[b4b71892] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
| 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
| 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
| 7 | <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
|
---|
| 8 | <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
|
---|
[90e2fb4e] | 9 | <!ENTITY heimdal-md5sum "2265fd2d4573dd3a8da45ce62519e48b">
|
---|
[852cd813] | 10 | <!ENTITY heimdal-size "3.3 MB">
|
---|
| 11 | <!ENTITY heimdal-buildsize "70 MB">
|
---|
| 12 | <!ENTITY heimdal-time "2.18 SBU">
|
---|
[b4b71892] | 13 | ]>
|
---|
| 14 |
|
---|
[f505cbc9] | 15 | <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
|
---|
[a0f03b0] | 16 | <sect1info>
|
---|
[5cd0959d] | 17 | <othername>$LastChangedBy$</othername>
|
---|
| 18 | <date>$Date$</date>
|
---|
[a0f03b0] | 19 | </sect1info>
|
---|
[bae6e15] | 20 | <?dbhtml filename="heimdal.html"?>
|
---|
[6856556] | 21 | <title>Heimdal-&heimdal-version;</title>
|
---|
[852cd813] | 22 | <indexterm zone="heimdal">
|
---|
| 23 | <primary sortas="a-Heimdal">Heimdal</primary>
|
---|
| 24 | </indexterm>
|
---|
[6856556] | 25 |
|
---|
[b4b71892] | 26 | <sect2>
|
---|
| 27 | <title>Introduction to <application>Heimdal</application></title>
|
---|
| 28 |
|
---|
[359e1043] | 29 | <para><application>Heimdal</application> is a free implementation of Kerberos
|
---|
[b4b71892] | 30 | 5, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
|
---|
| 31 | compatible with krb4. Kerberos is a network authentication protocol. Basically
|
---|
| 32 | it preserves the integrity of passwords in any untrusted network (like the
|
---|
| 33 | Internet). Kerberized applications work hand-in-hand with sites that support
|
---|
| 34 | Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
|
---|
| 35 | will make changes to the authentication mechanisms on your network and will
|
---|
[359e1043] | 36 | overwrite several programs and daemons from the
|
---|
| 37 | <application>Coreutils</application>, <application>Inetutils</application>,
|
---|
| 38 | <application>Qpopper</application> and <application>Shadow</application>
|
---|
| 39 | packages.</para>
|
---|
[b4b71892] | 40 |
|
---|
| 41 | <sect3><title>Package information</title>
|
---|
| 42 | <itemizedlist spacing='compact'>
|
---|
[8d9eb0f] | 43 | <listitem><para>Download (HTTP):
|
---|
| 44 | <ulink url="&heimdal-download-http;"/></para></listitem>
|
---|
| 45 | <listitem><para>Download (FTP):
|
---|
| 46 | <ulink url="&heimdal-download-ftp;"/></para></listitem>
|
---|
[90e2fb4e] | 47 | <listitem><para>Download MD5 sum: &heimdal-md5sum;</para></listitem>
|
---|
[b4b71892] | 48 | <listitem><para>Download size: &heimdal-size;</para></listitem>
|
---|
[8d9eb0f] | 49 | <listitem><para>Estimated disk space required:
|
---|
| 50 | &heimdal-buildsize;</para></listitem>
|
---|
| 51 | <listitem><para>Estimated build time:
|
---|
| 52 | &heimdal-time;</para></listitem></itemizedlist>
|
---|
[b4b71892] | 53 | </sect3>
|
---|
| 54 |
|
---|
| 55 | <sect3><title>Additional downloads</title>
|
---|
| 56 | <itemizedlist spacing='compact'>
|
---|
[07b157f4] | 57 | <listitem><para>Required Patch: <ulink
|
---|
[014d11ad] | 58 | url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
|
---|
[b4b71892] | 59 | </listitem>
|
---|
| 60 | <listitem><para>Required patch for cracklib: <ulink
|
---|
| 61 | url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
|
---|
| 62 | </listitem>
|
---|
| 63 | </itemizedlist>
|
---|
| 64 |
|
---|
| 65 | </sect3>
|
---|
| 66 |
|
---|
| 67 | <sect3><title><application>Heimdal</application> dependencies</title>
|
---|
| 68 | <sect4><title>Required</title>
|
---|
[852cd813] | 69 | <para><xref linkend="openssl"/> and
|
---|
[8d9eb0f] | 70 | <xref linkend="db"/></para>
|
---|
| 71 | </sect4>
|
---|
[b4b71892] | 72 |
|
---|
