source: archive/heimdal.xml@ 45ab6c7

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 45ab6c7 was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 3 years ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$
  • Property mode set to 100644
File size: 44.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "31d08bbf47a77827fe97ef3f52b4c9c4">
10 <!ENTITY heimdal-size "6.0 MB">
11 <!ENTITY heimdal-buildsize "205 MB">
12 <!ENTITY heimdal-time "3.9 SBU (additional 2.3 SBU to run the test suite)">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Heimdal-&heimdal-version;</title>
23
24 <indexterm zone="heimdal">
25 <primary sortas="a-Heimdal">Heimdal</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Heimdal</title>
30
31 <para><application>Heimdal</application> is a free implementation
32 of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
33 backward compatible with Kerberos 4. Kerberos is a network authentication
34 protocol. Basically it preserves the integrity of passwords in any
35 untrusted network (like the Internet). Kerberized applications work
36 hand-in-hand with sites that support Kerberos to ensure that passwords
37 cannot be stolen or compromised. A Kerberos installation will make changes
38 to the authentication mechanisms on your network and will overwrite several
39 programs and daemons from the <application>Shadow</application>,
40 <application>Inetutils</application> and
41 <application>Qpopper</application> packages. See
42 <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
43 all the files and commands to rename each of them.</para>
44
45 <para>&lfssvn_checked;20101029&lfssvn_checked2;</para>
46
47 <bridgehead renderas="sect3">Package Information</bridgehead>
48 <itemizedlist spacing="compact">
49 <listitem>
50 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
54 </listitem>
55 <listitem>
56 <para>Download MD5 sum: &heimdal-md5sum;</para>
57 </listitem>
58 <listitem>
59 <para>Download size: &heimdal-size;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated disk space required: &heimdal-buildsize;</para>
63 </listitem>
64 <listitem>
65 <para>Estimated build time: &heimdal-time;</para>
66 </listitem>
67 </itemizedlist>
68
69 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
70 <itemizedlist spacing='compact'>
71 <listitem>
72 <para>Required Patch: <ulink
73 url="&patch-root;/heimdal-&heimdal-version;-otp_fixes-1.patch"/></para>
74 </listitem>
75 <!-- <listitem>
76 <para>Required Patch: <ulink
77 url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
78 </listitem> -->
79 </itemizedlist>
80
81 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
82
83 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
84 <para role="required"><xref linkend="db"/></para>
85
86 <bridgehead renderas="sect4">Recommended</bridgehead>
87 <para role="recommended"><xref linkend="openssl"/></para>
88
89 <bridgehead renderas="sect4">Optional</bridgehead>
90 <para role="optional"><xref linkend="openldap"/>,
91 <xref linkend="sqlite"/>,
92 <xref linkend="x-window-system"/>,
93 <xref linkend="libcap2"/>, and
94 <ulink url="http://people.redhat.com/sgrubb/libcap-ng/">libcap-ng</ulink> (with this
95 <ulink url="&patch-root;/libcap-ng-0.6.4-2.6.36_kernel_fix-1.patch">patch</ulink>
96 if the Linux kernel version is &gt;=2.6.36)</para>
97
98 <note>
99 <para>Some sort of time synchronization facility on your system
100 (like <xref linkend="ntp"/>) is required since Kerberos won't
101 authenticate if the time differential between a kerberized client
102 and the KDC server is more than 5 minutes.</para>
103 </note>
104
105 <para condition="html" role="usernotes">User Notes:
106 <ulink url="&blfs-wiki;/heimdal"/></para>
107
108 </sect2>
109
110 <sect2 role="installation">
111 <title>Installation of Heimdal</title>
112
113 <warning>
114 <para>Ensure you really need a Kerberos installation before you decide
115 to install this package. Failure to install and configure the package
116 correctly can alter your system so that users cannot log in.</para>
117 </warning>
118
119 <para>Install <application>Heimdal</application> by running the following
120 commands:</para>
121
122<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-otp_fixes-1.patch &amp;&amp;
123sed -i 's|/var/heimdal|/var/lib/heimdal|' \
124 `grep -lr "/var/heimdal" doc kadmin kdc lib` &amp;&amp;
125
126./configure --prefix=/usr \
127 --sysconfdir=/etc/heimdal \
128 --libexecdir=/usr/sbin \
129 --localstatedir=/var/lib/heimdal \
130 --datadir=/var/lib/heimdal \
131 --with-hdbdir=/var/lib/heimdal \
132 --with-readline=/usr \
133 --enable-kcm &amp;&amp;
134make &amp;&amp;
135
136install -v -m755 -d doc/html &amp;&amp;
137make -C doc html &amp;&amp;
138mv -v doc/heimdal.html doc/html/heimdal &amp;&amp;
139mv -v doc/hx509.html doc/html/hx509 &amp;&amp;
140makeinfo --html --no-split -o doc/heimdal.html doc/heimdal.texi &amp;&amp;
141makeinfo --html --no-split -o doc/hx509.html doc/hx509.texi &amp;&amp;
142makeinfo --plaintext -o doc/heimdal.txt doc/heimdal.texi &amp;&amp;
