  More detailed descriptions follow.


\begin{savenotes}\sphinxattablestart
\centering
\begin{tabulary}{\linewidth}[t]{|T|T|}
\hline

appl
&
Kerberos application client and server programs
\\
\hline
ccapi
&
Credential cache services
\\
\hline
clients
&
Kerberos V5 user programs (See \DUrole{xref,std,std-ref}{user\_commands})
\\
\hline
config
&
Configure scripts
\\
\hline
config-files
&
Sample Kerberos configuration files
\\
\hline
include
&
include files needed to build the Kerberos system
\\
\hline
kadmin
&
Administrative interface to the Kerberos master database: \DUrole{xref,std,std-ref}{kadmin(1)}, \DUrole{xref,std,std-ref}{kdb5\_util(8)}, \DUrole{xref,std,std-ref}{ktutil(1)}.
\\
\hline
kdc
&
Kerberos V5 Authentication Service and Key Distribution Center
\\
\hline
{\hyperref[\detokenize{build/directory_org:lib}]{\sphinxcrossref{lib}}}
&
Libraries for use with/by Kerberos V5
\\
\hline
plugins
&
Kerberos plugins directory
\\
\hline
po
&
Localization infrastructure
\\
\hline
prototype
&
Templates files containing the MIT copyright message and a placeholder for the title and description of the file.
\\
\hline
kprop
&
Utilities for propagating the database to replica KDCs \DUrole{xref,std,std-ref}{kprop(8)} and \DUrole{xref,std,std-ref}{kpropd(8)}
\\
\hline
tests
&
Test suite
\\
\hline
{\hyperref[\detokenize{build/directory_org:util}]{\sphinxcrossref{util}}}
&
Various utilities for building/configuring the code, sending bug reports, etc.
\\
\hline
windows
&
Source code for building Kerberos V5 on Windows (see windows/README)
\\
\hline
\end{tabulary}
\par
\sphinxattableend\end{savenotes}


\subsection{lib}
\label{\detokenize{build/directory_org:lib}}\label{\detokenize{build/directory_org:id1}}
The lib directory contain several subdirectories as well as some
definition and glue files.
\begin{itemize}
\item {} 
The apputils directory contains the code for the generic network
servicing.

\item {} 
The crypto subdirectory contains the Kerberos V5 encryption
library.

\item {} 
The gssapi library contains the Generic Security Services API,
which is a library of commands to be used in secure client-server
communication.

\item {} 
The kadm5 directory contains the libraries for the KADM5
administration utilities.

\item {} 
The Kerberos 5 database libraries are contained in kdb.

\item {} 
The krb5 directory contains Kerberos 5 API.

\item {} 
The rpc directory contains the API for the Kerberos Remote
Procedure Call protocol.

\end{itemize}


\subsection{util}
\label{\detokenize{build/directory_org:util}}\label{\detokenize{build/directory_org:id2}}\begin{description}
\item[{The util directory contains several utility programs and libraries.}] \leavevmode\begin{itemize}
\item {} 
the programs used to configure and build the code, such as
autoconf, lndir, kbuild, reconf, and makedepend, are in this
directory.

\item {} 
the profile directory contains most of the functions which parse
the Kerberos configuration files (krb5.conf and kdc.conf).

\item {} 
the Kerberos error table library and utilities (et);

\item {} 
the Sub-system library and utilities (ss);

\item {} 
database utilities (db2);

\item {} 
pseudo-terminal utilities (pty);

\item {} 
bug-reporting program send-pr;

\item {} 
a generic support library support used by several of our other
libraries;

\item {} 
the build infrastructure for building lightweight Kerberos client
(collected-client-lib)

\item {} 
the tool for validating Kerberos configuration files
(confvalidator);

\item {} 
the toolkit for kernel integrators for building krb5 code subsets
(gss-kernel-lib);

\item {} 
source code for building Kerberos V5 on MacOS (mac)

\item {} 
Windows getopt operations (windows)

\end{itemize}

\end{description}


\section{Doing the build}
\label{\detokenize{build/doing_build::doc}}\label{\detokenize{build/doing_build:doing-the-build}}

\subsection{Building within a single tree}
\label{\detokenize{build/doing_build:do-build}}\label{\detokenize{build/doing_build:building-within-a-single-tree}}
If you only need to build Kerberos for one platform, using a single
directory tree which contains both the source files and the object
files is the simplest.  However, if you need to maintain Kerberos for
a large number of platforms, you will probably want to use separate
build trees for each platform.  We recommend that you look at OS
Incompatibilities, for notes that we have on particular operating
systems.

