xref: /freebsd/crypto/krb5/doc/html/_sources/build/options2configure.rst.txt (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1.. _options2configure:
2
3Options to *configure*
4======================
5
6There are a number of options to configure which you can use to
7control how the Kerberos distribution is built.
8
9Most commonly used options
10--------------------------
11
12**-**\ **-help**
13    Provides help to configure.  This will list the set of commonly
14    used options for building Kerberos.
15
16**-**\ **-prefix=**\ *PREFIX*
17    By default, Kerberos will install the package's files rooted at
18    ``/usr/local``.  If you desire to place the binaries into the
19    directory *PREFIX*, use this option.
20
21**-**\ **-exec-prefix=**\ *EXECPREFIX*
22    This option allows one to separate the architecture independent
23    programs from the host-dependent files (configuration files,
24    manual pages).  Use this option to install architecture-dependent
25    programs in *EXECPREFIX*.  The default location is the value of
26    specified by **-**\ **-prefix** option.
27
28**-**\ **-localstatedir=**\ *LOCALSTATEDIR*
29    This option sets the directory for locally modifiable
30    single-machine data.  In Kerberos, this mostly is useful for
31    setting a location for the KDC data files, as they will be
32    installed in ``LOCALSTATEDIR/krb5kdc``, which is by default
33    ``PREFIX/var/krb5kdc``.
34
35**-**\ **-with-netlib**\ [=\ *libs*]
36    Allows for suppression of or replacement of network libraries.  By
37    default, Kerberos V5 configuration will look for ``-lnsl`` and
38    ``-lsocket``.  If your operating system has a broken resolver
39    library or fails to pass the tests in ``src/tests/resolv``, you
40    will need to use this option.
41
42**-**\ **-enable-dns-for-realm**
43    Enable the use of DNS to look up a host's Kerberos realm,
44    if the information is not provided in
45    :ref:`krb5.conf(5)`.  See :ref:`mapping_hostnames`
46    for information about using DNS to determine the default realm.
47    DNS lookups for realm names are disabled by default.
48
49**-**\ **-with-system-et**
50    Use an installed version of the error-table (et) support software,
51    the compile_et program, the com_err.h header file and the com_err
52    library.  If these are not in the default locations, you may wish
53    to specify ``CPPFLAGS=-I/some/dir`` and
54    ``LDFLAGS=-L/some/other/dir`` options at configuration time as
55    well.
56
57    If this option is not given, a version supplied with the Kerberos
58    sources will be built and installed along with the rest of the
59    Kerberos tree, for Kerberos applications to link against.
60
61**-**\ **-with-system-ss**
62    Use an installed version of the subsystem command-line interface
63    software, the mk_cmds program, the ``ss/ss.h`` header file and the
64    ss library.  If these are not in the default locations, you may
65    wish to specify ``CPPFLAGS=-I/some/dir`` and
66    ``LDFLAGS=-L/some/other/dir`` options at configuration time as
67    well.  See also the **SS_LIB** option.
68
69    If this option is not given, the ss library supplied with the
70    Kerberos sources will be compiled and linked into those programs
71    that need it; it will not be installed separately.
72
73**-**\ **-with-system-db**
74    Use an installed version of the Berkeley DB package, which must
75    provide an API compatible with version 1.85.  This option is
76    unsupported and untested.  In particular, we do not know if the
77    database-rename code used in the dumpfile load operation will
78    behave properly.
79
80    If this option is not given, a version supplied with the Kerberos
81    sources will be built and installed.  (We are not updating this
82    version at this time because of licensing issues with newer
83    versions that we haven't investigated sufficiently yet.)
84
85
86Environment variables
87---------------------
88
89**CC=**\ *COMPILER*
90    Use *COMPILER* as the C compiler.
91
92**CFLAGS=**\ *FLAGS*
93    Use *FLAGS* as the default set of C compiler flags.
94
95**CPP=**\ *CPP*
96    C preprocessor to use. (e.g., ``CPP='gcc -E'``)
97
98**CPPFLAGS=**\ *CPPOPTS*
99    Use *CPPOPTS* as the default set of C preprocessor flags.  The
100    most common use of this option is to select certain #define's for
101    use with the operating system's include files.