143makeinfo --plaintext -o doc/hx509.txt doc/hx509.texi</userinput></screen>
144
145 <para>If you have <!--<xref linkend="tetex"/> or--> <xref linkend="texlive"/>
146 installed and wish to create PDF and Postscript forms of the documentation,
147 change into the <filename class='directory'>doc</filename> directory and
148 issue any or all of the following commands:</para>
149
150<screen><userinput>pushd doc &amp;&amp;
151texi2pdf heimdal.texi &amp;&amp;
152texi2dvi heimdal.texi &amp;&amp;
153dvips -o heimdal.ps heimdal.dvi &amp;&amp;
154texi2pdf hx509.texi &amp;&amp;
155texi2dvi hx509.texi &amp;&amp;
156dvips -o hx509.ps hx509.dvi &amp;&amp;
157popd</userinput></screen>
158
159 <para>To test the results, issue: <command>make -k check</command>. The
160 <command>check-iprop</command> test is known to fail but all others should
161 pass.</para>
162
163 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
164
165<screen role="root"><userinput>make install &amp;&amp;
166
167install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
168install -v -m644 doc/{heimdal,hx509}.{html,txt} \
169 doc/{init-creds,layman.asc} \
170 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
171cp -v -R doc/html \
172 destdir/usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
173
174mv -v /bin/login /bin/login.SHADOW &amp;&amp;
175mv -v /bin/su /bin/su.SHADOW &amp;&amp;
176mv -v /usr/bin/{login,su} /bin &amp;&amp;
177ln -v -sf ../../bin/login /usr/bin &amp;&amp;
178
179for LINK in \
180 lib{otp,kafs,krb5,hx509,sqlite3,asn1,roken,crypto,wind}; do
181 mv -v /usr/lib/${LINK}.so.* /lib &amp;&amp;
182 ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
183 /usr/lib/${LINK}.so
184done &amp;&amp;
185
186mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
187 /usr/lib/libdb-?.so \
188 /lib &amp;&amp;
189ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
190 /usr/lib/libdb.so &amp;&amp;
191
192ldconfig</userinput></screen>
193
194 <para>If you built any of the additional forms of documentation, install it
195 using the following commands as the
196 <systemitem class="username">root</systemitem> user:</para>
197
198<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf} \
199 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
200
201 <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
202 strong passwords in the KDC database, issue the following commands as the
203 <systemitem class="username">root</systemitem> user:</para>
204
205<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
206 -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
207 -e 's|/var/heimdal|/var/lib/heimdal|' \
208 lib/kadm5/check-cracklib.pl \
209 > /bin/krb5-check-cracklib.pl &amp;&amp;
210
211chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
212
213 </sect2>
214
215 <sect2 role="commands">
216 <title>Command Explanations</title>
217
218 <para><command>sed -i ... `grep -lr "/var/heimdal"
219 doc kadmin kdc lib`</command>: This command is used to change the
220 hard-coded references in the documentation files from
221 <filename class='directory'>/var/heimdal</filename> to the FHS compliant
222 <filename class='directory'>/var/lib/heimdal</filename> directory
223 name.</para>
224
225 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
226 the daemon programs to be installed into
227 <filename class="directory">/usr/sbin</filename>.</para>
228
229 <tip>
230 <para>If you want to preserve all your existing
231 <application>Inetutils</application> package daemons, install the
232 <application>Heimdal</application> daemons into
233 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
234 you want). Since these programs will be called from
235 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
236 really doesn't matter where they are installed, as long as they are
237 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
238 and <filename>rc</filename> scripts. If you choose something other than
239 <filename class="directory">/usr/sbin</filename>, you may want to move
240 some of the user programs (such as <command>kadmin</command>) to
241 <filename class="directory">/usr/sbin</filename> manually so they'll be
242 in the privileged user's default <envar>PATH</envar>.</para>
243 </tip>
244
245 <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
246 <parameter>--datadir=/var/lib/heimdal</parameter> and
247 <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
248 are used so that the KDC database and associated files will all reside
249 in <filename class='directory'>/var/lib/heimdal</filename>.</para>
250
251 <para><parameter>--with-readline=/usr</parameter>: This parameter must be
252 used so that the <command>configure</command> script properly locates the
253 installed <application>Readline</application> package.</para>
254
255 <para><parameter>--enable-kcm</parameter>: This parameter enables building
256 the Kerberos Credentials Manager.</para>
257
258 <para><option>--with-sqlite3=/usr</option>: This parameter must be
259 used so that the <command>configure</command> script properly locates the