If you don’t want separate build trees for each architecture, then use
the following abbreviated procedure:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{cd} \PYG{o}{/}\PYG{n}{u1}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{VERSION}\PYG{o}{/}\PYG{n}{src}
\PYG{o}{.}\PYG{o}{/}\PYG{n}{configure}
\PYG{n}{make}
\end{sphinxVerbatim}

That’s it!


\subsection{Building with separate build directories}
\label{\detokenize{build/doing_build:building-with-separate-build-directories}}
If you wish to keep separate build directories for each platform, you
can do so using the following procedure.  (Note, this requires that
your make program support VPATH.  GNU’s make will provide this
functionality, for example.)  If your make program does not support
this, see the next section.

For example, if you wish to store the binaries in \sphinxcode{tmpbuild} build
directory you might use the following procedure:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{mkdir} \PYG{o}{/}\PYG{n}{u1}\PYG{o}{/}\PYG{n}{tmpbuild}
\PYG{n}{cd} \PYG{o}{/}\PYG{n}{u1}\PYG{o}{/}\PYG{n}{tmpbuild}
\PYG{o}{/}\PYG{n}{u1}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{VERSION}\PYG{o}{/}\PYG{n}{src}\PYG{o}{/}\PYG{n}{configure}
\PYG{n}{make}
\end{sphinxVerbatim}


\subsection{Building using lndir}
\label{\detokenize{build/doing_build:building-using-lndir}}
If you wish to keep separate build directories for each platform, and
you do not have access to a make program which supports VPATH, all is
not lost.  You can use the lndir program to create symbolic link trees
in your build directory.

For example, if you wish to create a build directory for solaris
binaries you might use the following procedure:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
mkdir /u1/krb5\PYGZhy{}VERSION/solaris
cd /u1/krb5\PYGZhy{}VERSION/solaris
/u1/krb5\PYGZhy{}VERSION/src/util/lndir {}`pwd{}`/../src
./configure
make
\end{sphinxVerbatim}

You must give an absolute pathname to lndir because it has a bug that
makes it fail for relative pathnames.  Note that this version differs
from the latest version as distributed and installed by the
XConsortium with X11R6.  Either version should be acceptable.


\subsection{Installing the binaries}
\label{\detokenize{build/doing_build:installing-the-binaries}}
Once you have built Kerberos, you should install the binaries. You can
do this by running:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{make} \PYG{n}{install}
\end{sphinxVerbatim}

If you want to install the binaries into a destination directory that
is not their final destination, which may be convenient if you want to
build a binary distribution to be deployed on multiple hosts, you may
use:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{make} \PYG{n}{install} \PYG{n}{DESTDIR}\PYG{o}{=}\PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{destdir}
\end{sphinxVerbatim}

This will install the binaries under \sphinxstyleemphasis{DESTDIR/PREFIX}, e.g., the user
programs will install into \sphinxstyleemphasis{DESTDIR/PREFIX/bin}, the libraries into
\sphinxstyleemphasis{DESTDIR/PREFIX/lib}, etc.  \sphinxstyleemphasis{DESTDIR} must be an absolute path.

Some implementations of make allow multiple commands to be run in
parallel, for faster builds.  We test our Makefiles in parallel builds
with GNU make only; they may not be compatible with other parallel
build implementations.


\subsection{Testing the build}
\label{\detokenize{build/doing_build:testing-the-build}}
The Kerberos V5 distribution comes with built-in regression tests.  To
run them, simply type the following command while in the top-level
build directory (i.e., the directory where you sent typed make to
start building Kerberos; see {\hyperref[\detokenize{build/doing_build:do-build}]{\sphinxcrossref{\DUrole{std,std-ref}{Building within a single tree}}}}):

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{make} \PYG{n}{check}
\end{sphinxVerbatim}

However, there are several prerequisites that must be satisfied first:
\begin{itemize}
\item {} 
Configure and build Kerberos with Tcl support. Tcl is used to drive
the test suite.  This often means passing \sphinxstylestrong{-}\sphinxstylestrong{-with-tcl} to
configure to tell it the location of the Tcl configuration
script. (See {\hyperref[\detokenize{build/options2configure:options2configure}]{\sphinxcrossref{\DUrole{std,std-ref}{Options to configure}}}}.)

