source: archive/heimdal.xml@ 3f2db3a6

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal
Last change on this file since 3f2db3a6 was 3f2db3a6, checked in by Pierre Labastie <pierre.labastie@…>, 17 months ago

Remove sect1info tags

They only contain a date tag that is nowhere used.
  • Property mode set to 100644
File size: 44.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "31d08bbf47a77827fe97ef3f52b4c9c4">
10 <!ENTITY heimdal-size "6.0 MB">
11 <!ENTITY heimdal-buildsize "205 MB">
12 <!ENTITY heimdal-time "3.9 SBU (additional 2.3 SBU to run the test suite)">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18
19 <title>Heimdal-&heimdal-version;</title>
20
21 <indexterm zone="heimdal">
22 <primary sortas="a-Heimdal">Heimdal</primary>
23 </indexterm>
24
25 <sect2 role="package">
26 <title>Introduction to Heimdal</title>
27
28 <para><application>Heimdal</application> is a free implementation
29 of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
30 backward compatible with Kerberos 4. Kerberos is a network authentication
31 protocol. Basically it preserves the integrity of passwords in any
32 untrusted network (like the Internet). Kerberized applications work
33 hand-in-hand with sites that support Kerberos to ensure that passwords
34 cannot be stolen or compromised. A Kerberos installation will make changes
35 to the authentication mechanisms on your network and will overwrite several
36 programs and daemons from the <application>Shadow</application>,
37 <application>Inetutils</application> and
38 <application>Qpopper</application> packages. See
39 <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
40 all the files and commands to rename each of them.</para>
41
42 <para>&lfssvn_checked;20101029&lfssvn_checked2;</para>
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &heimdal-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &heimdal-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &heimdal-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &heimdal-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <listitem>
69 <para>Required Patch: <ulink
70 url="&patch-root;/heimdal-&heimdal-version;-otp_fixes-1.patch"/></para>
71 </listitem>
72 <!-- <listitem>
73 <para>Required Patch: <ulink
74 url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
75 </listitem> -->
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
79
80 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
81 <para role="required"><xref linkend="db"/></para>
82
83 <bridgehead renderas="sect4">Recommended</bridgehead>
84 <para role="recommended"><xref linkend="openssl"/></para>
85
86 <bridgehead renderas="sect4">Optional</bridgehead>
87 <para role="optional"><xref linkend="openldap"/>,
88 <xref linkend="sqlite"/>,
89 <xref linkend="x-window-system"/>,
90 <xref linkend="libcap2"/>, and
91 <ulink url="http://people.redhat.com/sgrubb/libcap-ng/">libcap-ng</ulink> (with this
92 <ulink url="&patch-root;/libcap-ng-0.6.4-2.6.36_kernel_fix-1.patch">patch</ulink>
93 if the Linux kernel version is &gt;=2.6.36)</para>
94
95 <note>
96 <para>Some sort of time synchronization facility on your system
97 (like <xref linkend="ntp"/>) is required since Kerberos won't
98 authenticate if the time differential between a kerberized client
99 and the KDC server is more than 5 minutes.</para>
100 </note>
101
102 <para condition="html" role="usernotes">User Notes:
103 <ulink url="&blfs-wiki;/heimdal"/></para>
104
105 </sect2>
106
107 <sect2 role="installation">
108 <title>Installation of Heimdal</title>
109
110 <warning>
111 <para>Ensure you really need a Kerberos installation before you decide
112 to install this package. Failure to install and configure the package
113 correctly can alter your system so that users cannot log in.</para>
114 </warning>
115
116 <para>Install <application>Heimdal</application> by running the following
117 commands:</para>
118
119<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-otp_fixes-1.patch &amp;&amp;
120sed -i 's|/var/heimdal|/var/lib/heimdal|' \
121 `grep -lr "/var/heimdal" doc kadmin kdc lib` &amp;&amp;
122
123./configure --prefix=/usr \
124 --sysconfdir=/etc/heimdal \
125 --libexecdir=/usr/sbin \
126 --localstatedir=/var/lib/heimdal \
127 --datadir=/var/lib/heimdal \
128 --with-hdbdir=/var/lib/heimdal \
129 --with-readline=/usr \
130 --enable-kcm &amp;&amp;
131make &amp;&amp;
132
133install -v -m755 -d doc/html &amp;&amp;
134make -C doc html &amp;&amp;
135mv -v doc/heimdal.html doc/html/heimdal &amp;&amp;
136mv -v doc/hx509.html doc/html/hx509 &amp;&amp;
137makeinfo --html --no-split -o doc/heimdal.html doc/heimdal.texi &amp;&amp;
138makeinfo --html --no-split -o doc/hx509.html doc/hx509.texi &amp;&amp;
139makeinfo --plaintext -o doc/heimdal.txt doc/heimdal.texi &amp;&amp;
140makeinfo --plaintext -o doc/hx509.txt doc/hx509.texi</userinput></screen>
141
142 <para>If you have <!--<xref linkend="tetex"/> or--> <xref linkend="texlive"/>
143 installed and wish to create PDF and Postscript forms of the documentation,