260 installed <application>Sqlite3</application> package.</para>
261
262 <para><option>--with-openldap=/usr</option> and
263 <option>--enable-hdb-openldap-module</option>: These parameters must be
264 used so that the <command>configure</command> script properly locates the
265 installed <application>OpenLDAP</application> package in order to build the
266 module allowing an LDAP backend database.</para>
267
268 <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
269 and <command> ln ... /usr/bin</command>: The <command>login</command>
270 and <command>su</command> programs installed by
271 <application>Heimdal</application> belong in the
272 <filename class="directory">/bin</filename> directory. The
273 <command>login</command> program is symlinked because
274 <application>Heimdal</application> is expecting to find it in
275 <filename class="directory">/usr/bin</filename>. The old executables from
276 the <application>Shadow</application> package are preserved before the move
277 so that they can be restored if you experience problems logging into the
278 system after the <application>Heimdal</application> package is installed
279 and configured.</para>
280
281 <para><command>for LINK in ...; do ...; done</command>,
282 <command>mv ... /lib</command> and
283 <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
284 and <command>su</command> programs previously moved into the
285 <filename class='directory'>/lib</filename> directory link against
286 <application>Heimdal</application> libraries as well as libraries provided
287 by the <application>OpenSSL</application> and
288 <application>Berkeley DB</application> packages. These
289 libraries are also moved to <filename class="directory">/lib</filename>
290 so they are FHS compliant and also in case
291 <filename class="directory">/usr</filename> is located on a separate
292 partition which may not always be mounted.</para>
293
294 </sect2>
295
296 <sect2 role="configuration">
297 <title>Configuring Heimdal</title>
298
299 <sect3 id="heimdal-config">
300 <title>Config Files</title>
301
302 <para><filename>/etc/heimdal/*</filename></para>
303
304 <indexterm zone="heimdal heimdal-config">
305 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
306 </indexterm>
307
308 </sect3>
309
310 <sect3>
311 <title>Configuration Information</title>
312
313 <note>
314 <para>All the configuration steps shown below must be accomplished
315 by the <systemitem class='username'>root</systemitem> user unless
316 otherwise noted.</para>
317 </note>
318
319 <sect4>
320 <title>Master KDC Server Configuration</title>
321
322 <para>Many of the commands below use
323 <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
324 where you need to substitute information specific to your network.
325 Ensure you replace everything in these tags (there will be no angle
326 brackets when you are done) with your site-specific information.</para>
327
328 <para>Create the Kerberos configuration file with the following
329 commands:</para>
330
331<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
332cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
333<literal># Begin /etc/heimdal/krb5.conf
334
335[libdefaults]
336 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
337 encrypt = true
338
339[realms]
340 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
341 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
342 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
343 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
344 }
345
346[domain_realm]
347 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
348
349[logging]
350 kdc = FILE:/var/log/kdc.log
351 admin_server = FILE:/var/log/kadmin.log
352 default = FILE:/var/log/krb.log
353
354# End /etc/heimdal/krb5.conf</literal>
355EOF
356chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
357
358 <para>You will need to substitute your domain and proper hostname
359 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
360 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
361
362 <para><option>default_realm</option> should be the name of your
363 domain changed to ALL CAPS. This isn't required, but both
364 <application>Heimdal</application> and <application>MIT
365 Kerberos</application> recommend it.</para>
366
367 <para><option>encrypt = true</option> provides encryption of all
368 traffic between kerberized clients and servers. It's not necessary
369 and can be left off. If you leave it off, you can encrypt all traffic
370 from the client to the server using a switch on the client program
371 instead. The <option>[realms]</option> parameters tell the client
372 programs where to look for the KDC authentication services. The
373 <option>[domain_realm]</option> section maps a domain
374 to a realm.</para>
375
376 <para>Store the master password in a key file using the following
377 commands:</para>
378
379<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
380kstash</userinput></screen>
381
382 <para>Create the KDC database:</para>
383
384<screen role="root"><userinput>kadmin -l</userinput></screen>