\item {} 
In addition to Tcl, DejaGnu must be available on the system for some
of the tests to run.  The test suite will still run the other tests
if DejaGnu is not present, but the test coverage will be reduced
accordingly.

\item {} 
On some operating systems, you have to run \sphinxcode{make install} before
running \sphinxcode{make check}, or the test suite will pick up installed
versions of Kerberos libraries rather than the newly built ones.
You can install into a prefix that isn’t in the system library
search path, though. Alternatively, you can configure with
\sphinxstylestrong{-}\sphinxstylestrong{-disable-rpath}, which renders the build tree less suitable for
installation, but allows testing without interference from
previously installed libraries.

\end{itemize}

There are additional regression tests available, which are not run
by \sphinxcode{make check}.  These tests require manual setup and teardown of
support infrastructure which is not easily automated, or require
excessive resources for ordinary use.  The procedure for running
the manual tests is documented at
\sphinxurl{https://k5wiki.kerberos.org/wiki/Manual\_Testing}.


\subsection{Cleaning up the build}
\label{\detokenize{build/doing_build:cleaning-up-the-build}}\begin{itemize}
\item {} 
Use \sphinxcode{make clean} to remove all files generated by running make
command.

\item {} 
Use \sphinxcode{make distclean} to remove all files generated by running
./configure script.  After running \sphinxcode{make distclean} your source
tree (ideally) should look like the raw (just un-tarred) source
tree.

\end{itemize}


\subsection{Using autoconf}
\label{\detokenize{build/doing_build:using-autoconf}}
(If you are not a developer, you can ignore this section.)

In the Kerberos V5 source directory, there is a configure script which
automatically determines the compilation environment and creates the
proper Makefiles for a particular platform.  This configure script is
generated using autoconf, which you should already have installed if
you will be making changes to \sphinxcode{src/configure.in}.

Normal users will not need to worry about running autoconf; the
distribution comes with the configure script already prebuilt.

The autoconf package comes with a script called \sphinxcode{autoreconf} that
will automatically run \sphinxcode{autoconf} and \sphinxcode{autoheader} as needed.  You
should run \sphinxcode{autoreconf} from the top source directory, e.g.:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{cd} \PYG{o}{/}\PYG{n}{u1}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{VERSION}\PYG{o}{/}\PYG{n}{src}
\PYG{n}{autoreconf} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{n}{verbose}
\end{sphinxVerbatim}


\section{Options to \sphinxstyleemphasis{configure}}
\label{\detokenize{build/options2configure:options2configure}}\label{\detokenize{build/options2configure::doc}}\label{\detokenize{build/options2configure:options-to-configure}}
There are a number of options to configure which you can use to
control how the Kerberos distribution is built.


\subsection{Most commonly used options}
\label{\detokenize{build/options2configure:most-commonly-used-options}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-help}}] \leavevmode
Provides help to configure.  This will list the set of commonly
used options for building Kerberos.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-prefix=}\sphinxstyleemphasis{PREFIX}}] \leavevmode
By default, Kerberos will install the package’s files rooted at
\sphinxcode{/usr/local}.  If you desire to place the binaries into the
directory \sphinxstyleemphasis{PREFIX}, use this option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-exec-prefix=}\sphinxstyleemphasis{EXECPREFIX}}] \leavevmode
This option allows one to separate the architecture independent
programs from the host-dependent files (configuration files,
manual pages).  Use this option to install architecture-dependent
programs in \sphinxstyleemphasis{EXECPREFIX}.  The default location is the value of
specified by \sphinxstylestrong{-}\sphinxstylestrong{-prefix} option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-localstatedir=}\sphinxstyleemphasis{LOCALSTATEDIR}}] \leavevmode
This option sets the directory for locally modifiable
single-machine data.  In Kerberos, this mostly is useful for
setting a location for the KDC data files, as they will be
installed in \sphinxcode{LOCALSTATEDIR/krb5kdc}, which is by default
\sphinxcode{PREFIX/var/krb5kdc}.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-netlib}{[}=\sphinxstyleemphasis{libs}{]}}] \leavevmode
Allows for suppression of or replacement of network libraries.  By
default, Kerberos V5 configuration will look for \sphinxcode{-lnsl} and
\sphinxcode{-lsocket}.  If your operating system has a broken resolver
library or fails to pass the tests in \sphinxcode{src/tests/resolv}, you
will need to use this option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-tcl=}\sphinxstyleemphasis{TCLPATH}}] \leavevmode
Some of the unit-tests in the build tree rely upon using a program
in Tcl.  The directory specified by \sphinxstyleemphasis{TCLPATH} specifies where the
Tcl header file (TCLPATH/include/tcl.h) as well as where the Tcl
library (TCLPATH/lib) should be found.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-enable-dns-for-realm}}] \leavevmode
Enable the use of DNS to look up a host’s Kerberos realm,
if the information is not provided in
\DUrole{xref,std,std-ref}{krb5.conf(5)}.  See \DUrole{xref,std,std-ref}{mapping\_hostnames}
for information about using DNS to determine the default realm.
DNS lookups for realm names are disabled by default.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-et}}] \leavevmode
Use an installed version of the error-table (et) support software,
the compile\_et program, the com\_err.h header file and the com\_err
library.  If these are not in the default locations, you may wish
to specify \sphinxcode{CPPFLAGS=-I/some/dir} and
\sphinxcode{LDFLAGS=-L/some/other/dir} options at configuration time as
well.