102
103
104**DB_HEADER=**\ *headername*
105    If db.h is not the correct header file to include to compile
106    against the Berkeley DB 1.85 API, specify the correct header file
107    name with this option. For example, ``DB_HEADER=db3/db_185.h``.
108
109**DB_LIB=**\ *libs*...
110    If ``-ldb`` is not the correct library specification for the
111    Berkeley DB library version to be used, override it with this
112    option. For example, ``DB_LIB=-ldb-3.3``.
113
114**DEFCCNAME=**\ *ccachename*
115    Override the built-in default credential cache name.
116    For example, ``DEFCCNAME=DIR:/var/run/user/%{USERID}/ccache``
117    See :ref:`parameter_expansion` for information about supported
118    parameter expansions.
119
120**DEFCKTNAME=**\ *keytabname*
121    Override the built-in default client keytab name.
122    The format is the same as for *DEFCCNAME*.
123
124**DEFKTNAME=**\ *keytabname*
125    Override the built-in default keytab name.
126    The format is the same as for *DEFCCNAME*.
127
128**LD=**\ *LINKER*
129    Use *LINKER* as the default loader if it should be different from
130    C compiler as specified above.
131
132**LDFLAGS=**\ *LDOPTS*
133    This option informs the linker where to get additional libraries
134    (e.g., ``-L<lib dir>``).
135
136**LIBS=**\ *LDNAME*
137    This option allows one to specify libraries to be passed to the
138    linker (e.g., ``-l<library>``)
139
140**PKCS11_MODNAME=**\ *library*
141    Override the built-in default PKCS11 library name.
142
143**SS_LIB=**\ *libs*...
144    If ``-lss`` is not the correct way to link in your installed ss
145    library, for example if additional support libraries are needed,
146    specify the correct link options here.  Some variants of this
147    library are around which allow for Emacs-like line editing, but
148    different versions require different support libraries to be
149    explicitly specified.
150
151    This option is ignored if **-**\ **-with-system-ss** is not specified.
152
153**YACC**
154     The 'Yet Another C Compiler' implementation to use. Defaults to
155     the first program found out of: '`bison -y`', '`byacc`',
156     '`yacc`'.
157
158**YFLAGS**
159     The list of arguments that will be passed by default to $YACC.
160     This script will default YFLAGS to the empty string to avoid a
161     default value of ``-d`` given by some make applications.
162
163
164Fine tuning of the installation directories
165-------------------------------------------
166
167**-**\ **-bindir=**\ *DIR*
168    User executables.  Defaults to ``EXECPREFIX/bin``, where
169    *EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
170    configuration option.
171
172**-**\ **-sbindir=**\ *DIR*
173    System admin executables.  Defaults to ``EXECPREFIX/sbin``, where
174    *EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
175    configuration option.
176
177**-**\ **-sysconfdir=**\ *DIR*
178    Read-only single-machine data such as krb5.conf.
179    Defaults to ``PREFIX/etc``, where
180    *PREFIX* is the path specified by **-**\ **-prefix** configuration
181    option.
182
183**-**\ **-libdir=**\ *DIR*
184    Object code libraries.  Defaults to ``EXECPREFIX/lib``, where
185    *EXECPREFIX* is the path specified by **-**\ **-exec-prefix**
186    configuration option.
187
188**-**\ **-includedir=**\ *DIR*
189    C header files.  Defaults to ``PREFIX/include``, where *PREFIX* is
190    the path specified by **-**\ **-prefix** configuration option.
191
192**-**\ **-datarootdir=**\ *DATAROOTDIR*
193    Read-only architecture-independent data root.  Defaults to
194    ``PREFIX/share``, where *PREFIX* is the path specified by
195    **-**\ **-prefix** configuration option.