385
386 <para>The commands below will prompt you for information about the
387 principles. Choose the defaults for now unless you know what you are
388 doing and need to specify different values. You can go in later and
389 change the defaults, should you feel the need. You may use the up and
390 down arrow keys to use the history feature of <command>kadmin</command>
391 in a similar manner as the <command>bash</command> history
392 feature.</para>
393
394 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
395 statement:</para>
396
397<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
398
399 <para>The database must now be populated with at least one principle
400 (user). For now, just use your regular login name or root. You may
401 create as few, or as many principles as you wish using the following
402 statement:</para>
403
404<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
405
406 <para>The KDC server and any machine running kerberized
407 server daemons must have a host key installed:</para>
408
409<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
410
411 <para>After choosing the defaults when prompted, you will have to
412 export the data to a keytab file:</para>
413
414<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
415
416 <para>This should have created a file in
417 <filename class="directory">/etc/heimdal</filename> named
418 <filename>krb5.keytab</filename>. This file should have 600
419 (root rw only) permissions. Keeping the keytab file from public access
420 is crucial to the overall security of the Kerberos installation.</para>
421
422 <para>Eventually, you'll want to add server daemon principles to the
423 database and extract them to the keytab file. You do this in the same
424 way you created the host principles. Below is an example:</para>
425
426<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
427
428 <para>(choose the defaults)</para>
429
430<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
431
432 <para>Exit the <command>kadmin</command> program (use
433 <command>quit</command> or <command>exit</command>) and return back
434 to the shell prompt. Start the KDC daemon manually, just to test out
435 the installation:</para>
436
437<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
438
439 <para>Attempt to get a TGT (ticket granting ticket) with
440 the following command:</para>
441
442<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
443
444 <para>You will be prompted for the password you created. After you get
445 your ticket, you should list it with the following command:</para>
446
447<screen><userinput>klist</userinput></screen>
448
449 <para>Information about the ticket should be displayed on
450 the screen.</para>
451
452 <para>To test the functionality of the <filename>keytab</filename> file,
453 issue the following command:</para>
454
455<screen><userinput>ktutil list</userinput></screen>
456
457 <para>This should dump a list of the host principals, along with the
458 encryption methods used to access the principals.</para>
459
460 <para>At this point, if everything has been successful so far, you
461 can feel fairly confident in the installation, setup and configuration
462 of your new <application>Heimdal</application> Kerberos 5
463 installation.</para>
464
465 <para>If you wish to use the <xref linkend="cracklib"/> library to
466 enforce strong passwords in the KDC database, you must do two things.
467 First, add the following lines to the
468 <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
469
470<screen><literal>[password_quality]
471 policies = builtin:external-check
472 external_program = /bin/krb5-check-cracklib.pl</literal></screen>
473
474 <para>Next you must install the
475 <application>Crypt::Cracklib</application>
476 <application>Perl</application> module. Download it from the CPAN
477 site. The URL at the time of this writing is <ulink
478 url="http://www.cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.5.tar.gz"/>.
479 After unpacking the tarball and changing into the newly created
480 directory, issue the following command to add the BLFS
481 <application>Cracklib</application> dictionary location to one of the
482 source files:</para>
483
484<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
485
486 <para>Then use the standard <command>perl Makefile.PL</command>;
487 <command>make</command>; <command>make test</command>;
488 <command>make install</command> commands.</para>
489
490 <para id="heimdal-init">Install the
491 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
492 in the <xref linkend="bootscripts"/> package:</para>
493
494 <indexterm zone="heimdal heimdal-init">
495 <primary sortas="f-heimdal">heimdal</primary>
496 </indexterm>
497
498<screen role="root"><userinput>make install-heimdal</userinput></screen>
499
500 </sect4>
501
502 <sect4>
503 <title>Using Kerberized Client Programs</title>
504
505 <para>To use the kerberized client programs (<command>telnet</command>,
506 <command>ftp</command>, <command>rsh</command>,
507 <command>rxterm</command>, <command>rxtelnet</command>,