If this option is not given, a version supplied with the Kerberos
sources will be built and installed along with the rest of the
Kerberos tree, for Kerberos applications to link against.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-ss}}] \leavevmode
Use an installed version of the subsystem command-line interface
software, the mk\_cmds program, the \sphinxcode{ss/ss.h} header file and the
ss library.  If these are not in the default locations, you may
wish to specify \sphinxcode{CPPFLAGS=-I/some/dir} and
\sphinxcode{LDFLAGS=-L/some/other/dir} options at configuration time as
well.  See also the \sphinxstylestrong{SS\_LIB} option.

If this option is not given, the ss library supplied with the
Kerberos sources will be compiled and linked into those programs
that need it; it will not be installed separately.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-db}}] \leavevmode
Use an installed version of the Berkeley DB package, which must
provide an API compatible with version 1.85.  This option is
unsupported and untested.  In particular, we do not know if the
database-rename code used in the dumpfile load operation will
behave properly.

If this option is not given, a version supplied with the Kerberos
sources will be built and installed.  (We are not updating this
version at this time because of licensing issues with newer
versions that we haven’t investigated sufficiently yet.)

\end{description}


\subsection{Environment variables}
\label{\detokenize{build/options2configure:environment-variables}}\begin{description}
\item[{\sphinxstylestrong{CC=}\sphinxstyleemphasis{COMPILER}}] \leavevmode
Use \sphinxstyleemphasis{COMPILER} as the C compiler.

\item[{\sphinxstylestrong{CFLAGS=}\sphinxstyleemphasis{FLAGS}}] \leavevmode
Use \sphinxstyleemphasis{FLAGS} as the default set of C compiler flags.

\item[{\sphinxstylestrong{CPP=}\sphinxstyleemphasis{CPP}}] \leavevmode
C preprocessor to use. (e.g., \sphinxcode{CPP='gcc -E'})

\item[{\sphinxstylestrong{CPPFLAGS=}\sphinxstyleemphasis{CPPOPTS}}] \leavevmode
Use \sphinxstyleemphasis{CPPOPTS} as the default set of C preprocessor flags.  The
most common use of this option is to select certain \#define’s for
use with the operating system’s include files.

\item[{\sphinxstylestrong{DB\_HEADER=}\sphinxstyleemphasis{headername}}] \leavevmode
If db.h is not the correct header file to include to compile
against the Berkeley DB 1.85 API, specify the correct header file
name with this option. For example, \sphinxcode{DB\_HEADER=db3/db\_185.h}.

\item[{\sphinxstylestrong{DB\_LIB=}\sphinxstyleemphasis{libs}…}] \leavevmode
If \sphinxcode{-ldb} is not the correct library specification for the
Berkeley DB library version to be used, override it with this
option. For example, \sphinxcode{DB\_LIB=-ldb-3.3}.

\item[{\sphinxstylestrong{DEFCCNAME=}\sphinxstyleemphasis{ccachename}}] \leavevmode
Override the built-in default credential cache name.
For example, \sphinxcode{DEFCCNAME=DIR:/var/run/user/\%\{USERID\}/ccache}
See \DUrole{xref,std,std-ref}{parameter\_expansion} for information about supported
parameter expansions.