144 change into the <filename class='directory'>doc</filename> directory and
145 issue any or all of the following commands:</para>
146
147<screen><userinput>pushd doc &amp;&amp;
148texi2pdf heimdal.texi &amp;&amp;
149texi2dvi heimdal.texi &amp;&amp;
150dvips -o heimdal.ps heimdal.dvi &amp;&amp;
151texi2pdf hx509.texi &amp;&amp;
152texi2dvi hx509.texi &amp;&amp;
153dvips -o hx509.ps hx509.dvi &amp;&amp;
154popd</userinput></screen>
155
156 <para>To test the results, issue: <command>make -k check</command>. The
157 <command>check-iprop</command> test is known to fail but all others should
158 pass.</para>
159
160 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
161
162<screen role="root"><userinput>make install &amp;&amp;
163
164install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
165install -v -m644 doc/{heimdal,hx509}.{html,txt} \
166 doc/{init-creds,layman.asc} \
167 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
168cp -v -R doc/html \
169 destdir/usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
170
171mv -v /bin/login /bin/login.SHADOW &amp;&amp;
172mv -v /bin/su /bin/su.SHADOW &amp;&amp;
173mv -v /usr/bin/{login,su} /bin &amp;&amp;
174ln -v -sf ../../bin/login /usr/bin &amp;&amp;
175
176for LINK in \
177 lib{otp,kafs,krb5,hx509,sqlite3,asn1,roken,crypto,wind}; do
178 mv -v /usr/lib/${LINK}.so.* /lib &amp;&amp;
179 ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
180 /usr/lib/${LINK}.so
181done &amp;&amp;
182
183mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
184 /usr/lib/libdb-?.so \
185 /lib &amp;&amp;
186ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
187 /usr/lib/libdb.so &amp;&amp;
188
189ldconfig</userinput></screen>
190
191 <para>If you built any of the additional forms of documentation, install it
192 using the following commands as the
193 <systemitem class="username">root</systemitem> user:</para>
194
195<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf} \
196 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
197
198 <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
199 strong passwords in the KDC database, issue the following commands as the
200 <systemitem class="username">root</systemitem> user:</para>
201
202<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
203 -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
204 -e 's|/var/heimdal|/var/lib/heimdal|' \
205 lib/kadm5/check-cracklib.pl \
206 > /bin/krb5-check-cracklib.pl &amp;&amp;
207
208chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
209
210 </sect2>
211
212 <sect2 role="commands">
213 <title>Command Explanations</title>
214
215 <para><command>sed -i ... `grep -lr "/var/heimdal"
216 doc kadmin kdc lib`</command>: This command is used to change the
217 hard-coded references in the documentation files from
218 <filename class='directory'>/var/heimdal</filename> to the FHS compliant
219 <filename class='directory'>/var/lib/heimdal</filename> directory
220 name.</para>
221
222 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
223 the daemon programs to be installed into
224 <filename class="directory">/usr/sbin</filename>.</para>
225
226 <tip>
227 <para>If you want to preserve all your existing
228 <application>Inetutils</application> package daemons, install the
229 <application>Heimdal</application> daemons into
230 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
231 you want). Since these programs will be called from
232 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
233 really doesn't matter where they are installed, as long as they are
234 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
235 and <filename>rc</filename> scripts. If you choose something other than
236 <filename class="directory">/usr/sbin</filename>, you may want to move
237 some of the user programs (such as <command>kadmin</command>) to
238 <filename class="directory">/usr/sbin</filename> manually so they'll be
239 in the privileged user's default <envar>PATH</envar>.</para>
240 </tip>
241
242 <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
243 <parameter>--datadir=/var/lib/heimdal</parameter> and
244 <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
245 are used so that the KDC database and associated files will all reside
246 in <filename class='directory'>/var/lib/heimdal</filename>.</para>
247
248 <para><parameter>--with-readline=/usr</parameter>: This parameter must be
249 used so that the <command>configure</command> script properly locates the
250 installed <application>Readline</application> package.</para>
251
252 <para><parameter>--enable-kcm</parameter>: This parameter enables building
253 the Kerberos Credentials Manager.</para>
254
255 <para><option>--with-sqlite3=/usr</option>: This parameter must be
256 used so that the <command>configure</command> script properly locates the
257 installed <application>Sqlite3</application> package.</para>
258
259 <para><option>--with-openldap=/usr</option> and
260 <option>--enable-hdb-openldap-module</option>: These parameters must be