508 <command>rcp</command>, <command>xnlock</command>), you first must get
509 a TGT. Use the <command>kinit</command> program to get the ticket.
510 After you've acquired the ticket, you can use the kerberized programs
511 to connect to any kerberized server on the network. You will not be
512 prompted for authentication until your ticket expires (default is one
513 day), unless you specify a different user as a command line argument
514 to the program.</para>
515
516 <para>The kerberized programs will connect to non-kerberized daemons,
517 warning you that authentication is not encrypted.</para>
518
519 <para>In order to use the <application>Heimdal</application>
520 <application>X</application> programs, you'll need to add a service
521 port entry to the <filename>/etc/services</filename> file for the
522 <command>kxd</command> server. There is no 'standardized port number'
523 for the 'kx' service in the IANA database, so you'll have to pick an
524 unused port number. Add an entry to the <filename>services</filename>
525 file similar to the entry below (substitute your chosen port number
526 for <replaceable>&lt;49150&gt;</replaceable>):</para>
527
528<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
529kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
530
531 <para>For additional information consult <ulink
532 url="&hints-root;/downloads/files/heimdal.txt">the
533 Heimdal hint</ulink> on which the above instructions are based.</para>
534
535 </sect4>
536
537 </sect3>
538
539 </sect2>
540
541 <sect2 role="content">
542 <title>Contents</title>
543
544 <segmentedlist>
545 <segtitle>Installed Programs</segtitle>
546 <segtitle>Installed Libraries</segtitle>
547 <segtitle>Installed Directories</segtitle>
548
549 <seglistitem>
550 <seg>afslog, ftp, ftpd, gss, hprop, hpropd, hxtool, iprop-log,
551 ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
552 kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
553 kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
554 ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
555 popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
556 telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
557
558 <seg>hdb_ldap.{so,a}, libasn1.{so,a},
559 libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
560 libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
561 libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
562 libsl.{so,a}, libss-krb5.{so,a} and wind.{so,a}</seg>
563
564 <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
565 /usr/include/krb5, /usr/include/roken,
566 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
567 </seglistitem>
568 </segmentedlist>
569
570 <variablelist>
571 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
572 <?dbfo list-presentation="list"?>
573 <?dbhtml list-presentation="table"?>
574
575 <varlistentry id="afslog">
576 <term><command>afslog</command></term>
577 <listitem>
578 <para>obtains AFS tokens for a number of cells.</para>
579 <indexterm zone="heimdal afslog">
580 <primary sortas="b-afslog">afslog</primary>
581 </indexterm>
582 </listitem>
583 </varlistentry>
584
585 <varlistentry id="ftp">
586 <term><command>ftp</command></term>
587 <listitem>
588 <para>is a kerberized FTP client.</para>
589 <indexterm zone="heimdal ftp">
590 <primary sortas="b-ftp">ftp</primary>
591 </indexterm>
592 </listitem>
593 </varlistentry>
594
595 <varlistentry id="ftpd">
596 <term><command>ftpd</command></term>
597 <listitem>
598 <para>is a kerberized FTP daemon.</para>
599 <indexterm zone="heimdal ftpd">
600 <primary sortas="b-ftpd">ftpd</primary>
601 </indexterm>
602 </listitem>
603 </varlistentry>
604
605 <varlistentry id="hprop">
606 <term><command>hprop</command></term>
607 <listitem>
608 <para> takes a principal database in a specified format and converts
609 it into a stream of <application>Heimdal</application> database
610 records.</para>
611 <indexterm zone="heimdal hprop">
612 <primary sortas="b-hprop">hprop</primary>
613 </indexterm>
614 </listitem>
615 </varlistentry>
616
617 <varlistentry id="hpropd">
618 <term><command>hpropd</command></term>
619 <listitem>
620 <para>is a server that receives a database sent by
621 <command>hprop</command> and writes it as a local database.</para>
622 <indexterm zone="heimdal hpropd">
623 <primary sortas="b-hpropd">hpropd</primary>
624 </indexterm>
625 </listitem>
626 </varlistentry>
627
628 <varlistentry id="iprop-log">
629 <term><command>iprop-log</command></term>
630 <listitem>
631 <para>is used to maintain the iprop log file.</para>
632 <indexterm zone="heimdal iprop-log">
633 <primary sortas="b-iprop-log">iprop-log</primary>
634 </indexterm>
635 </listitem>
636 </varlistentry>
637
638 <varlistentry id="ipropd-master">
639 <term><command>ipropd-master</command></term>
640 <listitem>
641 <para>is a daemon which runs on the master KDC
642 server which incrementally propagates changes to the KDC
643 database to the slave KDC servers.</para>
644 <indexterm zone="heimdal ipropd-master">