\item[{\sphinxstylestrong{DEFCKTNAME=}\sphinxstyleemphasis{keytabname}}] \leavevmode
Override the built-in default client keytab name.
The format is the same as for \sphinxstyleemphasis{DEFCCNAME}.

\item[{\sphinxstylestrong{DEFKTNAME=}\sphinxstyleemphasis{keytabname}}] \leavevmode
Override the built-in default keytab name.
The format is the same as for \sphinxstyleemphasis{DEFCCNAME}.

\item[{\sphinxstylestrong{LD=}\sphinxstyleemphasis{LINKER}}] \leavevmode
Use \sphinxstyleemphasis{LINKER} as the default loader if it should be different from
C compiler as specified above.

\item[{\sphinxstylestrong{LDFLAGS=}\sphinxstyleemphasis{LDOPTS}}] \leavevmode
This option informs the linker where to get additional libraries
(e.g., \sphinxcode{-L\textless{}lib dir\textgreater{}}).

\item[{\sphinxstylestrong{LIBS=}\sphinxstyleemphasis{LDNAME}}] \leavevmode
This option allows one to specify libraries to be passed to the
linker (e.g., \sphinxcode{-l\textless{}library\textgreater{}})

\item[{\sphinxstylestrong{SS\_LIB=}\sphinxstyleemphasis{libs}…}] \leavevmode
If \sphinxcode{-lss} is not the correct way to link in your installed ss
library, for example if additional support libraries are needed,
specify the correct link options here.  Some variants of this
library are around which allow for Emacs-like line editing, but
different versions require different support libraries to be
explicitly specified.

This option is ignored if \sphinxstylestrong{-}\sphinxstylestrong{-with-system-ss} is not specified.

\item[{\sphinxstylestrong{YACC}}] \leavevmode
The ‘Yet Another C Compiler’ implementation to use. Defaults to
the first program found out of: ‘\sphinxtitleref{bison -y}’, ‘\sphinxtitleref{byacc}’,
‘\sphinxtitleref{yacc}’.

\item[{\sphinxstylestrong{YFLAGS}}] \leavevmode
The list of arguments that will be passed by default to \$YACC.
This script will default YFLAGS to the empty string to avoid a
default value of \sphinxcode{-d} given by some make applications.

\end{description}


\subsection{Fine tuning of the installation directories}
\label{\detokenize{build/options2configure:fine-tuning-of-the-installation-directories}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-bindir=}\sphinxstyleemphasis{DIR}}] \leavevmode
User executables.  Defaults to \sphinxcode{EXECPREFIX/bin}, where
\sphinxstyleemphasis{EXECPREFIX} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-exec-prefix}
configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-sbindir=}\sphinxstyleemphasis{DIR}}] \leavevmode
System admin executables.  Defaults to \sphinxcode{EXECPREFIX/sbin}, where
\sphinxstyleemphasis{EXECPREFIX} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-exec-prefix}
configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-sysconfdir=}\sphinxstyleemphasis{DIR}}] \leavevmode
Read-only single-machine data such as krb5.conf.
Defaults to \sphinxcode{PREFIX/etc}, where
\sphinxstyleemphasis{PREFIX} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-prefix} configuration
option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-libdir=}\sphinxstyleemphasis{DIR}}] \leavevmode
Object code libraries.  Defaults to \sphinxcode{EXECPREFIX/lib}, where
\sphinxstyleemphasis{EXECPREFIX} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-exec-prefix}
configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-includedir=}\sphinxstyleemphasis{DIR}}] \leavevmode
C header files.  Defaults to \sphinxcode{PREFIX/include}, where \sphinxstyleemphasis{PREFIX} is
the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-prefix} configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-datarootdir=}\sphinxstyleemphasis{DATAROOTDIR}}] \leavevmode
Read-only architecture-independent data root.  Defaults to
\sphinxcode{PREFIX/share}, where \sphinxstyleemphasis{PREFIX} is the path specified by
\sphinxstylestrong{-}\sphinxstylestrong{-prefix} configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-datadir=}\sphinxstyleemphasis{DIR}}] \leavevmode
Read-only architecture-independent data.  Defaults to path
specified by \sphinxstylestrong{-}\sphinxstylestrong{-datarootdir} configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-localedir=}\sphinxstyleemphasis{DIR}}] \leavevmode
Locale-dependent data.  Defaults to \sphinxcode{DATAROOTDIR/locale}, where
\sphinxstyleemphasis{DATAROOTDIR} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-datarootdir}
configuration option.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-mandir=}\sphinxstyleemphasis{DIR}}] \leavevmode
Man documentation.  Defaults to \sphinxcode{DATAROOTDIR/man}, where
\sphinxstyleemphasis{DATAROOTDIR} is the path specified by \sphinxstylestrong{-}\sphinxstylestrong{-datarootdir}
configuration option.