[852cd813] | 73 | <sect4><title>Optional</title>
|
---|
| 74 | <para><xref linkend="Linux_PAM"/>,
|
---|
| 75 | <xref linkend="openldap"/>,
|
---|
| 76 | X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
|
---|
| 77 | <xref linkend="cracklib"/> and
|
---|
| 78 | <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
|
---|
| 79 |
|
---|
| 80 | <note><para>Some sort of time synchronization facility on your system (like
|
---|
| 81 | <xref linkend="ntp"/>) is required since Kerberos won't authenticate if the
|
---|
| 82 | time differential between a kerberized client and the
|
---|
[b4b71892] | 83 | <acronym>KDC</acronym> server is more than 5 minutes.</para></note>
|
---|
| 84 | </sect4>
|
---|
| 85 |
|
---|
| 86 | </sect3>
|
---|
| 87 |
|
---|
| 88 | </sect2>
|
---|
| 89 |
|
---|
| 90 | <sect2>
|
---|
| 91 | <title>Installation of <application>Heimdal</application></title>
|
---|
| 92 |
|
---|
[852cd813] | 93 | <para>Before installing the package, you may want to preserve the
|
---|
[359e1043] | 94 | <command>ftp</command> program from the <application>Inetutils</application>
|
---|
| 95 | package. This is because using the <application>Heimdal</application>
|
---|
| 96 | <command>ftp</command> program to connect to non-kerberized ftp servers may
|
---|
| 97 | not work properly. It will allow you to connect (letting you know that
|
---|
| 98 | transmission of the password is clear text) but will have problems doing puts
|
---|
[852cd813] | 99 | and gets. Issue the following command as the root user.</para>
|
---|
[b4b71892] | 100 |
|
---|
[852cd813] | 101 | <screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
|
---|
[b4b71892] | 102 |
|
---|
[852cd813] | 103 | <para>If you wish the <application>Heimdal</application> package to link
|
---|
| 104 | against the <application>cracklib</application> library, you must apply a
|
---|
| 105 | patch:</para>
|
---|
[b4b71892] | 106 |
|
---|
| 107 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
|
---|
| 108 |
|
---|
[852cd813] | 109 | <para>Install <application>Heimdal</application> by running the following
|
---|
| 110 | commands:</para>
|
---|
[b4b71892] | 111 |
|
---|
[014d11ad] | 112 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
|
---|
[b4b71892] | 113 | ./configure --prefix=/usr --sysconfdir=/etc/heimdal \
|
---|
[852cd813] | 114 | --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
|
---|
| 115 | --libexecdir=/usr/sbin --enable-shared \
|
---|
| 116 | --with-openssl=/usr --with-readline=/usr &&
|
---|
| 117 | make</command></userinput></screen>
|
---|
| 118 |
|
---|
| 119 | <para>Now, as the root user:</para>
|
---|
| 120 |
|
---|
| 121 | <screen><userinput role='root'><command>make install &&
|
---|
[b4b71892] | 122 | mv /bin/login /bin/login.shadow &&
|
---|
[852cd813] | 123 | mv /bin/su /bin/su.shadow &&
|
---|
[b4b71892] | 124 | mv /usr/bin/{login,su} /bin &&
|
---|
| 125 | ln -sf ../../bin/login /usr/bin &&
|
---|
[852cd813] | 126 | mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
|
---|
| 127 | /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &&
|
---|
| 128 | ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
|
---|
[8d9eb0f] | 129 | /usr/lib &&
|
---|
[852cd813] | 130 | ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
|
---|
[8d9eb0f] | 131 | /usr/lib &&
|
---|
[852cd813] | 132 | ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
|
---|
[8d9eb0f] | 133 | /usr/lib &&
|
---|
[b4b71892] | 134 | ldconfig</command></userinput></screen>
|
---|
| 135 |
|
---|
| 136 | </sect2>
|
---|
| 137 |
|
---|
| 138 | <sect2>
|
---|
| 139 | <title>Command explanations</title>
|
---|
| 140 |
|
---|
[359e1043] | 141 | <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the
|
---|
| 142 | daemon programs into <filename class="directory">/usr/sbin</filename>.
