/* $Id: kinkd-install.ja.txt,v 1.2 2005/07/20 09:30:51 inoue Exp $ */

	kinkd (of racoon2) Installation Guide


1. ɬפʴĶ
=============

  OS (ʲΤ줫)
	- KAME IPsec ͭˤ
	  FreeBSD 4.x/5.x, NetBSD 1.6.x/2.0 (OpenBSD ̤ݡ)
	- IPsec/PF_KEY ͭˤ
	  Debian GNU/Linux (sarge) with Linux 2.6.x kernel
	  (Debian ʳǤưȻפ̤ǧ)
	  (Red Hat Ǥư)

  饤֥ (ʲ٤)
	- Kerberos5 library (ɤ餫)
	  (MIT ǤϤۤȤɥƥȤƤʤΤǡǤ Heimdal )
	   + Heimdal-0.6.x
	   + MIT libkrb5 1.3.4
	- OpenSSL-0.9.[67]
	- libracoon


2. Kerberos5 Ķ
=======================

2.1. KDC 
===============

	ά


2.2. Kerberos client (or application client/server) ȤƤ
================================================================
  (kinkd  Kerberos client ΰǤ롣)

  /etc/krb5.conf 
	)
		[libdefaults]
		        default_realm = KINK.HONGO.WIDE.AD.JP
		[realms]
		        KINK.HONGO.WIDE.AD.JP = {
		                kdc = styx.hongo.wide.ad.jp
		        }

	ץ饤١ȥɥ쥹ư/NAT ϡ
	㤨С
		[appdefaults]
		        no-addresses = true

  ƥۥȤ principal ơ̩ͭ롣
	: ƥۥȤ)
		# kadmin -a <KDCΥۥ̾>
		kadmin> add --random-key kink/mitana.nanohz.org
		kadmin> ext kink/mitana.nanohz.org

	: add ޥɤ KDC  principal name ȸ
	      ext ޥɤǸ긵 export


3. kinkd Υѥ
===========================

3.1. kinkd Υɤμ
===============================

	ά


3.2. libracoon Υѥ
===========================

	Linux ǥѥ뤹ϡ
	Ͽ A ˸ˤʤ롣 

	% cd racoon2/lib
	% ./configure

	ΤȤ kinkd  static link Τǡ
	󥹥ȡ뤹ɬפϤʤ


3.3. kinkd Υѥ & 󥹥ȡ
======================================

	% cd racoon2/kinkd
	% ./configure
		* Heimdal/MIT-krb5 ɸʳΥѥˤϡ
		  --with-krb5=/path/to/krb5-prefix ꤹ롣
	% make
	# cp kinkd /path/to/somewhere
	# cp -i example/racoon2.conf /etc
	# $EDITOR /etc/racoon2.conf


3.4 kinkd 
================

  /etc/racoon2.conf
	 racoon2.conf ء

  FQDN ȥɥ쥹б
	/etc/hosts ˻ꤹ롣
	̤̾
		2001:240:2:0:202:8aff:fefa:bec0		mitana.nanohz.org
	Τ褦˽񤱤Ф褤

  kinkd ǥХåå⡼ɤǵưˤ
	ư -d ץĤ롣
	-F Ĥ daemon ʤ


4. racoon2.conf
===============

  ʬ principal ̾
	default{remote{kink{my_principal}}} ˡʬ principal ̾
	ꤹ롣krb5.conf ǥǥե realm ꤷƤϡ
	realm ̾ϾάǤ롣

  remote{kink{peers_principal}
	responder ξϡΤȤ (ʤ initiator )
	principal ̾ɬꤹɬפ롣
	ޤΤȤ realm ̾ϾάǤʤ

  remote{selector_index}
	responder ξϡΤȤɬꤹɬפ롣

  selector, policy, ipsec, sa
	ϡkinkd specific ϤʤϤʤΤǡ
	̤̾국Ҥ롣


5. kinkd εư/λ
====================

  ư
	-d ץĤȥǥХåå⡼ɤǵư롣
	   ( syslog  LOG_DEBUG ٥Ϥ褦
	   ꤷƤʤȡϤѲʤΤ)
	-F ץĤ syslog ؤɸϤ
	   Ϥ롣ޤdaemon ʤ

	) /usr/local/sbin/kinkd -d

  λ
	SIGTERM/SIGINT ǽλ

	) pkill kinkd
	      ޤ
	    kill `cat /var/run/kinkd.pid`


Ͽ A: Linux-2.6.x + Debian sarge ǤΥҥ
=============================================

  kernel
	- PFKEY socket
	- AH
	- ESP
	- AH for IPv6
	- ESP for IPv6
	ͭˤ 2.6.x ͥۤ롣
	(ǶϥǥեȤͭ)

  Heimdal
	Debian: heimdal-dev ѥå롣
	RedHat: ?

  libracoon Υѥ
	/usr/include/linux ɬפʥإåե򥤥󥹥ȡ뤷Ƥʤ
	ϡ./configure Τȡ
	Makefile  CFLAGS  -I/path/to/linux-2.6.x/include ɲä롣

	Heimdal ưǥ󥹥ȡ뤷Ƥ硢
	Makefile  CFLAGS  -I/path/to/heimdal/include ɲä롣

  kinkd Υѥ
	/usr/include/linux ɬפʥإåե򥤥󥹥ȡ뤷Ƥʤ
	ϡconfigure ˡ
		% env CPPFLAGS=-I/path/to/linux-2.6.x/include ./configure
	Τ褦˻ꤷƤ롣

  ¾
	SPD Ԥʤ setkey ޥɤߤʤ顢
	ipsec-tools <http://ipsec-tools.sourceforge.net/>
	򥤥󥹥ȡ뤹Ȥ褤
	Debian/RedHat Ȥѥå褦


Ͽ B: FreeBSD 4.10, NetBSD 2.0 ǤΥҥ
===========================================

  kernel
	- IPSEC
	- IPSEC_ESP
	- IPSEC_DEBUG
	ץĤƺƹۤ롣

  Heimdal
	FreeBSD 4.x (ȳǧƤʤ餯 NetBSD 1.6.x) ξ硢
	ĤƤ Heimdal ΥС󤬸ŤΤǡ
	ʬ 0.6.x 򥤥󥹥ȡ뤹ɬפ롣

	FreeBSD 5.x, NetBSD 2.0 ξϡĤƤĤ OK