\end{description}


\subsection{Program names}
\label{\detokenize{build/options2configure:program-names}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-program-prefix=}\sphinxstyleemphasis{PREFIX}}] \leavevmode
Prepend \sphinxstyleemphasis{PREFIX} to the names of the programs when installing
them. For example, specifying \sphinxcode{-{-}program-prefix=mit-} at the
configure time will cause the program named \sphinxcode{abc} to be
installed as \sphinxcode{mit-abc}.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-program-suffix=}\sphinxstyleemphasis{SUFFIX}}] \leavevmode
Append \sphinxstyleemphasis{SUFFIX} to the names of the programs when installing them.
For example, specifying \sphinxcode{-{-}program-suffix=-mit} at the configure
time will cause the program named \sphinxcode{abc} to be installed as
\sphinxcode{abc-mit}.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-program-transform-name=}\sphinxstyleemphasis{PROGRAM}}] \leavevmode
Run \sphinxcode{sed -e PROGRAM} on installed program names. (\sphinxstyleemphasis{PROGRAM} is a
sed script).

\end{description}


\subsection{System types}
\label{\detokenize{build/options2configure:system-types}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-build=}\sphinxstyleemphasis{BUILD}}] \leavevmode
Configure for building on \sphinxstyleemphasis{BUILD}
(e.g., \sphinxcode{-{-}build=x86\_64-linux-gnu}).

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-host=}\sphinxstyleemphasis{HOST}}] \leavevmode
Cross-compile to build programs to run on \sphinxstyleemphasis{HOST}
(e.g., \sphinxcode{-{-}host=x86\_64-linux-gnu}).  By default, Kerberos V5
configuration will look for “build” option.

\end{description}


\subsection{Optional features}
\label{\detokenize{build/options2configure:optional-features}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-option-checking}}] \leavevmode
Ignore unrecognized \textendash{}enable/\textendash{}with options.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-}\sphinxstyleemphasis{FEATURE}}] \leavevmode
Do not include \sphinxstyleemphasis{FEATURE} (same as \textendash{}enable-FEATURE=no).

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-enable-}\sphinxstyleemphasis{FEATURE}{[}=\sphinxstyleemphasis{ARG}{]}}] \leavevmode
Include \sphinxstyleemphasis{FEATURE} {[}ARG=yes{]}.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-enable-maintainer-mode}}] \leavevmode
Enable rebuilding of source files, Makefiles, etc.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-delayed-initialization}}] \leavevmode
Initialize library code when loaded.  Defaults to delay until
first use.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-thread-support}}] \leavevmode
Don’t enable thread support.  Defaults to enabled.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-rpath}}] \leavevmode
Suppress run path flags in link lines.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-enable-athena}}] \leavevmode
Build with MIT Project Athena configuration.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-kdc-lookaside-cache}}] \leavevmode
Disable the cache which detects client retransmits.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-pkinit}}] \leavevmode
Disable PKINIT plugin support.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-disable-aesni}}] \leavevmode
Disable support for using AES instructions on x86 platforms.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-enable-asan}{[}=\sphinxstyleemphasis{ARG}{]}}] \leavevmode
Enable building with asan memory error checking.  If \sphinxstyleemphasis{ARG} is
given, it controls the -fsanitize compilation flag value (the
default is “address”).

\end{description}


\subsection{Optional packages}
\label{\detokenize{build/options2configure:optional-packages}}\begin{description}
\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-}\sphinxstyleemphasis{PACKAGE}{[}=ARG{]}}] \leavevmode
Use \sphinxstyleemphasis{PACKAGE} (e.g., \sphinxcode{-{-}with-imap}).  The default value of \sphinxstyleemphasis{ARG}
is \sphinxcode{yes}.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-without-}\sphinxstyleemphasis{PACKAGE}}] \leavevmode
Do not use \sphinxstyleemphasis{PACKAGE} (same as \sphinxcode{-{-}with-PACKAGE=no})
(e.g., \sphinxcode{-{-}without-libedit}).