|
---|
[b4b71892] | 143 | </para>
|
---|
| 144 |
|
---|
| 145 | <note><para>
|
---|
[359e1043] | 146 | If you want to preserve all your existing <application>Inetutils</application>
|
---|
| 147 | package daemons, install the <application>Heimdal</application> daemons into
|
---|
[852cd813] | 148 | <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you
|
---|
| 149 | want). Since these programs will be called from <command>(x)inetd</command> or
|
---|
[359e1043] | 150 | <filename>rc</filename> scripts, it really doesn't matter where they are
|
---|
[852cd813] | 151 | installed, as long as they are correctly specified in the
|
---|
| 152 | <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
|
---|
[359e1043] | 153 | scripts. If you choose something other than
|
---|
| 154 | <filename class="directory">/usr/sbin</filename>, you may want to move some of
|
---|
| 155 | the user programs (such as <command>kadmin</command>) to
|
---|
[852cd813] | 156 | <filename class="directory">/usr/sbin</filename> manually so they'll be in the
|
---|
[359e1043] | 157 | privileged user's default path.</para></note>
|
---|
[b4b71892] | 158 |
|
---|
[852cd813] | 159 | <para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The
|
---|
| 160 | <command>login</command> and <command>su</command> programs installed by
|
---|
[359e1043] | 161 | <application>Heimdal</application> belong in the
|
---|
[852cd813] | 162 | <filename class="directory">/bin</filename> directory. The
|
---|
[359e1043] | 163 | <command>login</command> program is symlinked because
|
---|
| 164 | <application>Heimdal</application> is expecting to find it in
|
---|
| 165 | <filename class="directory">/usr/bin</filename>. The old executables are
|
---|
[852cd813] | 166 | preserved before the move to keep things sane should breaks occur.</para>
|
---|
[b4b71892] | 167 |
|
---|
[852cd813] | 168 | <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The
|
---|
| 169 | <command>login</command> and <command>su</command> programs installed by
|
---|
| 170 | <application>Heimdal</application> link against
|
---|
[359e1043] | 171 | <application>Heimdal</application> libraries as well as libraries provided by
|
---|
[852cd813] | 172 | the <application>Open<acronym>SSL</acronym></application> and
|
---|
| 173 | <application>Berkeley <acronym>DB</acronym></application> packages. These
|
---|
| 174 | libraries are moved to <filename class="directory">/lib</filename> to be
|
---|
| 175 | <acronym>FHS</acronym> compliant and also in case
|
---|
| 176 | <filename class="directory">/usr</filename> is located on a separate partition
|
---|
| 177 | which may not always be mounted.</para>
|
---|
[b4b71892] | 178 |
|
---|
| 179 | </sect2>
|
---|
| 180 |
|
---|
| 181 | <sect2>
|
---|
[359e1043] | 182 | <title>Configuring <application>Heimdal</application></title>
|
---|
[b4b71892] | 183 |
|
---|
[852cd813] | 184 | <sect3 id="heimdal-config"><title>Config files</title>
|
---|
[b4b71892] | 185 | <para><filename>/etc/heimdal/*</filename></para>
|
---|
[852cd813] | 186 | <indexterm zone="heimdal heimdal-config">
|
---|
| 187 | <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
|
---|
| 188 | </indexterm>
|
---|
[b4b71892] | 189 | </sect3>
|
---|
| 190 |
|
---|
| 191 | <sect3><title>Configuration Information</title>
|
---|
| 192 |
|
---|
[359e1043] | 193 | <sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
|
---|
[b4b71892] | 194 |
|
---|
[852cd813] | 195 | <para>Create the Kerberos configuration file with the following
|
---|
| 196 | commands:</para>
|
---|
[b4b71892] | 197 |
|
---|