645 <primary sortas="b-ipropd-master">ipropd-master</primary>
646 </indexterm>
647 </listitem>
648 </varlistentry>
649
650 <varlistentry id="ipropd-slave">
651 <term><command>ipropd-slave</command></term>
652 <listitem>
653 <para>is a daemon which runs on the slave KDC
654 servers which incrementally propagates changes to the KDC
655 database from the master KDC server.</para>
656 <indexterm zone="heimdal ipropd-slave">
657 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
658 </indexterm>
659 </listitem>
660 </varlistentry>
661
662 <varlistentry id="kadmin">
663 <term><command>kadmin</command></term>
664 <listitem>
665 <para>is a utility used to make modifications to the Kerberos
666 database.</para>
667 <indexterm zone="heimdal kadmin">
668 <primary sortas="b-kadmin">kadmin</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="kadmind">
674 <term><command>kadmind</command></term>
675 <listitem>
676 <para>is a server for administrative access to the Kerberos
677 database.</para>
678 <indexterm zone="heimdal kadmind">
679 <primary sortas="b-kadmind">kadmind</primary>
680 </indexterm>
681 </listitem>
682 </varlistentry>
683
684 <varlistentry id="kauth">
685 <term><command>kauth</command></term>
686 <listitem>
687 <para>is a symbolic link to the <command>kinit</command>
688 program.</para>
689 <indexterm zone="heimdal kauth">
690 <primary sortas="g-kauth">kauth</primary>
691 </indexterm>
692 </listitem>
693 </varlistentry>
694
695 <varlistentry id="kcm">
696 <term><command>kcm</command></term>
697 <listitem>
698 <para>is a process based credential cache for Kerberos
699 tickets.</para>
700 <indexterm zone="heimdal kcm">
701 <primary sortas="b-kcm">kcm</primary>
702 </indexterm>
703 </listitem>
704 </varlistentry>
705
706 <varlistentry id="kdc">
707 <term><command>kdc</command></term>
708 <listitem>
709 <para>is a Kerberos 5 server.</para>
710 <indexterm zone="heimdal kdc">
711 <primary sortas="b-kdc">kdc</primary>
712 </indexterm>
713 </listitem>
714 </varlistentry>
715
716 <varlistentry id="kdestroy">
717 <term><command>kdestroy</command></term>
718 <listitem>
719 <para>removes a principle's current set of tickets.</para>
720 <indexterm zone="heimdal kdestroy">
721 <primary sortas="b-kdestroy">kdestroy</primary>
722 </indexterm>
723 </listitem>
724 </varlistentry>
725
726 <varlistentry id="kf">
727 <term><command>kf</command></term>
728 <listitem>
729 <para>is a program which forwards tickets to a remote host through
730 an authenticated and encrypted stream.</para>
731 <indexterm zone="heimdal kf">
732 <primary sortas="b-kf">kf</primary>
733 </indexterm>
734 </listitem>
735 </varlistentry>
736
737 <varlistentry id="kfd">
738 <term><command>kfd</command></term>
739 <listitem>
740 <para>is a server used to receive forwarded tickets.</para>
741 <indexterm zone="heimdal kfd">
742 <primary sortas="b-kfd">kfd</primary>
743 </indexterm>
744 </listitem>
745 </varlistentry>
746
747 <varlistentry id="kgetcred">
748 <term><command>kgetcred</command></term>
749 <listitem>
750 <para>obtains a ticket for a service.</para>
751 <indexterm zone="heimdal kgetcred">
752 <primary sortas="b-kgetcred">kgetcred</primary>
753 </indexterm>
754 </listitem>
755 </varlistentry>
756
757 <varlistentry id="kinit">
758 <term><command>kinit</command></term>
759 <listitem>
760 <para>is used to authenticate to the Kerberos server as a principal
761 and acquire a ticket granting ticket that can later be used to obtain
762 tickets for other services.</para>
763 <indexterm zone="heimdal kinit">
764 <primary sortas="b-kinit">kinit</primary>
765 </indexterm>
766 </listitem>
767 </varlistentry>
768
769 <varlistentry id="klist">
770 <term><command>klist</command></term>
771 <listitem>
772 <para>reads and displays the current tickets in the credential
773 cache.</para>
774 <indexterm zone="heimdal klist">
775 <primary sortas="b-klist">klist</primary>
776 </indexterm>
777 </listitem>
778 </varlistentry>
779
780 <varlistentry id="kpasswd">
781 <term><command>kpasswd</command></term>
782 <listitem>
783 <para>is a program for changing Kerberos 5 passwords.</para>
784 <indexterm zone="heimdal kpasswd">
785 <primary sortas="b-kpasswd">kpasswd</primary>
786 </indexterm>
787 </listitem>
788 </varlistentry>
789
790 <varlistentry id="kpasswdd">
791 <term><command>kpasswdd</command></term>
792 <listitem>
793 <para>is a Kerberos 5 password changing server.</para>
794 <indexterm zone="heimdal kpasswdd">
795 <primary sortas="b-kpasswdd">kpasswdd</primary>
796 </indexterm>
797 </listitem>
798 </varlistentry>
799
800 <varlistentry id="krb5-config-prog">
801 <term><command>krb5-config</command></term>
802 <listitem>
803 <para>gives information on how to link programs against
804 <application>Heimdal</application> libraries.</para>
805 <indexterm zone="heimdal krb5-config-prog">
806 <primary sortas="b-krb5-config">krb5-config</primary>
807 </indexterm>
808 </listitem>
809 </varlistentry>
810
811 <varlistentry id="kstash">
812 <term><command>kstash</command></term>
813 <listitem>
814 <para>stores the KDC master password in a file.</para>