196
197**-**\ **-datadir=**\ *DIR*
198    Read-only architecture-independent data.  Defaults to path
199    specified by **-**\ **-datarootdir** configuration option.
200
201**-**\ **-localedir=**\ *DIR*
202    Locale-dependent data.  Defaults to ``DATAROOTDIR/locale``, where
203    *DATAROOTDIR* is the path specified by **-**\ **-datarootdir**
204    configuration option.
205
206**-**\ **-mandir=**\ *DIR*
207    Man documentation.  Defaults to ``DATAROOTDIR/man``, where
208    *DATAROOTDIR* is the path specified by **-**\ **-datarootdir**
209    configuration option.
210
211
212Program names
213-------------
214
215**-**\ **-program-prefix=**\ *PREFIX*
216    Prepend *PREFIX* to the names of the programs when installing
217    them. For example, specifying ``--program-prefix=mit-`` at the
218    configure time will cause the program named ``abc`` to be
219    installed as ``mit-abc``.
220
221**-**\ **-program-suffix=**\ *SUFFIX*
222    Append *SUFFIX* to the names of the programs when installing them.
223    For example, specifying ``--program-suffix=-mit`` at the configure
224    time will cause the program named ``abc`` to be installed as
225    ``abc-mit``.
226
227**-**\ **-program-transform-name=**\ *PROGRAM*
228    Run ``sed -e PROGRAM`` on installed program names. (*PROGRAM* is a
229    sed script).
230
231
232System types
233------------
234
235**-**\ **-build=**\ *BUILD*
236    Configure for building on *BUILD*
237    (e.g., ``--build=x86_64-linux-gnu``).
238
239**-**\ **-host=**\ *HOST*
240    Cross-compile to build programs to run on *HOST*
241    (e.g., ``--host=x86_64-linux-gnu``).  By default, Kerberos V5
242    configuration will look for "build" option.
243
244
245Optional features
246-----------------
247
248**-**\ **-disable-option-checking**
249    Ignore unrecognized --enable/--with options.
250
251**-**\ **-disable-**\ *FEATURE*
252    Do not include *FEATURE* (same as --enable-FEATURE=no).
253
254**-**\ **-enable-**\ *FEATURE*\ [=\ *ARG*]
255    Include *FEATURE* [ARG=yes].
256
257**-**\ **-enable-maintainer-mode**
258    Enable rebuilding of source files, Makefiles, etc.
259
260**-**\ **-disable-delayed-initialization**
261    Initialize library code when loaded.  Defaults to delay until
262    first use.
263
264**-**\ **-disable-thread-support**
265    Don't enable thread support.  Defaults to enabled.
266
267**-**\ **-disable-rpath**
268    Suppress run path flags in link lines.
269
270**-**\ **-enable-athena**
271    Build with MIT Project Athena configuration.
272
273**-**\ **-disable-kdc-lookaside-cache**
274    Disable the cache which detects client retransmits.
275
276**-**\ **-disable-pkinit**
277    Disable PKINIT plugin support.
278
279**-**\ **-disable-aesni**
280    Disable support for using AES instructions on x86 platforms.
281
282**-**\ **-enable-asan**\ [=\ *ARG*]
283    Enable building with asan memory error checking.  If *ARG* is
284    given, it controls the -fsanitize compilation flag value (the
285    default is "address").
286
287
288Optional packages
289-----------------
290
291**-**\ **-with-**\ *PACKAGE*\ [=ARG\]
292    Use *PACKAGE* (e.g., ``--with-imap``).  The default value of *ARG*
293    is ``yes``.
294
295**-**\ **-without-**\ *PACKAGE*
296    Do not use *PACKAGE* (same as ``--with-PACKAGE=no``)
297    (e.g., ``--without-libedit``).
298
299**-**\ **-with-size-optimizations**
300    Enable a few optimizations to reduce code size possibly at some
301    run-time cost.