[852cd813] | 198 | <screen><userinput role='root'><command>install -d /etc/heimdal &&
|
---|
[b4b71892] | 199 | cat > /etc/heimdal/krb5.conf << "EOF"</command>
|
---|
| 200 | # Begin /etc/heimdal/krb5.conf
|
---|
[014d11ad] | 201 |
|
---|
[b4b71892] | 202 | [libdefaults]
|
---|
[359e1043] | 203 | default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
|
---|
[b4b71892] | 204 | encrypt = true
|
---|
| 205 |
|
---|
| 206 | [realms]
|
---|
[359e1043] | 207 | <replaceable>[EXAMPLE.COM]</replaceable> = {
|
---|
| 208 | kdc = <replaceable>[hostname.example.com]</replaceable>
|
---|
| 209 | admin_server = <replaceable>[hostname.example.com]</replaceable>
|
---|
| 210 | kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
|
---|
[b4b71892] | 211 | }
|
---|
| 212 |
|
---|
| 213 | [domain_realm]
|
---|
[359e1043] | 214 | .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
|
---|
[b4b71892] | 215 |
|
---|
| 216 | [logging]
|
---|
| 217 | kdc = FILE:/var/log/kdc.log
|
---|
| 218 | admin_server = FILE:/var/log/kadmin.log
|
---|
| 219 | default = FILE:/var/log/krb.log
|
---|
| 220 |
|
---|
| 221 | # End /etc/heimdal/krb5.conf
|
---|
| 222 | <command>EOF</command></userinput></screen>
|
---|
| 223 |
|
---|
[852cd813] | 224 | <para>You will need to substitute your domain and proper hostname for the
|
---|
[359e1043] | 225 | occurrences of the <replaceable>[hostname]</replaceable> and
|
---|
[852cd813] | 226 | <replaceable>[EXAMPLE.COM]</replaceable> names.</para>
|
---|
[b4b71892] | 227 |
|
---|
[852cd813] | 228 | <para><userinput>default_realm</userinput> should be the name of your domain
|
---|
| 229 | changed to ALL CAPS. This isn't required, but both
|
---|
| 230 | <application>Heimdal</application> and <application><acronym>MIT</acronym>
|
---|
| 231 | krb5</application> recommend it.</para>
|
---|
[b4b71892] | 232 |
|
---|
[852cd813] | 233 | <para><userinput>encrypt = true</userinput> provides encryption of all traffic
|
---|
[359e1043] | 234 | between kerberized clients and servers. It's not necessary and can be left
|
---|
| 235 | off. If you leave it off, you can encrypt all traffic from the client to the
|
---|
[852cd813] | 236 | server using a switch on the client program instead.</para>
|
---|
[b4b71892] | 237 |
|
---|
[852cd813] | 238 | <para>The <userinput>[realms]</userinput> parameters tell the client programs
|
---|
| 239 | where to look for the <acronym>KDC</acronym> authentication services.</para>
|
---|
[b4b71892] | 240 |
|
---|
[852cd813] | 241 | <para>The <userinput>[domain_realm]</userinput> section maps a domain to a
|
---|
| 242 | realm.</para>
|
---|
[b4b71892] | 243 |
|
---|
[852cd813] | 244 | <para>Store the master password in a key file using the following
|
---|
| 245 | commands:</para>
|
---|
[b4b71892] | 246 |
|
---|
[852cd813] | 247 | <screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal &&
|
---|
[b4b71892] | 248 | kstash</command></userinput></screen>
|
---|
| 249 |
|
---|
[852cd813] | 250 | <para>Create the <acronym>KDC</acronym> database:</para>
|
---|
[b4b71892] | 251 |
|
---|
[852cd813] | 252 | <screen><userinput role='root'><command>kadmin -l</command></userinput></screen>
|
---|
[b4b71892] | 253 |
|
---|
[852cd813] | 254 | <para>Choose the defaults for now. You can go in later and change the
|
---|
| 255 | defaults, should you feel the need. At the
|
---|
| 256 | <userinput>kadmin></userinput> prompt, issue the following statement:</para>
|
---|
[b4b71892] | 257 |
|
---|
[852cd813] | 258 | <screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 259 |
|
---|
[852cd813] | 260 | <para>The database must now be populated with at least one principle (user).