815 <indexterm zone="heimdal kstash">
816 <primary sortas="b-kstash">kstash</primary>
817 </indexterm>
818 </listitem>
819 </varlistentry>
820
821 <varlistentry id="ktutil">
822 <term><command>ktutil</command></term>
823 <listitem>
824 <para>is a program for managing Kerberos keytabs.</para>
825 <indexterm zone="heimdal ktutil">
826 <primary sortas="b-ktutil">ktutil</primary>
827 </indexterm>
828 </listitem>
829 </varlistentry>
830
831 <varlistentry id="kx">
832 <term><command>kx</command></term>
833 <listitem>
834 <para>is a program which securely forwards
835 <application>X</application> connections.</para>
836 <indexterm zone="heimdal kx">
837 <primary sortas="b-kx">kx</primary>
838 </indexterm>
839 </listitem>
840 </varlistentry>
841
842 <varlistentry id="kxd">
843 <term><command>kxd</command></term>
844 <listitem>
845 <para>is the daemon for <command>kx</command>.</para>
846 <indexterm zone="heimdal kxd">
847 <primary sortas="b-kxd">kxd</primary>
848 </indexterm>
849 </listitem>
850 </varlistentry>
851
852 <varlistentry id="login">
853 <term><command>login</command></term>
854 <listitem>
855 <para>is a kerberized login program.</para>
856 <indexterm zone="heimdal login">
857 <primary sortas="b-login">login</primary>
858 </indexterm>
859 </listitem>
860 </varlistentry>
861
862 <varlistentry id="otp">
863 <term><command>otp</command></term>
864 <listitem>
865 <para>manages one-time passwords.</para>
866 <indexterm zone="heimdal otp">
867 <primary sortas="b-otp">otp</primary>
868 </indexterm>
869 </listitem>
870 </varlistentry>
871
872 <varlistentry id="otpprint">
873 <term><command>otpprint</command></term>
874 <listitem>
875 <para>prints lists of one-time passwords.</para>
876 <indexterm zone="heimdal otpprint">
877 <primary sortas="b-otpprint">otpprint</primary>
878 </indexterm>
879 </listitem>
880 </varlistentry>
881
882 <varlistentry id="pfrom">
883 <term><command>pfrom</command></term>
884 <listitem>
885 <para>is a script that runs <command>push --from</command>.</para>
886 <indexterm zone="heimdal pfrom">
887 <primary sortas="b-pfrom">pfrom</primary>
888 </indexterm>
889 </listitem>
890 </varlistentry>
891
892 <varlistentry id="popper">
893 <term><command>popper</command></term>
894 <listitem>
895 <para>is a kerberized POP-3 server.</para>
896 <indexterm zone="heimdal popper">
897 <primary sortas="b-popper">popper</primary>
898 </indexterm>
899 </listitem>
900 </varlistentry>
901
902 <varlistentry id="push">
903 <term><command>push</command></term>
904 <listitem>
905 <para>is a kerberized POP mail retrieval client.</para>
906 <indexterm zone="heimdal push">
907 <primary sortas="b-push">push</primary>
908 </indexterm>
909 </listitem>
910 </varlistentry>
911
912 <varlistentry id="rcp">
913 <term><command>rcp</command></term>
914 <listitem>
915 <para>is a kerberized rcp client program.</para>
916 <indexterm zone="heimdal rcp">
917 <primary sortas="b-rcp">rcp</primary>
918 </indexterm>
919 </listitem>
920 </varlistentry>
921
922 <varlistentry id="rsh">
923 <term><command>rsh</command></term>
924 <listitem>
925 <para>is a kerberized rsh client program.</para>
926 <indexterm zone="heimdal rsh">
927 <primary sortas="b-rsh">rsh</primary>
928 </indexterm>
929 </listitem>
930 </varlistentry>
931
932 <varlistentry id="rshd">
933 <term><command>rshd</command></term>
934 <listitem>
935 <para>is a kerberized rsh server.</para>
936 <indexterm zone="heimdal rshd">
937 <primary sortas="b-rshd">rshd</primary>
938 </indexterm>
939 </listitem>
940 </varlistentry>
941
942 <varlistentry id="rxtelnet">
943 <term><command>rxtelnet</command></term>
944 <listitem>
945 <para>starts a secure <command>xterm</command> window with a
946 <command>telnet</command> to a given host and forwards
947 <application>X</application> connections.</para>
948 <indexterm zone="heimdal rxtelnet">
949 <primary sortas="b-rxtelnet">rxtelnet</primary>
950 </indexterm>
951 </listitem>
952 </varlistentry>
953
954 <varlistentry id="rxterm">
955 <term><command>rxterm</command></term>
956 <listitem>
957 <para>starts a secure remote <command>xterm</command>.</para>
958 <indexterm zone="heimdal rxterm">
959 <primary sortas="b-rxterm">rxterm</primary>
960 </indexterm>
961 </listitem>
962 </varlistentry>
963
964 <varlistentry id="string2key">
965 <term><command>string2key</command></term>
966 <listitem>
967 <para>maps a password into a key.</para>
968 <indexterm zone="heimdal string2key">
969 <primary sortas="b-string2key">string2key</primary>
970 </indexterm>
971 </listitem>
972 </varlistentry>
973
974 <varlistentry id="su">
975 <term><command>su</command></term>
976 <listitem>
977 <para>is a kerberized su client program.</para>
978 <indexterm zone="heimdal su">
979 <primary sortas="b-su">su</primary>
980 </indexterm>
981 </listitem>
982 </varlistentry>
983
984 <varlistentry id="telnet">
985 <term><command>telnet</command></term>
986 <listitem>
987 <para>is a kerberized telnet client program.</para>
988 <indexterm zone="heimdal telnet">
989 <primary sortas="b-telnet">telnet</primary>
990 </indexterm>
991 </listitem>
992 </varlistentry>
