X-Git-Url: https://git.gag.com/?a=blobdiff_plain;ds=sidebyside;f=INSTALL;h=faa294ae0fb4e9d2e3127af203c2477180091cd3;hb=a215b1af60cb69a7460ad2562549576ea22d2ced;hp=a2c9cb46c4004cad237e5a5e438267123cc3a28b;hpb=6ba3f54741e413f12fdc27fbc8d1ba85f94c64a2;p=debian%2Fsudo

diff --git a/INSTALL b/INSTALL
index a2c9cb4..faa294a 100644
--- a/INSTALL
+++ b/INSTALL
@@ -166,19 +166,13 @@ Special features/options:
 
   --with-SecurID[=DIR]
 	Enable SecurID support.  If specified, DIR is directory containing
-	sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+	libaceclnt.a, acexport.h, and sdacmvls.h.
 
   --with-fwtk[=DIR]
 	Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
 	DIR is the base directory containing the compiled FWTK package
 	(or at least the library and header files).
 
-  --with-kerb4[=DIR]
-	Enable Kerberos IV support.  If specified, DIR is the base
-	directory containing the Kerberos IV include and lib dirs.
-	This uses Kerberos passphrases for authentication but does
-	not use the Kerberos cookie scheme.
-
   --with-kerb5[=DIR]
 	Enable Kerberos V support.  If specified, DIR is the base
 	directory containing the Kerberos V include and lib dirs.
@@ -186,6 +180,13 @@ Special features/options:
 	does not use the Kerberos cookie scheme.  Will not work for
 	Kerberos V older than version 1.1.
 
+  --enable-kerb5-instance=string
+        By default, the user name is used as the principal name
+        when authenticating via Kerberos V.  If this option is
+        enabled, the specified instance string will be appended to
+        the user name (separated by a slash) when creating the
+        principal name.
+
   --with-ldap[=DIR]
 	Enable LDAP support.  If specified, DIR is the base directory
 	containing the LDAP include and lib directories.  Please see
@@ -285,7 +286,7 @@ Special features/options:
         older PAM implementations or on operating systems where
         opening a PAM session changes the utmp or wtmp files.  If
         PAM session support is disabled, resource limits may not
-        be updatedin for command being run.
+        be updated for the command being run.
 
   --disable-root-mailer
 	By default sudo will run the mailer as root when tattling
@@ -744,6 +745,12 @@ HP-UX:
 
     sudo	session	required	libpam_hpsec.so.1 bypass_umask
 
+    If every command run via sudo displays information about the last
+    successful login and the last authentication failure you should
+    make use an /etc/pam.conf line like:
+
+    sudo	session	required	libpam_hpsec.so.1 bypass_umask bypass_last_login
+
 Digital UNIX:
     By default, sudo will use SIA (Security Integration Architecture)
     to validate a user.  If you want to use an alternative authentication