In the Beta 4 distribution, we have included a new build system, which
was built using the Free Software Foundation's autoconf program.  This
system will hopefully make Kerberos V5 much simpler to build for most
people, and reduce the amount of effort required in porting Kerberos V5
to a new platform.

The imake system has been removed from this patch release, as most of
the tree is now under autoconf control.

HOW TO BUILD KERBEROS V5
========================

A)  Find about 65 meg free; untar the krb5 sources.  For example,
	we will assume that you've untar'ed the sources into /u1/krb5,
	so that the top of the source tree is /u1/krb5/src.

B)  If you don't want separate build trees for each architecture, then
use the following abbreviated procedure.
	1)  cd /u1/krb5/src
	2)  ./configure
	3)  make 

If you have a make that supports VPATH (GNU make, for example), you
can keep your source tree pure by making a build directory, e.g.
/u1/krb5/pmax.

	1)  cd /u1/krb5/pmax
	2)  ../src/configure
	3)  make

That's all there is to it!

It is possible to pass compiler flags to to configure by using, for
example, the "--with-ccopts=FLAGS" option.  Please take note that if
you use the native Ultrix compiler on a DECstation you are likely to
lose if you pass no flags to cc; md4.c takes an estimated 33 million
years to compile if you provide neither the "-g" flag nor the "-O"
flag to cc.

It is also possible to explicitly specify a compiler to configure,
e.g. "--with-cc=gcc".

By default, Kerberos will expect its configuration files to be in
/krb5.  This can be changed by passing the
"--with-krb5-root=/KRB5_ROOT_DIR" option to configure, where
/KRB5_ROOT_DIR should be replaced with the appropriate pathname.

If you want Kerberos V4 backwards compatibility, pass the
"--with-krb4=/KRB4_DIRECTORY" option to configure.  This requires that
the V4 include files be available in /KRB4_DIRECTORY/include, and that
the V4 Kerberos library be available in /KRB4_DIRECTORY/lib.

If, for some reason, you want to build with isode-based ASN.1 encoders
and decoders rather than our hand-coded ones, use the "--enable-isode"
flag to configure.  This has not been thoroughly tested, so beware.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

include/krb5/stock/osconf.h:
---------------------------
There are several defaults you may wish to adjust in osconf.h:

DEFAULT_CONFIG_FILENAME		The pathname to the file which defines
				the known realms and their KDCs.  Same
				format as V4 krb.conf
DEFAULT_TRANS_FILENAME		The pathname to the file which a priori
				assigns hosts to realms.  Same format as
				V4 krb.realms
DEFAULT_LNAME_FILENAME		The pathname to the database mapping
				authentication names to local account names.
				See kdb5_anadd(8).
DEFAULT_KEYTAB_NAME		The type and pathname to the default
				server keytab file (the equivalent of v4
				/etc/srvtab).
DEFAULT_KDC_ETYPE		The default encryption type for the KDC.
DEFAULT_KDC_KEYTYPE		The default keytype for the KDC.
KDCRCACHE			The name of the replay cache used by
				the KDC.
RCTMPDIR			The directory which stores replay
				caches.

include/krb5/stock/config.h
----------------------------
You might wish to adjust these flags as well:

KRBCONF_VAGUE_ERRORS		If defined, give vague and unhelpful
				error messages to the client... er,
				attacker.  (Needed to meet silly
				government regulations; most other
				sites will want to keep this
				undefined.)

KRBCONF_KDC_MODIFIES_KDB	Define this if you want to allow the
				KDC to modify the Kerberos database;
				this allows the last request
				information to be updated, as well as  
				the failure count information.

				Note that this doesn't work if you're
				using slave servers!!!  It also causes
				the database to be modified (and thus
				need to be locked) frequently.



NOTE for building Kerberos for multiple platforms
=================================================

This is how we build Kerberos for multiple platforms here at MIT:

Use the synctree program to build a symlink tree.  The .rconf files
included in the distribution are for use with synctree.  You can find
the synctree program in the same directory as you found this release,
athena-dist.mit.edu.

Assuming you have a directory hierarchy which looks something like this:


       |-decmips-
       |-hpux----
|-krb5-|-linux---
       |-solaris-
       |-src-----

A typical build using synctree might be: 

	cd XXX/krb5
	mkdir decmips; cd decmips
	synctree -s ../src -d .
	./configure
	make