993
994 <varlistentry id="telnetd">
995 <term><command>telnetd</command></term>
996 <listitem>
997 <para>is a kerberized telnet server.</para>
998 <indexterm zone="heimdal telnetd">
999 <primary sortas="b-telnetd">telnetd</primary>
1000 </indexterm>
1001 </listitem>
1002 </varlistentry>
1003
1004 <varlistentry id="tenletxr">
1005 <term><command>tenletxr</command></term>
1006 <listitem>
1007 <para>forwards <application>X</application> connections
1008 backwards.</para>
1009 <indexterm zone="heimdal tenletxr">
1010 <primary sortas="b-tenletxr">tenletxr</primary>
1011 </indexterm>
1012 </listitem>
1013 </varlistentry>
1014
1015 <varlistentry id="verify_krb5_conf">
1016 <term><command>verify_krb5_conf</command></term>
1017 <listitem>
1018 <para>checks <filename>krb5.conf</filename> file for obvious
1019 errors.</para>
1020 <indexterm zone="heimdal verify_krb5_conf">
1021 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
1022 </indexterm>
1023 </listitem>
1024 </varlistentry>
1025
1026 <varlistentry id="xnlock">
1027 <term><command>xnlock</command></term>
1028 <listitem>
1029 <para>is a program that acts as a secure screen saver for
1030 workstations running <application>X</application>.</para>
1031 <indexterm zone="heimdal xnlock">
1032 <primary sortas="b-xnlock">xnlock</primary>
1033 </indexterm>
1034 </listitem>
1035 </varlistentry>
1036
1037 <varlistentry id="libasn1">
1038 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1039 <listitem>
1040 <para>provides the ASN.1 and DER functions to encode and decode
1041 the Kerberos TGTs.</para>
1042 <indexterm zone="heimdal libasn1">
1043 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
1044 </indexterm>
1045 </listitem>
1046 </varlistentry>
1047
1048 <varlistentry id="libgssapi">
1049 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1050 <listitem>
1051 <para>contain the Generic Security Service Application Programming
1052 Interface (GSSAPI) functions which provides security
1053 services to callers in a generic fashion, supportable with a range of
1054 underlying mechanisms and technologies and hence allowing source-level
1055 portability of applications to different environments.</para>
1056 <indexterm zone="heimdal libgssapi">
1057 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1058 </indexterm>
1059 </listitem>
1060 </varlistentry>
1061
1062 <varlistentry id="libhdb">
1063 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1064 <listitem>
1065 <para>is a <application>Heimdal</application> Kerberos 5
1066 authentication/authorization database access library.</para>
1067 <indexterm zone="heimdal libhdb">
1068 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1069 </indexterm>
1070 </listitem>
1071 </varlistentry>
1072
1073 <varlistentry id="libkadm5clnt">
1074 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1075 <listitem>
1076 <para>contains the administrative authentication and password
1077 checking functions required by Kerberos 5 client-side programs.</para>
1078 <indexterm zone="heimdal libkadm5clnt">
1079 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1080 </indexterm>
1081 </listitem>
1082 </varlistentry>
1083
1084 <varlistentry id="libkadm5srv">
1085 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1086 <listitem>
1087 <para>contain the administrative authentication and password
1088 checking functions required by Kerberos 5 servers.</para>
1089 <indexterm zone="heimdal libkadm5srv">
1090 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1091 </indexterm>
1092 </listitem>
1093 </varlistentry>
1094
1095 <varlistentry id="libkafs">
1096 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1097 <listitem>
1098 <para>contains the functions required to authenticated to AFS.</para>
1099 <indexterm zone="heimdal libkafs">
1100 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1101 </indexterm>
1102 </listitem>
1103 </varlistentry>
1104
1105 <varlistentry id="libkrb5">
1106 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1107 <listitem>
1108 <para>is an all-purpose Kerberos 5 library.</para>
1109 <indexterm zone="heimdal libkrb5">
1110 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1111 </indexterm>
1112 </listitem>
1113 </varlistentry>
1114
1115 <varlistentry id="libotp">
1116 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1117 <listitem>
1118 <para>contains the functions required to handle authenticating
1119 one time passwords.</para>
1120 <indexterm zone="heimdal libotp">
1121 <primary sortas="c-libotp">libotp.{so,a}</primary>
1122 </indexterm>
1123 </listitem>
1124 </varlistentry>
1125
1126 <varlistentry id="libroken">
1127 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1128 <listitem>
1129 <para>is a library containing Kerberos 5 compatibility
1130 functions.</para>
1131 <indexterm zone="heimdal libroken">
1132 <primary sortas="c-libroken">libroken.{so,a}</primary>
1133 </indexterm>
1134 </listitem>
1135 </varlistentry>
1136
1137 </variablelist>
1138
1139 </sect2>
1140
1141</sect1>
Note: See TracBrowser for help on using the repository browser.