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-size-optimizations}}] \leavevmode
Enable a few optimizations to reduce code size possibly at some
run-time cost.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-et}}] \leavevmode
Use the com\_err library and compile\_et utility that are already
installed on the system, instead of building and installing
local versions.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-ss}}] \leavevmode
Use the ss library and mk\_cmds utility that are already installed
on the system, instead of building and using private versions.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-db}}] \leavevmode
Use the berkeley db utility already installed on the system,
instead of using a private version.  This option is not
recommended; enabling it may result in incompatibility with key
databases originating on other systems.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-netlib=}\sphinxstyleemphasis{LIBS}}] \leavevmode
Use the resolver library specified in \sphinxstyleemphasis{LIBS}.  Use this variable
if the C library resolver is insufficient or broken.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-hesiod=}\sphinxstyleemphasis{path}}] \leavevmode
Compile with Hesiod support.  The \sphinxstyleemphasis{path} points to the Hesiod
directory.  By default Hesiod is unsupported.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-ldap}}] \leavevmode
Compile OpenLDAP database backend module.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-lmdb}}] \leavevmode
Compile LMDB database backend module.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-tcl=}\sphinxstyleemphasis{path}}] \leavevmode
Specifies that \sphinxstyleemphasis{path} is the location of a Tcl installation.
Tcl is needed for some of the tests run by ‘make check’; such tests
will be skipped if this option is not set.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-vague-errors}}] \leavevmode
Do not send helpful errors to client.  For example, if the KDC
should return only vague error codes to clients.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-crypto-impl=}\sphinxstyleemphasis{IMPL}}] \leavevmode
Use specified crypto implementation (e.g., \sphinxstylestrong{-}\sphinxstylestrong{-with-crypto-impl=}\sphinxstyleemphasis{openssl}).  The default is the native MIT
Kerberos implementation \sphinxcode{builtin}.  The other currently
implemented crypto backend is \sphinxcode{openssl}.  (See
\DUrole{xref,std,std-ref}{mitK5features})

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-prng-alg=}\sphinxstyleemphasis{ALG}}] \leavevmode
Use specified PRNG algorithm.  For example, to use the OS native
prng specify \sphinxcode{-{-}with-prng-alg=os}.  The default is \sphinxcode{fortuna}.
(See \DUrole{xref,std,std-ref}{mitK5features})

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-without-libedit}}] \leavevmode
Do not compile and link against libedit.  Some utilities will no
longer offer command history or completion in interactive mode if
libedit is disabled.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-readline}}] \leavevmode
Compile and link against GNU readline, as an alternative to libedit.
Building with readline breaks the dejagnu test suite, which is a
subset of the tests run by ‘make check’.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-system-verto}}] \leavevmode
Use an installed version of libverto.  If the libverto header and
library are not in default locations, you may wish to specify
\sphinxcode{CPPFLAGS=-I/some/dir} and \sphinxcode{LDFLAGS=-L/some/other/dir} options
at configuration time as well.

If this option is not given, the build system will try to detect
an installed version of libverto and use it if it is found.
Otherwise, a version supplied with the Kerberos sources will be
built and installed.  The built-in version does not contain the
full set of back-end modules and is not a suitable general
replacement for the upstream version, but will work for the
purposes of Kerberos.

Specifying \sphinxstylestrong{-}\sphinxstylestrong{-without-system-verto} will cause the built-in
version of libverto to be used unconditionally.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-with-krb5-config=}\sphinxstyleemphasis{PATH}}] \leavevmode
Use the krb5-config program at \sphinxstyleemphasis{PATH} to obtain the build-time
default credential cache, keytab, and client keytab names.  The
default is to use \sphinxcode{krb5-config} from the program path.  Specify
\sphinxcode{-{-}without-krb5-config} to disable the use of krb5-config and
use the usual built-in defaults.

\item[{\sphinxstylestrong{-}\sphinxstylestrong{-without-keyutils}}] \leavevmode
Build without libkeyutils support.  This disables the KEYRING
credential cache type.