261 used so that the <command>configure</command> script properly locates the
262 installed <application>OpenLDAP</application> package in order to build the
263 module allowing an LDAP backend database.</para>
264
265 <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
266 and <command> ln ... /usr/bin</command>: The <command>login</command>
267 and <command>su</command> programs installed by
268 <application>Heimdal</application> belong in the
269 <filename class="directory">/bin</filename> directory. The
270 <command>login</command> program is symlinked because
271 <application>Heimdal</application> is expecting to find it in
272 <filename class="directory">/usr/bin</filename>. The old executables from
273 the <application>Shadow</application> package are preserved before the move
274 so that they can be restored if you experience problems logging into the
275 system after the <application>Heimdal</application> package is installed
276 and configured.</para>
277
278 <para><command>for LINK in ...; do ...; done</command>,
279 <command>mv ... /lib</command> and
280 <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
281 and <command>su</command> programs previously moved into the
282 <filename class='directory'>/lib</filename> directory link against
283 <application>Heimdal</application> libraries as well as libraries provided
284 by the <application>OpenSSL</application> and
285 <application>Berkeley DB</application> packages. These
286 libraries are also moved to <filename class="directory">/lib</filename>
287 so they are FHS compliant and also in case
288 <filename class="directory">/usr</filename> is located on a separate
289 partition which may not always be mounted.</para>
290
291 </sect2>
292
293 <sect2 role="configuration">
294 <title>Configuring Heimdal</title>
295
296 <sect3 id="heimdal-config">
297 <title>Config Files</title>
298
299 <para><filename>/etc/heimdal/*</filename></para>
300
301 <indexterm zone="heimdal heimdal-config">
302 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
303 </indexterm>
304
305 </sect3>
306
307 <sect3>
308 <title>Configuration Information</title>
309
310 <note>
311 <para>All the configuration steps shown below must be accomplished
312 by the <systemitem class='username'>root</systemitem> user unless
313 otherwise noted.</para>
314 </note>
315
316 <sect4>
317 <title>Master KDC Server Configuration</title>
318
319 <para>Many of the commands below use
320 <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
321 where you need to substitute information specific to your network.
322 Ensure you replace everything in these tags (there will be no angle
323 brackets when you are done) with your site-specific information.</para>
324
325 <para>Create the Kerberos configuration file with the following
326 commands:</para>
327
328<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
329cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
330<literal># Begin /etc/heimdal/krb5.conf
331
332[libdefaults]
333 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
334 encrypt = true
335
336[realms]
337 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
338 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
339 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
340 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
341 }
342
343[domain_realm]
344 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
345
346[logging]
347 kdc = FILE:/var/log/kdc.log
348 admin_server = FILE:/var/log/kadmin.log
349 default = FILE:/var/log/krb.log
350
351# End /etc/heimdal/krb5.conf</literal>
352EOF
353chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
354
355 <para>You will need to substitute your domain and proper hostname
356 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
357 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
358
359 <para><option>default_realm</option> should be the name of your
360 domain changed to ALL CAPS. This isn't required, but both
361 <application>Heimdal</application> and <application>MIT
362 Kerberos</application> recommend it.</para>
363
364 <para><option>encrypt = true</option> provides encryption of all
365 traffic between kerberized clients and servers. It's not necessary
366 and can be left off. If you leave it off, you can encrypt all traffic
367 from the client to the server using a switch on the client program
368 instead. The <option>[realms]</option> parameters tell the client
369 programs where to look for the KDC authentication services. The
370 <option>[domain_realm]</option> section maps a domain
371 to a realm.</para>
372
373 <para>Store the master password in a key file using the following
374 commands:</para>
375
376<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
377kstash</userinput></screen>
378
379 <para>Create the KDC database:</para>
380
381<screen role="root"><userinput>kadmin -l</userinput></screen>
382
383 <para>The commands below will prompt you for information about the
384 principles. Choose the defaults for now unless you know what you are
