Building & Running Kerberos 5 on Windows ---------------------------------------- Kerberos 5 builds on Windows with MSVC++ 6.0. It may or may not build with other compilers or make utilities. These build instructions assume that you have the standalone source distribution of Kerberos 5 rather than the MIT Kerberos for Windows distribution (which includes a working Kerberos 4). There are two methods for building a Windows version of Kerberos 5. The traditional method involves starting on a Unix machine and creating a distribution that can be built on Windows. The second method works from the sources that come from the Unix distribution if you have certain Unix-type utilities (see below). IMPORTANT NOTE: By default, the sources are built with debug information and linked against the debug version of the Microsoft C Runtime library, which is not found on most Windows systems unless they have development tools. To build a release version, you need to define NODEBUG either in the environment or the nmake command-line. DNS Support: To support DNS lookups, you will need to define KRB5_DNS_LOOKUP, KRB5_DNS_LOOKUP_KDC, or KRB5_DNS_LOOKUP_REALMS. The DNS code will default to trying to use the wshelper library. If you would rather use a resolver library whose include files more closely match the Unix resolver library, define KRB5_NO_WSHELPER. You will also need to define DNS_INC to point to the include directory for the library and DNS_LIB to library itself. The default is not to support DNS because the build cannot know whether there is a DNS resolver library around for it to use. Traditional Build Method: ------------------------ On the Unix side 1) cd xxx/src # Go to where the source lives 2) make -f Makefile.in kerbsrc.zip # Do some Unix-side configuring # ...and create kerbsrc.zip 3) On the PC side 1) md \krb5 # Create dir where we'll put the tree 2) cd \krb5 3) unzip kerbsrc.zip - or - pkunzip -d kerbsrc.zip 4) nmake [NODEBUG=1] [DNS-options] # Build the sources 5) nmake install [NODEBUG=1] # Copy headers, libs, executables All-Windows Build Method: ------------------------ First, make sure you have sed, gawk, cat, and cp. 1) cd xxx/src # Go to where the source lives 2) nmake -f Makefile.in prep-windows # Create Makefile for Windows 3) nmake [NODEBUG=1] [DNS-options # Build the sources 4) nmake install [NODEBUG=1] # Copy headers, libs, executables Notes on the install Target: --------------------------- For the install target, you will need to define KRB_INSTALL_DIR to point to the directory where the header, library, and executable files will be installed. You can either define this in the environment or at the nmake command-line. For example: nmake install [NODEBUG=1] KRB_INSTALL_DIR=c:\sdk\krb5 Make sure you create the directory first. Otherwise, nmake will complain. The files will get installed into include, lib, and bin subdirectories. You can then copy the binaries to where ever you want have them (probably somewhere in your path). Running Kerberos 5 Apps: ----------------------- Make sure you have a valid krb5.ini file. That will look just like a Unix krb5.conf file. You can place this file in the same directory as your krb5_32.dll or in your Windows directory. You should then be able to run the applications that are built. Note that Kerberos 5 will not look for the krb5.ini file in your path. krb5.ini File: ------------- WARNING: Despite its name, this is not a Windows .ini file. Therefore, do not try to use any .ini tools, including the Windows API or any installer tools to manipulate this file. Its format is subtly different from Windows .ini files! Controlling the Kerberos 5 Run-Time Environment: ----------------------------------------------- The Kerberos 5 configuration file and credentials cache can be controlled with environment variables and registry settings. The environment variable for a particular setting always takes precedence. Next in precedence comes the setting in the registry under HKEY_CURRENT_USER\Software\MIT\Kerberos5. Then comes the registry setting under HKEY_LOCAL_MACHINE\Software\MIT\Kerberos5. If none of those are found, a default value is used. Configuration File: - Environment: KRB5_CONFIG - Registry Value: config - Default: looks in krb5_32.dll's dir and Windows directory Default Credentials Cache: - Environment: KRB5CCNAME - Registry Value: ccname - Default: API:krb5cc or FILE:%TEMP%\krb5cc or FILE:\krb5cc Credentials Cache: ----------------- In addition to standard FILE: (disk file) and MEMORY: (in-process non-shared memory) Windows supports the API: cache type, which is a shared memory cache. This is implemented by krbcc32.dll, which is not included the the krb5-only distribution. Rather, it is part of MIT's Kerberos for Win32 suite. Othes Issues: ------------ The krb4_32.dll that is built (but not installed) is not supported. If you need Kerberos 4, you can use the krbv4w32.dll that MIT distributes as part of the MIT Kerberos for Windows distribution. More Information: ---------------- For more information, please read the Kerberos 5 documentation in the doc directory of the distribution.