Installer requirements for MINK-summer-of-99

0 Hardware and Operating System Requirements

    1. Operating Systems supported

      2. Windows 95

      Windows 98

      Windows NT 4.0

      Windows 2000, Beta 3

      This installer is not supported on Windows 3.x or Windows for Workgroups. The 16 binaries contained in the installer should function on these operating systems. However, the 32 bit versions will not function, even if Win32S is installed.

    2. Minimal Hardware Requirements

      3. Hard disk space required for operation is approximately 2,500 KB

      Hard disk space required for installation is approximately 5,600 KB

      The installer image is approximately 2,800 KB

      The RAM required for obtaining and monitoring tickets is approximately 10,000 KB

    3. Obsoletes:

      4. The versions of these binaries that have been previously installed by SAPGUI version 3.1h, 3.0f, and all 16 bit versions of SAPGUI, HostExplorer version 6.0, and all previous versions of Mink.

    4. Known backwards compatibility issues:
  1. The user visible components during install time are:

The development team no longer builds the 16 binaries. There is no maintenance being done on these libraries. We are trying to phase out all applications that use these libraries. However, 16 bit versions of Eudora rely on these libraries. Also wlprspl depends on the 16 bit libraries. We have not yet provided a solution to replace wlprspl on Windows 95, Windows 98, or even NT 4.0 and Windows 2000 in the case of printing to Athena print queues that require Kerberos authentication.

The 32 bit libraries continue to be revised and maintained. This effort is expected to continue for quite a while.

The configuration files have been separated out into a component so that this installer may be used by other sites without causing serious client configuration problems.

This should only be used by advanced or knowledgeable users. The file won't actually be removed instead it will be renamed to Rename-this-to-kclnt32.dll. A Eudora installer for a later version could rename the file back to kclnt32.dll. Note that the problem versions of Eudora can successfully use Kerb16.exe and kclient.dll if kclnt32.dll is not present.

 

  1. The files to be installed are:
    1. 16 bit component:

      2. krb5_16.dll

      krb5.exe

      krb4_16.dll (not used by any known MIT applications)

      gssapi.dll

      comerr16.dll

      kclient.dll

      krbv4win.dll

      kview.exe

      leash.exe

      leashwin.dll

      vs.dll

      wshelper.dll

    2. 32 bit component:

      3. krb5_32.dll

      gssapi32.dll

      comerr32.dll

      vs32.dll

      kinit.exe

      krbv4w32.dll

      leashw32.dll

      wshelp32.dll

      fleavius.exe

      kclnt32.dll (note Eudora interactions)

      krbcc32.dll

      leash32.exe

      leash32.hlp

      xpprof32.dll

      kdestroy.exe

      klist.exe

    3. configuration files:

    krb.con

    krbrealm.con

    krb5.ini

  2. The default location of the files are:
    1. 16 bit components

      2. \program files\Kerberos

    2. 32 bit components

      3. \program files\Kerberos

    3. configuration files
  3. Notes of file location restrictions

    4. The development team is not aware of any hard coded location dependencies the limit where the executable or binaries may be installed. However, since the DLLs are shared with many other applications they should reside in a directory on the path.

    The location of the configuration files may be set via Leash32. However the development team recommends that users stick to the default locations.

  4. The following files have been
    1. Added

      2. Winsock 2 support in the case of installation on a Windows 95 machine.

      Wshelp32.dll was previously not distributed as part of MINK.

      Krbcc32.dll, xpprof32.dll, fleavius.exe, and kclnt32.dll were not previously distributed. Fleavius and krbcc32 are related to the in-memory cache support. Xpprof32 is related to the GUI support within Leash for configuration modifications. Kclnt32.dll is used by some 32 bit versions of Eudora.

      Leash32.exe and Leash32.hlp are also new to the distribution.

    2. Removed

      3. Kerberos.ini

      Kview.exe

      Kview32.exe

      sapkrb16.dll (by request of Tregan)

      sapgss16.dll (by request of Tregan)

      sapkrb32.dll

      sapgss32.dll

       

    3. Modified

    krb5_32.dll

    gssapi32.dll

    comerr32.dll

    vs32.dll

    kinit.exe

    krbv4w32.dll

    leashw32.dll

    wshelp32.dll

    xpprof32.dll

    kdestroy.exe

    klist.exe

    krb5.ini

     

     

  5. The following files will have an associated menu entry

    6. Kdestroy.exe - Kdestroy

    Leash32.exe - Leash32

    Leash32.hlp - Leash32 Help

    If the 16 bit applications are installed they will be given a submenu under the "Kerberos Utilities" menu. The name of the submenu will be "16 bit applications". It will contain:

    Krb5.exe - Kerberos 5 Logon

    Leash.exe - Leash

  6. The following files will have a Desktop shorctut

    7. none

  7. The following registry values will be set:
    1. Configuration values that affect the system

      2. HKCU\Software\MIT\Leash32\Settings\

      DebugWindow

      DestroyTicketOnExit

      ForwardableTicket

      LargeIcons

      LowTicketAlarm

      ProxiableTicket

      TimeHost

      UpperCaseRealm

      \Window Size\

      icon

      max

      Rect

      \Leash32-Summary\

      Bars

      ScreenCX

      ScreenCY

      \Leash32-Bar1\

      BarID

      \Leash32-Bar0\

      BarID

      \AFS\

      AfsStatus

      MIT\Kerberos4\

    2. Values set by the installer
    3. Values unset by the installer but affected by application UI
    4. Values without UI access but accessible to advanced users through the regsitry editor

     

  8. The following environment variables will affect the system:

    9. NDIR

    ETC

    TZ

    KRBTKFILE

    LIFETIME

    1. The installer will modify the following environment variables:

    SNC_LIB - This will not be modified by the installer. If a user of an older version of SAP installs the new libraries to a new location, SAPGUI should continue to function although there will be two caches. SAPUGUI 4.5 should not need this environment variable. The SAPGUI 4.5 installer will remove this variable. If the installer encounters this variable it will tell the user to visit the http://mit.edu/sapr3/ page to see if there is some new information.

    TZ - can or maybe modified by the installer. There is conditional code within the installer to determine if this may appropriate.

     

  9. License restrictions and Export restrictions
    1. The following license information will be displayed to the user during installation
    2. The following people provided or reviewed the license text

      3. Bob Ciavola (the text hasn't changed for several years)

    3. The following information regarding license restrictions will be presented to the user
    4. The following people provided or reviewed the export restrictions text

    Bob Ciavola (the text hasn't changed for several years)

     

  10. The following applications may be affected by installing this software:
    1. When installing the 16 bit component

      2. Leash, Eudora, HostExplorer, wlprspl, TechMail, Pager, Discuss

    2. When installing the 32 bit component

      3. Leash32, Eudora, HostExplorer, SAP

    3. When installing the configuration files component

     

  11. Known compatibility issues
    1. The 16 bit components are dependant on
    2. The 32 bit components are dependant on
    3. The configuration files component is dependant on

     

  12. The following web pages or documents are expected to reference this installer or the binaries that it installs

    13. http://web.mit.edu/is/help/mink/ - Main mink page (contacted sbjones 9/21/99)

    http://web.mit.edu/is/help/mink/cache.html

    http://web.mit.edu/cao/www/pc_escli.htm - Esandi (PC Users)

    http://web.mit.edu/cao/www/eshelp.htm

    http://web.mit.edu/cao/www/inst95nt.htm

    http://web.mit.edu/is/pubs/ns-56/ - wlprspl

    http://web.mit.edu/winnt/kerberos.html (contacted lkimble, sbjone, bushnell, jmhust, 9/21/99)

    http://web.mit.edu/network/compromise.html (contacted network 9/21/99)

    http://web.mit.edu/security/www/isonetsec.htm - GII (points to is/help/mink, no change needed)

    http://web.mit.edu/IS/help/getstart.html (points to is/help/mink, no change needed)

    http://web.mit.edu/pbh/www/early-testers.html

    http://web.mit.edu/sapr3/ - Tregan

    <http://web.mit.edu/net-security/www/off-net.html> -contact: bobmah

     

  13. Other Issues:
    1. Environment variables

      2. The new libraries support registry settings in addition to environment variables. The Leash32 UI can only manipulate the registry settings, however the environment variables take precedence. This is useful since a use can set environment variables on the fly in a command processor window and affect applications that are started from the command shell.

      The installer should display which environment variables are set and explain the issue to the users.

    2. Path issues

      3. Earlier versions of the installer always added to the path. This should not be done if the target directory is already on the path.

      10-9-99 - We still had problems with the path. When updating the path we don't want to use the WISE "add path" command when running on NT, but we do on 95 and 98. When running on NT we normally want to update HKLM\System\CurrentControlSet\Control\Session Manager\Environment so that all users are affected. If we can't do that then try updating HKCU\Environment

    3. Migrating default location from earlier prototypes

      4. There has been a request to change the default location from "\program files\mink" to "\program files\Kerberos". The installer must deal with this migration.

      If %MAINDIR% is not equal to "\program files\mink" and "\program files\mink" occurs on the path, then remove it from the path. Deal with multiple occurrences of this on the path. We're only attempting to deal with this on NT and W2k. We're ignoring this issue on 95 and 98.

    4. Current User vs. All Users

    5. Uninstall

    Users should be encouraged to run the uninstaller first if the installer detects that the component already exists on the system.

  14. Test Plan

    15. Situations to be tested on 95, 98, NT, and Windows 2000:

    1. Basic ability to obtain a ticket in the Athena realm. The user should be able to obtain both a v4 and v5 ticket.
    2. Destroy tickets.
    3. Try to obtain a tgt for a valid user with an incorrect password.
    4. Try to obtain a tgt for an unknown user.
    5. Obtain a tgt for a user. Attempt to change the password to a known weak password.
    6. Attempt to change the password to a strong password.
    7. Change the password back to the original password.
    8. Installer specific:

     

     

  15. Check list