385 doing and need to specify different values. You can go in later and
386 change the defaults, should you feel the need. You may use the up and
387 down arrow keys to use the history feature of <command>kadmin</command>
388 in a similar manner as the <command>bash</command> history
389 feature.</para>
390
391 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
392 statement:</para>
393
394<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
395
396 <para>The database must now be populated with at least one principle
397 (user). For now, just use your regular login name or root. You may
398 create as few, or as many principles as you wish using the following
399 statement:</para>
400
401<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
402
403 <para>The KDC server and any machine running kerberized
404 server daemons must have a host key installed:</para>
405
406<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
407
408 <para>After choosing the defaults when prompted, you will have to
409 export the data to a keytab file:</para>
410
411<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
412
413 <para>This should have created a file in
414 <filename class="directory">/etc/heimdal</filename> named
415 <filename>krb5.keytab</filename>. This file should have 600
416 (root rw only) permissions. Keeping the keytab file from public access
417 is crucial to the overall security of the Kerberos installation.</para>
418
419 <para>Eventually, you'll want to add server daemon principles to the
420 database and extract them to the keytab file. You do this in the same
421 way you created the host principles. Below is an example:</para>
422
423<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
424
425 <para>(choose the defaults)</para>
426
427<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
428
429 <para>Exit the <command>kadmin</command> program (use
430 <command>quit</command> or <command>exit</command>) and return back
431 to the shell prompt. Start the KDC daemon manually, just to test out
432 the installation:</para>
433
434<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
435
436 <para>Attempt to get a TGT (ticket granting ticket) with
437 the following command:</para>
438
439<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
440
441 <para>You will be prompted for the password you created. After you get
442 your ticket, you should list it with the following command:</para>
443
444<screen><userinput>klist</userinput></screen>
445
446 <para>Information about the ticket should be displayed on
447 the screen.</para>
448
449 <para>To test the functionality of the <filename>keytab</filename> file,
450 issue the following command:</para>
451
452<screen><userinput>ktutil list</userinput></screen>
453
454 <para>This should dump a list of the host principals, along with the
455 encryption methods used to access the principals.</para>
456
457 <para>At this point, if everything has been successful so far, you
458 can feel fairly confident in the installation, setup and configuration
459 of your new <application>Heimdal</application> Kerberos 5
460 installation.</para>
461
462 <para>If you wish to use the <xref linkend="cracklib"/> library to
463 enforce strong passwords in the KDC database, you must do two things.
464 First, add the following lines to the
465 <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
466
467<screen><literal>[password_quality]
468 policies = builtin:external-check
469 external_program = /bin/krb5-check-cracklib.pl</literal></screen>
470
471 <para>Next you must install the
472 <application>Crypt::Cracklib</application>
473 <application>Perl</application> module. Download it from the CPAN
474 site. The URL at the time of this writing is <ulink
475 url="http://www.cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.5.tar.gz"/>.
476 After unpacking the tarball and changing into the newly created
477 directory, issue the following command to add the BLFS
478 <application>Cracklib</application> dictionary location to one of the
479 source files:</para>
480
481<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
482
483 <para>Then use the standard <command>perl Makefile.PL</command>;
484 <command>make</command>; <command>make test</command>;
485 <command>make install</command> commands.</para>
486
487 <para id="heimdal-init">Install the
488 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
489 in the <xref linkend="bootscripts"/> package:</para>
490
491 <indexterm zone="heimdal heimdal-init">
492 <primary sortas="f-heimdal">heimdal</primary>
493 </indexterm>
494
495<screen role="root"><userinput>make install-heimdal</userinput></screen>
496
497 </sect4>
498
499 <sect4>
500 <title>Using Kerberized Client Programs</title>
501
502 <para>To use the kerberized client programs (<command>telnet</command>,
503 <command>ftp</command>, <command>rsh</command>,
504 <command>rxterm</command>, <command>rxtelnet</command>,
505 <command>rcp</command>, <command>xnlock</command>), you first must get
