Add README.txt with section on Testing

diff --git a/BUILD.txt b/BUILD.txt
index 2885e37920ac92d498b1e2266494ef7411e51609..efd3a3ef029961c1547cfba96d0ad83978be2eee 100644 (file)
--- a/BUILD.txt
+++ b/BUILD.txt
@@ -1,8 +1,16 @@
 
-First off, run:
-# autoreconf -f -i
+BUILDING
+========
+
+Usual tools of the trade:
+
+$ autoreconf -f -i
+$ ./configure
+$ make
+
+optionally (for easy installation on Fedora):
+$ make rpms
 
-Then the usual ./configure and make
 
 In order to build gss-ntlmssp the following development packages are needed:
 
@@ -15,7 +23,7 @@ In order to build gss-ntlmssp the following development packages are needed:
     libtool
     libxml2
     libxslt
-    libunistring
+    libunistring-devel
     m4
     pkgconfig
-    openssl
+    openssl-devel

diff --git a/README.txt b/README.txt
new file mode 100644 (file)
index 0000000..cb33fd6
--- /dev/null
+++ b/README.txt
@@ -0,0 +1,72 @@
+
+GSS-NTLMSSP
+===========
+
+This is a mechglue plugin for the GSSAPI library that implements NTLM
+authentication.
+
+So far it has been built and tested only with the libgssapi implementation
+that comes with MIT Kerberos 1.11
+
+
+BUILDING
+========
+
+See BUILD.txt
+
+
+TESTING
+=======
+
+Testsuite:
+----------
+
+Run ./ntlmssptest at your leisure, it just insures that the crypto is
+working correctly.
+
+Real testing:
+-------------
+
+There are exactly 2 configuration knobs at this point, and both need to
+be set right.
+
+1. The gss configruation file.
+
+In orde to load the mechanism into gssapy copy the content of the file
+examples/mech.ntlmssp into /etc/gss/mech
+If you are installing in a non standard path check that the location
+of the shared object matches where you installed it in your system
+
+2. The credentials file
+
+Set the environment variable NTLM_USER_FILE to a path to a file with
+your NTLM cedentials in it.
+The file format is the same as the one used by the gss ntlm mechanism
+that can be found in Heimdal. Super simple, one or more lines with:
+DOMAIN:USERNAME:PASSWORD as elements separated by ':'
+
+For example:
+ADDOM:Administrator:Passw0rd
+
+Testing Application:
+--------------------
+
+So far the only application that seem to properly use GSSAPI and
+therfore will work unmodified is Firefox. I tried also Curl, but even
+after making some patches to let it use the builtin SPNEGO implementation
+of GSSAPI it seem that the code is hardcoded to believe there will always
+only ever be one roundtrip. This is not necessarily true with the krb5
+mechanism although it works with that with current implementations.
+I will need more patches for curl, meanwhile use firefox.
+
+The server: I am using a Windows Server with IIS installed and Windows
+Authentication enabled.
+
+In Firefox go in about:config and set the string list named
+network.negotiate-auth.trusted-uris to your Windows server domain
+name suffix. This is necessary otherwise Firefox will not even attempt to
+perform negotiation, regardles of the Mechanism used.
+
+Example:
+network.negotiate-auth.trusted-uris = .addom.example.com
+