302
303**-**\ **-with-system-et**
304    Use the com_err library and compile_et utility that are already
305    installed on the system, instead of building and installing
306    local versions.
307
308**-**\ **-with-system-ss**
309    Use the ss library and mk_cmds utility that are already installed
310    on the system, instead of building and using private versions.
311
312**-**\ **-with-system-db**
313    Use the berkeley db utility already installed on the system,
314    instead of using a private version.  This option is not
315    recommended; enabling it may result in incompatibility with key
316    databases originating on other systems.
317
318**-**\ **-with-netlib=**\ *LIBS*
319    Use the resolver library specified in *LIBS*.  Use this variable
320    if the C library resolver is insufficient or broken.
321
322**-**\ **-with-hesiod=**\ *path*
323    Compile with Hesiod support.  The *path* points to the Hesiod
324    directory.  By default Hesiod is unsupported.
325
326**-**\ **-with-ldap**
327    Compile OpenLDAP database backend module.
328
329**-**\ **-with-lmdb**
330    Compile LMDB database backend module.
331
332**-**\ **-with-vague-errors**
333    Do not send helpful errors to client.  For example, if the KDC
334    should return only vague error codes to clients.
335
336**-**\ **-with-crypto-impl=**\ *IMPL*
337    Use specified crypto implementation (e.g., **-**\
338    **-with-crypto-impl=**\ *openssl*).  The default is the native MIT
339    Kerberos implementation ``builtin``.  The other currently
340    implemented crypto backend is ``openssl``.  (See
341    :ref:`mitK5features`)
342
343**-**\ **-without-libedit**
344    Do not compile and link against libedit.  Some utilities will no
345    longer offer command history or completion in interactive mode if
346    libedit is disabled.
347
348**-**\ **-with-readline**
349    Compile and link against GNU readline, as an alternative to libedit.
350
351**-**\ **-with-system-verto**
352    Use an installed version of libverto.  If the libverto header and
353    library are not in default locations, you may wish to specify
354    ``CPPFLAGS=-I/some/dir`` and ``LDFLAGS=-L/some/other/dir`` options
355    at configuration time as well.
356
357    If this option is not given, the build system will try to detect
358    an installed version of libverto and use it if it is found.
359    Otherwise, a version supplied with the Kerberos sources will be
360    built and installed.  The built-in version does not contain the
361    full set of back-end modules and is not a suitable general
362    replacement for the upstream version, but will work for the
363    purposes of Kerberos.
364
365    Specifying **-**\ **-without-system-verto** will cause the built-in
366    version of libverto to be used unconditionally.
367
368**-**\ **-with-krb5-config=**\ *PATH*
369    Use the krb5-config program at *PATH* to obtain the build-time
370    default credential cache, keytab, and client keytab names.  The
371    default is to use ``krb5-config`` from the program path.  Specify
372    ``--without-krb5-config`` to disable the use of krb5-config and
373    use the usual built-in defaults.
374
375**-**\ **-without-keyutils**
376    Build without libkeyutils support.  This disables the KEYRING
377    credential cache type.
378
379
380Examples
381--------
382
383For example, in order to configure Kerberos on a Solaris machine using
384the suncc compiler with the optimizer turned on, run the configure
385script with the following options::
386
387    % ./configure CC=suncc CFLAGS=-O
388
389For a slightly more complicated example, consider a system where
390several packages to be used by Kerberos are installed in
391``/usr/foobar``, including Berkeley DB 3.3, and an ss library that
392needs to link against the curses library.  The configuration of
393Kerberos might be done thus::
394
395    ./configure CPPFLAGS=-I/usr/foobar/include LDFLAGS=-L/usr/foobar/lib \
396    --with-system-et --with-system-ss --with-system-db  \
397    SS_LIB='-lss -lcurses'  DB_HEADER=db3/db_185.h DB_LIB=-ldb-3.3
398