506 a TGT. Use the <command>kinit</command> program to get the ticket.
507 After you've acquired the ticket, you can use the kerberized programs
508 to connect to any kerberized server on the network. You will not be
509 prompted for authentication until your ticket expires (default is one
510 day), unless you specify a different user as a command line argument
511 to the program.</para>
512
513 <para>The kerberized programs will connect to non-kerberized daemons,
514 warning you that authentication is not encrypted.</para>
515
516 <para>In order to use the <application>Heimdal</application>
517 <application>X</application> programs, you'll need to add a service
518 port entry to the <filename>/etc/services</filename> file for the
519 <command>kxd</command> server. There is no 'standardized port number'
520 for the 'kx' service in the IANA database, so you'll have to pick an
521 unused port number. Add an entry to the <filename>services</filename>
522 file similar to the entry below (substitute your chosen port number
523 for <replaceable>&lt;49150&gt;</replaceable>):</para>
524
525<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
526kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
527
528 <para>For additional information consult <ulink
529 url="&hints-root;/downloads/files/heimdal.txt">the
530 Heimdal hint</ulink> on which the above instructions are based.</para>
531
532 </sect4>
533
534 </sect3>
535
536 </sect2>
537
538 <sect2 role="content">
539 <title>Contents</title>
540
541 <segmentedlist>
542 <segtitle>Installed Programs</segtitle>
543 <segtitle>Installed Libraries</segtitle>
544 <segtitle>Installed Directories</segtitle>
545
546 <seglistitem>
547 <seg>afslog, ftp, ftpd, gss, hprop, hpropd, hxtool, iprop-log,
548 ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
549 kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
550 kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
551 ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
552 popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
553 telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
554
555 <seg>hdb_ldap.{so,a}, libasn1.{so,a},
556 libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
557 libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
558 libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
559 libsl.{so,a}, libss-krb5.{so,a} and wind.{so,a}</seg>
560
561 <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
562 /usr/include/krb5, /usr/include/roken,
563 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
564 </seglistitem>
565 </segmentedlist>
566
567 <variablelist>
568 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
569 <?dbfo list-presentation="list"?>
570 <?dbhtml list-presentation="table"?>
571
572 <varlistentry id="afslog">
573 <term><command>afslog</command></term>
574 <listitem>
575 <para>obtains AFS tokens for a number of cells.</para>
576 <indexterm zone="heimdal afslog">
577 <primary sortas="b-afslog">afslog</primary>
578 </indexterm>
579 </listitem>
580 </varlistentry>
581
582 <varlistentry id="ftp">
583 <term><command>ftp</command></term>
584 <listitem>
585 <para>is a kerberized FTP client.</para>
586 <indexterm zone="heimdal ftp">
587 <primary sortas="b-ftp">ftp</primary>
588 </indexterm>
589 </listitem>
590 </varlistentry>
591
592 <varlistentry id="ftpd">
593 <term><command>ftpd</command></term>
594 <listitem>
595 <para>is a kerberized FTP daemon.</para>
596 <indexterm zone="heimdal ftpd">
597 <primary sortas="b-ftpd">ftpd</primary>
598 </indexterm>
599 </listitem>
600 </varlistentry>
601
602 <varlistentry id="hprop">
603 <term><command>hprop</command></term>
604 <listitem>
605 <para> takes a principal database in a specified format and converts
606 it into a stream of <application>Heimdal</application> database
607 records.</para>
608 <indexterm zone="heimdal hprop">
609 <primary sortas="b-hprop">hprop</primary>
610 </indexterm>
611 </listitem>
612 </varlistentry>
613
614 <varlistentry id="hpropd">
615 <term><command>hpropd</command></term>
616 <listitem>
617 <para>is a server that receives a database sent by
618 <command>hprop</command> and writes it as a local database.</para>
619 <indexterm zone="heimdal hpropd">
620 <primary sortas="b-hpropd">hpropd</primary>
621 </indexterm>
622 </listitem>
623 </varlistentry>
624
625 <varlistentry id="iprop-log">
626 <term><command>iprop-log</command></term>
627 <listitem>
628 <para>is used to maintain the iprop log file.</para>
629 <indexterm zone="heimdal iprop-log">
630 <primary sortas="b-iprop-log">iprop-log</primary>
631 </indexterm>
632 </listitem>
633 </varlistentry>
634
635 <varlistentry id="ipropd-master">
636 <term><command>ipropd-master</command></term>
637 <listitem>
638 <para>is a daemon which runs on the master KDC
639 server which incrementally propagates changes to the KDC
640 database to the slave KDC servers.</para>
641 <indexterm zone="heimdal ipropd-master">
642 <primary sortas="b-ipropd-master">ipropd-master</primary>
643 </indexterm>
644 </listitem>
645 </varlistentry>
