Technical review of the Kerberos chapter
Many of the statements in this chapter were just plain wrong.
Apply some major modernization, in particular the current Kerberos RFC is
4120, not 1510. Kerberized telnet, rlogin, ftp and similar are no longer
recommended -- use ssh and scp instead.
The heimdal in base is no longer crippled so as to be a minimal installation;
it is fully functional. The heimdal in ports does offer the option to install
some additional features such as KCM and PKINIT.
Add a bit more introduction to Kerberos terminology and conventions.
Make the sample output closer to the current reality.
Don't imply that eight characters is a particularly strong password.
security/krb5 does not install ktelnetd, klogind, and friends anymore,
so there's no need to mention its README.FreeBSD here (especially since
these things are disrecommended anyway).
www/mod_auth_kerb uses the HTTP/ principal, not the www/ principal.
Kerberized ssh uses GSSAPI these days, so the Kerberos-specific options
are not worth mentioning.
Kerberos works just fine on multiuser machines; the permissions of
credentials cache files are set to 0600.
Remove the section on access issues with kerberos and ssh; it is very
confused. (It seems to be talking about ssh keys and ssh-agent, but
in a very unclear and inaccurate fashion.)
There is still more to be done here, but this should get us most of the way.
Change the "basics" chapter to document FreeBSD 9 and 10 over FreeBSD 8:
- The system console is now xterm, not cons25
- acd0 devices are no longer used, switch to ada
- We no longer have as many FSF utilities, therefore fewer info pages
When talking about IDE/SATA disks, prioritise SATA over IDE, and "ada"
style naming over "ad". The latter has been the default since FreeBSD
9, and available since FreeBSD 8.
HostingAdvice covers how the FreeBSD Project works, and why system
administrators should consider switching to it.
Microsoft Azure blog covers the release of Microsoft Supported FreeBSD 10.3
images, with fixes that were committed to late for the 10.3 release cycle.
chapter
Information about the tests/ directory was added to hier(7) in src@r250604.
This is a follow up commit which documents its existence in ^/stable/10 and
^/head
Approved by: hrs
Differential Revision: https://reviews.freebsd.org/D6821
Reviewed by: hrs
This patch does the following:
- comments out some authors
- tightens up some headings
- some word-smithing
- changes examples to more modern sound cards
Move graphical installer note earlier in the chapter.
Clean up the booting from various architecture sections.
Need to confirm that powerpc instructions are correct for all supported media.
Prepare section to describe boot menu. Next commit will describe this menu in
detail.
Start to clean up initial install menus. Need to test the components section
more
as the existing descriptions are not correct
- minor rewording for "you"
- fix xref and guimenuitem tags (need to review ulinks)
- enforce consistency in app names
- note on vbox 4.0.0 removed as this port hasn't been less than this version
for 22 months
Update to r41087:
- Remove 7.x reference.
Prep work for IPsec chapter.
Add additional definitions to intro. Still need to define SA and SAD.
Still need to setup test environment to verify tech setup.
This section does not yet mention setkey.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D6746