\end{description}


\subsection{Examples}
\label{\detokenize{build/options2configure:examples}}
For example, in order to configure Kerberos on a Solaris machine using
the suncc compiler with the optimizer turned on, run the configure
script with the following options:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{o}{\PYGZpc{}} \PYG{o}{.}\PYG{o}{/}\PYG{n}{configure} \PYG{n}{CC}\PYG{o}{=}\PYG{n}{suncc} \PYG{n}{CFLAGS}\PYG{o}{=}\PYG{o}{\PYGZhy{}}\PYG{n}{O}
\end{sphinxVerbatim}

For a slightly more complicated example, consider a system where
several packages to be used by Kerberos are installed in
\sphinxcode{/usr/foobar}, including Berkeley DB 3.3, and an ss library that
needs to link against the curses library.  The configuration of
Kerberos might be done thus:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{o}{.}\PYG{o}{/}\PYG{n}{configure} \PYG{n}{CPPFLAGS}\PYG{o}{=}\PYG{o}{\PYGZhy{}}\PYG{n}{I}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{foobar}\PYG{o}{/}\PYG{n}{include} \PYG{n}{LDFLAGS}\PYG{o}{=}\PYG{o}{\PYGZhy{}}\PYG{n}{L}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{foobar}\PYG{o}{/}\PYG{n}{lib} \PYGZbs{}
\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{k}{with}\PYG{o}{\PYGZhy{}}\PYG{n}{system}\PYG{o}{\PYGZhy{}}\PYG{n}{et} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{k}{with}\PYG{o}{\PYGZhy{}}\PYG{n}{system}\PYG{o}{\PYGZhy{}}\PYG{n}{ss} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{k}{with}\PYG{o}{\PYGZhy{}}\PYG{n}{system}\PYG{o}{\PYGZhy{}}\PYG{n}{db}  \PYGZbs{}
\PYG{n}{SS\PYGZus{}LIB}\PYG{o}{=}\PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{\PYGZhy{}lss \PYGZhy{}lcurses}\PYG{l+s+s1}{\PYGZsq{}}  \PYG{n}{DB\PYGZus{}HEADER}\PYG{o}{=}\PYG{n}{db3}\PYG{o}{/}\PYG{n}{db\PYGZus{}185}\PYG{o}{.}\PYG{n}{h} \PYG{n}{DB\PYGZus{}LIB}\PYG{o}{=}\PYG{o}{\PYGZhy{}}\PYG{n}{ldb}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{3.3}
\end{sphinxVerbatim}


\section{osconf.hin}
\label{\detokenize{build/osconf:osconf-hin}}\label{\detokenize{build/osconf::doc}}
There is one configuration file which you may wish to edit to control
various compile-time parameters in the Kerberos distribution:

\fvset{hllines={, ,}}%
\begin{sphinxVerbatim}[commandchars=\\\{\}]
\PYG{n}{include}\PYG{o}{/}\PYG{n}{osconf}\PYG{o}{.}\PYG{n}{hin}
\end{sphinxVerbatim}

The list that follows is by no means complete, just some of the more
interesting variables.
\begin{description}
\item[{\sphinxstylestrong{DEFAULT\_PROFILE\_PATH}}] \leavevmode
The pathname to the file which contains the profiles for the known
realms, their KDCs, etc. The default value is \sphinxcode{/etc/krb5.conf}.

\item[{\sphinxstylestrong{DEFAULT\_KEYTAB\_NAME}}] \leavevmode
The type and pathname to the default server keytab file.  The
default is \DUrole{xref,std,std-ref}{DEFKTNAME}.

\item[{\sphinxstylestrong{DEFAULT\_KDC\_ENCTYPE}}] \leavevmode
The default encryption type for the KDC database master key.  The
default value is \sphinxcode{aes256-cts-hmac-sha1-96}.

\item[{\sphinxstylestrong{RCTMPDIR}}] \leavevmode
The directory which stores replay caches.  The default is
\sphinxcode{/var/tmp}.

\item[{\sphinxstylestrong{DEFAULT\_KDB\_FILE}}] \leavevmode
The location of the default database.  The default value is
\DUrole{xref,std,std-ref}{LOCALSTATEDIR}\sphinxcode{/krb5kdc}\sphinxcode{/principal}.

\end{description}



\renewcommand{\indexname}{Index}
\printindex
\end{document}