646
647 <varlistentry id="ipropd-slave">
648 <term><command>ipropd-slave</command></term>
649 <listitem>
650 <para>is a daemon which runs on the slave KDC
651 servers which incrementally propagates changes to the KDC
652 database from the master KDC server.</para>
653 <indexterm zone="heimdal ipropd-slave">
654 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
655 </indexterm>
656 </listitem>
657 </varlistentry>
658
659 <varlistentry id="kadmin">
660 <term><command>kadmin</command></term>
661 <listitem>
662 <para>is a utility used to make modifications to the Kerberos
663 database.</para>
664 <indexterm zone="heimdal kadmin">
665 <primary sortas="b-kadmin">kadmin</primary>
666 </indexterm>
667 </listitem>
668 </varlistentry>
669
670 <varlistentry id="kadmind">
671 <term><command>kadmind</command></term>
672 <listitem>
673 <para>is a server for administrative access to the Kerberos
674 database.</para>
675 <indexterm zone="heimdal kadmind">
676 <primary sortas="b-kadmind">kadmind</primary>
677 </indexterm>
678 </listitem>
679 </varlistentry>
680
681 <varlistentry id="kauth">
682 <term><command>kauth</command></term>
683 <listitem>
684 <para>is a symbolic link to the <command>kinit</command>
685 program.</para>
686 <indexterm zone="heimdal kauth">
687 <primary sortas="g-kauth">kauth</primary>
688 </indexterm>
689 </listitem>
690 </varlistentry>
691
692 <varlistentry id="kcm">
693 <term><command>kcm</command></term>
694 <listitem>
695 <para>is a process based credential cache for Kerberos
696 tickets.</para>
697 <indexterm zone="heimdal kcm">
698 <primary sortas="b-kcm">kcm</primary>
699 </indexterm>
700 </listitem>
701 </varlistentry>
702
703 <varlistentry id="kdc">
704 <term><command>kdc</command></term>
705 <listitem>
706 <para>is a Kerberos 5 server.</para>
707 <indexterm zone="heimdal kdc">
708 <primary sortas="b-kdc">kdc</primary>
709 </indexterm>
710 </listitem>
711 </varlistentry>
712
713 <varlistentry id="kdestroy">
714 <term><command>kdestroy</command></term>
715 <listitem>
716 <para>removes a principle's current set of tickets.</para>
717 <indexterm zone="heimdal kdestroy">
718 <primary sortas="b-kdestroy">kdestroy</primary>
719 </indexterm>
720 </listitem>
721 </varlistentry>
722
723 <varlistentry id="kf">
724 <term><command>kf</command></term>
725 <listitem>
726 <para>is a program which forwards tickets to a remote host through
727 an authenticated and encrypted stream.</para>
728 <indexterm zone="heimdal kf">
729 <primary sortas="b-kf">kf</primary>
730 </indexterm>
731 </listitem>
732 </varlistentry>
733
734 <varlistentry id="kfd">
735 <term><command>kfd</command></term>
736 <listitem>
737 <para>is a server used to receive forwarded tickets.</para>
738 <indexterm zone="heimdal kfd">
739 <primary sortas="b-kfd">kfd</primary>
740 </indexterm>
741 </listitem>
742 </varlistentry>
743
744 <varlistentry id="kgetcred">
745 <term><command>kgetcred</command></term>
746 <listitem>
747 <para>obtains a ticket for a service.</para>
748 <indexterm zone="heimdal kgetcred">
749 <primary sortas="b-kgetcred">kgetcred</primary>
750 </indexterm>
751 </listitem>
752 </varlistentry>
753
754 <varlistentry id="kinit">
755 <term><command>kinit</command></term>
756 <listitem>
757 <para>is used to authenticate to the Kerberos server as a principal
758 and acquire a ticket granting ticket that can later be used to obtain
759 tickets for other services.</para>
760 <indexterm zone="heimdal kinit">
761 <primary sortas="b-kinit">kinit</primary>
762 </indexterm>
763 </listitem>
764 </varlistentry>
765
766 <varlistentry id="klist">
767 <term><command>klist</command></term>
768 <listitem>
769 <para>reads and displays the current tickets in the credential
770 cache.</para>
771 <indexterm zone="heimdal klist">
772 <primary sortas="b-klist">klist</primary>
773 </indexterm>
774 </listitem>
775 </varlistentry>
776
777 <varlistentry id="kpasswd">
778 <term><command>kpasswd</command></term>
779 <listitem>
780 <para>is a program for changing Kerberos 5 passwords.</para>
781 <indexterm zone="heimdal kpasswd">
782 <primary sortas="b-kpasswd">kpasswd</primary>
783 </indexterm>
784 </listitem>
785 </varlistentry>
786
787 <varlistentry id="kpasswdd">
788 <term><command>kpasswdd</command></term>
789 <listitem>
790 <para>is a Kerberos 5 password changing server.</para>
791 <indexterm zone="heimdal kpasswdd">
792 <primary sortas="b-kpasswdd">kpasswdd</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="krb5-config-prog">
798 <term><command>krb5-config</command></term>
799 <listitem>
800 <para>gives information on how to link programs against
801 <application>Heimdal</application> libraries.</para>
802 <indexterm zone="heimdal krb5-config-prog">
803 <primary sortas="b-krb5-config">krb5-config</primary>
804 </indexterm>
805 </listitem>
806 </varlistentry>
807
808 <varlistentry id="kstash">
809 <term><command>kstash</command></term>
810 <listitem>
811 <para>stores the KDC master password in a file.</para>
812 <indexterm zone="heimdal kstash">
813 <primary sortas="b-kstash">kstash</primary>
