From owner-freebsd-doc@FreeBSD.ORG Mon Sep 8 12:05:31 2003 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A69FE16A4BF for ; Mon, 8 Sep 2003 12:05:31 -0700 (PDT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9710D43FE9 for ; Mon, 8 Sep 2003 12:05:30 -0700 (PDT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (acs-24-154-239-225.zoominternet.net [24.154.239.225]) by pittgoth.com (8.12.9/8.12.9) with SMTP id h88J5Svd023002 for ; Mon, 8 Sep 2003 15:05:29 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Mon, 8 Sep 2003 14:22:54 -0400 From: Tom Rhodes To: FreeBSD-doc@FreeBSD.org Message-Id: <20030908142254.3592ed0d.trhodes@FreeBSD.org> X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Pre-commit review requested X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2003 19:05:31 -0000 Any -doc committer want to review the following patch. It is by no way an in depth cleanup, but it will take us (myself anyway) one step further toward my goal of a good security chapter. This diff: o Adds , , and other tags as required. o Uses the &os; entity. o Cleans up the introduction by pointing out what version of Kerberos is in what FreeBSD Release. o Modifies and title's to help seperate KerberosIV and Kerberos5. I'm only looking for either objections or "please commit"s and would rather not bounce this around for the next three days. Thanks! -- Tom Rhodes --- chapter.sgml Mon Sep 8 14:16:05 2003 +++ chapter.new Mon Sep 8 14:13:32 2003 @@ -24,7 +24,7 @@ This chapter will provide a basic introduction to system security concepts, some general good rules of thumb, and some advanced topics - under FreeBSD. A lot of the topics covered here can be applied + under &os;. A lot of the topics covered here can be applied to system and Internet security in general as well. The Internet is no longer a friendly place in which everyone wants to be your kind neighbor. Securing your system is imperative @@ -39,12 +39,12 @@ - Basic system security concepts, in respect to FreeBSD. + Basic system security concepts, in respect to &os;. - About the various crypt mechanisms available in FreeBSD, - such as DES and MD5. + About the various crypt mechanisms available in &os;, + such as DES and MD5. @@ -52,27 +52,32 @@ - How to set up Kerberos, another alternative - authentication system. + How to set up KerberosIV on &os; + releases prior to 5.0. - How to create firewalls using IPFW. + How to set up Kerberos5 on + post &os; 5.0 releases. - How to configure IPsec and create a VPN between - FreeBSD/&windows; machines. + How to create firewalls using IPFW. + + + + How to configure IPsec and create a VPN between + &os;/&windows; machines. - How to configure and use OpenSSH, FreeBSD's SSH + How to configure and use OpenSSH, &os;'s SSH implementation. How to configure and load access control extension - modules using the TrustedBSD MAC Framework. + modules using the TrustedBSD MAC Framework. @@ -85,7 +90,7 @@ - Understand basic FreeBSD and Internet concepts. + Understand basic &os; and Internet concepts. @@ -1433,7 +1438,7 @@ - + @@ -1451,8 +1456,8 @@ - Kerberos - Kerberos + KerberosIV + KerberosIV Kerberos is a network add-on system/protocol that allows users to authenticate themselves through the services of a secure server. @@ -1472,7 +1477,7 @@ Kerberos installing - Kerberos is an optional component of FreeBSD. The easiest + Kerberos is an optional component of &os;. The easiest way to install this software is by selecting the krb4 or krb5 distribution in sysinstall during the initial installation of FreeBSD. This will install @@ -1939,6 +1944,8 @@ <application>Kerberos5</application> + + Kerberos5 Every &os; release beyond &os;-5.1 includes support only for Kerberos5. Hence