814 </indexterm>
815 </listitem>
816 </varlistentry>
817
818 <varlistentry id="ktutil">
819 <term><command>ktutil</command></term>
820 <listitem>
821 <para>is a program for managing Kerberos keytabs.</para>
822 <indexterm zone="heimdal ktutil">
823 <primary sortas="b-ktutil">ktutil</primary>
824 </indexterm>
825 </listitem>
826 </varlistentry>
827
828 <varlistentry id="kx">
829 <term><command>kx</command></term>
830 <listitem>
831 <para>is a program which securely forwards
832 <application>X</application> connections.</para>
833 <indexterm zone="heimdal kx">
834 <primary sortas="b-kx">kx</primary>
835 </indexterm>
836 </listitem>
837 </varlistentry>
838
839 <varlistentry id="kxd">
840 <term><command>kxd</command></term>
841 <listitem>
842 <para>is the daemon for <command>kx</command>.</para>
843 <indexterm zone="heimdal kxd">
844 <primary sortas="b-kxd">kxd</primary>
845 </indexterm>
846 </listitem>
847 </varlistentry>
848
849 <varlistentry id="login">
850 <term><command>login</command></term>
851 <listitem>
852 <para>is a kerberized login program.</para>
853 <indexterm zone="heimdal login">
854 <primary sortas="b-login">login</primary>
855 </indexterm>
856 </listitem>
857 </varlistentry>
858
859 <varlistentry id="otp">
860 <term><command>otp</command></term>
861 <listitem>
862 <para>manages one-time passwords.</para>
863 <indexterm zone="heimdal otp">
864 <primary sortas="b-otp">otp</primary>
865 </indexterm>
866 </listitem>
867 </varlistentry>
868
869 <varlistentry id="otpprint">
870 <term><command>otpprint</command></term>
871 <listitem>
872 <para>prints lists of one-time passwords.</para>
873 <indexterm zone="heimdal otpprint">
874 <primary sortas="b-otpprint">otpprint</primary>
875 </indexterm>
876 </listitem>
877 </varlistentry>
878
879 <varlistentry id="pfrom">
880 <term><command>pfrom</command></term>
881 <listitem>
882 <para>is a script that runs <command>push --from</command>.</para>
883 <indexterm zone="heimdal pfrom">
884 <primary sortas="b-pfrom">pfrom</primary>
885 </indexterm>
886 </listitem>
887 </varlistentry>
888
889 <varlistentry id="popper">
890 <term><command>popper</command></term>
891 <listitem>
892 <para>is a kerberized POP-3 server.</para>
893 <indexterm zone="heimdal popper">
894 <primary sortas="b-popper">popper</primary>
895 </indexterm>
896 </listitem>
897 </varlistentry>
898
899 <varlistentry id="push">
900 <term><command>push</command></term>
901 <listitem>
902 <para>is a kerberized POP mail retrieval client.</para>
903 <indexterm zone="heimdal push">
904 <primary sortas="b-push">push</primary>
905 </indexterm>
906 </listitem>
907 </varlistentry>
908
909 <varlistentry id="rcp">
910 <term><command>rcp</command></term>
911 <listitem>
912 <para>is a kerberized rcp client program.</para>
913 <indexterm zone="heimdal rcp">
914 <primary sortas="b-rcp">rcp</primary>
915 </indexterm>
916 </listitem>
917 </varlistentry>
918
919 <varlistentry id="rsh">
920 <term><command>rsh</command></term>
921 <listitem>
922 <para>is a kerberized rsh client program.</para>
923 <indexterm zone="heimdal rsh">
924 <primary sortas="b-rsh">rsh</primary>
925 </indexterm>
926 </listitem>
927 </varlistentry>
928
929 <varlistentry id="rshd">
930 <term><command>rshd</command></term>
931 <listitem>
932 <para>is a kerberized rsh server.</para>
933 <indexterm zone="heimdal rshd">
934 <primary sortas="b-rshd">rshd</primary>
935 </indexterm>
936 </listitem>
937 </varlistentry>
938
939 <varlistentry id="rxtelnet">
940 <term><command>rxtelnet</command></term>
941 <listitem>
942 <para>starts a secure <command>xterm</command> window with a
943 <command>telnet</command> to a given host and forwards
944 <application>X</application> connections.</para>
945 <indexterm zone="heimdal rxtelnet">
946 <primary sortas="b-rxtelnet">rxtelnet</primary>
947 </indexterm>
948 </listitem>
949 </varlistentry>
950
951 <varlistentry id="rxterm">
952 <term><command>rxterm</command></term>
953 <listitem>
954 <para>starts a secure remote <command>xterm</command>.</para>
955 <indexterm zone="heimdal rxterm">
956 <primary sortas="b-rxterm">rxterm</primary>
957 </indexterm>
958 </listitem>
959 </varlistentry>
960
961 <varlistentry id="string2key">
962 <term><command>string2key</command></term>
963 <listitem>
964 <para>maps a password into a key.</para>
965 <indexterm zone="heimdal string2key">
966 <primary sortas="b-string2key">string2key</primary>
967 </indexterm>
968 </listitem>
969 </varlistentry>
970
971 <varlistentry id="su">
972 <term><command>su</command></term>
973 <listitem>
974 <para>is a kerberized su client program.</para>
975 <indexterm zone="heimdal su">
976 <primary sortas="b-su">su</primary>
977 </indexterm>
978 </listitem>
979 </varlistentry>
980
981 <varlistentry id="telnet">
982 <term><command>telnet</command></term>
983 <listitem>
984 <para>is a kerberized telnet client program.</para>
985 <indexterm zone="heimdal telnet">
986 <primary sortas="b-telnet">telnet</primary>
987 </indexterm>
988 </listitem>
989 </varlistentry>
990
991 <varlistentry id="telnetd">
992 <term><command>telnetd</command></term>
993 <listitem>
994 <para>is a kerberized telnet server.</para>
995 <indexterm zone="heimdal telnetd">
996 <primary sortas="b-telnetd">telnetd</primary>
997 </indexterm>
998 </listitem>
999 </varlistentry>
1000
1001 <varlistentry id="tenletxr">
1002 <term><command>tenletxr</command></term>
1003 <listitem>
1004 <para>forwards <application>X</application> connections
1005 backwards.</para>
1006 <indexterm zone="heimdal tenletxr">
1007 <primary sortas="b-tenletxr">tenletxr</primary>
1008 </indexterm>
1009 </listitem>
1010 </varlistentry>
1011
1012 <varlistentry id="verify_krb5_conf">
1013 <term><command>verify_krb5_conf</command></term>
1014 <listitem>
1015 <para>checks <filename>krb5.conf</filename> file for obvious
1016 errors.</para>
1017 <indexterm zone="heimdal verify_krb5_conf">
1018 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
1019 </indexterm>
1020 </listitem>
1021 </varlistentry>
1022
1023 <varlistentry id="xnlock">
1024 <term><command>xnlock</command></term>
1025 <listitem>
1026 <para>is a program that acts as a secure screen saver for
1027 workstations running <application>X</application>.</para>
1028 <indexterm zone="heimdal xnlock">
1029 <primary sortas="b-xnlock">xnlock</primary>
1030 </indexterm>
1031 </listitem>
1032 </varlistentry>
1033
1034 <varlistentry id="libasn1">
1035 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1036 <listitem>
1037 <para>provides the ASN.1 and DER functions to encode and decode
1038 the Kerberos TGTs.</para>
1039 <indexterm zone="heimdal libasn1">
1040 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
1041 </indexterm>
1042 </listitem>
1043 </varlistentry>
1044
1045 <varlistentry id="libgssapi">
1046 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1047 <listitem>
1048 <para>contain the Generic Security Service Application Programming
1049 Interface (GSSAPI) functions which provides security
1050 services to callers in a generic fashion, supportable with a range of
1051 underlying mechanisms and technologies and hence allowing source-level
1052 portability of applications to different environments.</para>
1053 <indexterm zone="heimdal libgssapi">
1054 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1055 </indexterm>
1056 </listitem>
1057 </varlistentry>
1058
1059 <varlistentry id="libhdb">
1060 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1061 <listitem>
1062 <para>is a <application>Heimdal</application> Kerberos 5
1063 authentication/authorization database access library.</para>
1064 <indexterm zone="heimdal libhdb">
1065 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1066 </indexterm>
1067 </listitem>
1068 </varlistentry>
1069
1070 <varlistentry id="libkadm5clnt">
1071 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1072 <listitem>
1073 <para>contains the administrative authentication and password
1074 checking functions required by Kerberos 5 client-side programs.</para>
1075 <indexterm zone="heimdal libkadm5clnt">
1076 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1077 </indexterm>
1078 </listitem>
1079 </varlistentry>
1080
1081 <varlistentry id="libkadm5srv">
1082 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1083 <listitem>
1084 <para>contain the administrative authentication and password
1085 checking functions required by Kerberos 5 servers.</para>
1086 <indexterm zone="heimdal libkadm5srv">
1087 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1088 </indexterm>
1089 </listitem>
1090 </varlistentry>
1091
1092 <varlistentry id="libkafs">
1093 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1094 <listitem>
1095 <para>contains the functions required to authenticated to AFS.</para>
1096 <indexterm zone="heimdal libkafs">
1097 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1098 </indexterm>
1099 </listitem>
1100 </varlistentry>
1101
1102 <varlistentry id="libkrb5">
1103 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1104 <listitem>
1105 <para>is an all-purpose Kerberos 5 library.</para>
1106 <indexterm zone="heimdal libkrb5">
1107 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1108 </indexterm>
1109 </listitem>
1110 </varlistentry>
1111
1112 <varlistentry id="libotp">
1113 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1114 <listitem>
1115 <para>contains the functions required to handle authenticating
1116 one time passwords.</para>
1117 <indexterm zone="heimdal libotp">
1118 <primary sortas="c-libotp">libotp.{so,a}</primary>
1119 </indexterm>
1120 </listitem>
1121 </varlistentry>
1122
1123 <varlistentry id="libroken">
1124 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1125 <listitem>
1126 <para>is a library containing Kerberos 5 compatibility
1127 functions.</para>
1128 <indexterm zone="heimdal libroken">
1129 <primary sortas="c-libroken">libroken.{so,a}</primary>
1130 </indexterm>
1131 </listitem>
1132 </varlistentry>
1133
1134 </variablelist>
1135
1136 </sect2>
1137
1138</sect1>
Note: See TracBrowser for help on using the repository browser.