|
---|
| 261 | For now, just use your regular login name or root. You may create as few, or
|
---|
| 262 | as many principles as you wish using the following statement:</para>
|
---|
[b4b71892] | 263 |
|
---|
[852cd813] | 264 | <screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 265 |
|
---|
[852cd813] | 266 | <para>The <acronym>KDC</acronym> server and any machine running kerberized
|
---|
| 267 | server daemons must have a host key installed:</para>
|
---|
[b4b71892] | 268 |
|
---|
[852cd813] | 269 | <screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 270 |
|
---|
[852cd813] | 271 | <para>After choosing the defaults when prompted, you will have to export the
|
---|
| 272 | data to a keytab file:</para>
|
---|
[b4b71892] | 273 |
|
---|
[852cd813] | 274 | <screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 275 |
|
---|
[852cd813] | 276 | <para>This should have created two files in
|
---|
| 277 | <filename class="directory">/etc/heimdal</filename>:
|
---|
| 278 | <filename>krb5.keytab</filename> (Kerberos 5) and
|
---|
| 279 | <filename>srvtab</filename> (Kerberos 4). Both files should have 600
|
---|
| 280 | (root rw only) permissions. Keeping the keytab files from public access
|
---|
| 281 | is crucial to the overall security of the Kerberos installation.</para>
|
---|
[b4b71892] | 282 |
|
---|
[852cd813] | 283 | <para>Eventually, you'll want to add server daemon principles to the database
|
---|
| 284 | and extract them to the keytab file. You do this in the same way you created
|
---|
| 285 | the host principles. Below is an example:</para>
|
---|
[b4b71892] | 286 |
|
---|
[852cd813] | 287 | <screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 288 |
|
---|
[852cd813] | 289 | <para>(choose the defaults)</para>
|
---|
[b4b71892] | 290 |
|
---|
[852cd813] | 291 | <screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
[b4b71892] | 292 |
|
---|
[852cd813] | 293 | <para>Exit the <command>kadmin</command> program (use <command>quit</command>
|
---|
| 294 | or <command>exit</command>) and return back to the shell prompt. Start
|
---|
[b4b71892] | 295 | the <acronym>KDC</acronym> daemon manually, just to test out the
|
---|
[852cd813] | 296 | installation:</para>
|
---|
[b4b71892] | 297 |
|
---|
[852cd813] | 298 | <screen><userinput role='root'><command>/usr/sbin/kdc &</command></userinput></screen>
|
---|
[b4b71892] | 299 |
|
---|
[852cd813] | 300 | <para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with
|
---|
| 301 | the following command:</para>
|
---|
[b4b71892] | 302 |
|
---|
| 303 | <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
| 304 |
|
---|
[852cd813] | 305 | <para>You will be prompted for the password you created. After you get your
|
---|
| 306 | ticket, you should list it with the following command:</para>
|
---|
[b4b71892] | 307 |
|
---|
| 308 | <screen><userinput><command>klist</command></userinput></screen>
|
---|
| 309 |
|
---|
[852cd813] | 310 | <para>Information about the ticket should be displayed on the screen.</para>
|
---|
[b4b71892] | 311 |
|
---|
[852cd813] | 312 | <para>To test the functionality of the keytab file, issue the following
|
---|
| 313 | command:</para>
|
---|
[b4b71892] | 314 |
|
---|
| 315 | <screen><userinput><command>ktutil list</command></userinput></screen>
|
---|
| 316 |
|
---|
[852cd813] | 317 | <para>This should dump a list of the host principals, along with the encryption
|
---|
| 318 | methods used to access the principals.</para>
|
---|
[b4b71892] | 319 |
|
---|
[852cd813] | 320 | <para>At this point, if everything has been successful so far, you can feel
|
---|
| 321 | fairly confident in the installation and configuration of the package.</para>
|
---|
[b4b71892] | 322 |
|
---|
[852cd813] | 323 | <para id="heimdal-init">Install the
|
---|
| 324 | <filename>/etc/rc.d/init.d/heimdal</filename> init script included in the
|
---|
| 325 | <xref linkend="intro-important-bootscripts"/> package:</para>
|
---|
| 326 | <indexterm zone="heimdal heimdal-init">
|
---|
| 327 | <primary sortas="f-heimdal">heimdal</primary>
|
---|
| 328 | </indexterm>
|
---|
[b4b71892] | 329 |
|
---|
[852cd813] | 330 | <screen><userinput role='root'><command>make install-heimdal</command></userinput></screen>
|
---|
[b4b71892] | 331 | </sect4>
|
---|
| 332 |
|
---|
| 333 | <sect4><title>Using Kerberized Client Programs</title>
|
---|
| 334 |
|
---|
[852cd813] | 335 | <para>To use the kerberized client programs (<command>telnet</command>,
|
---|
| 336 | <command>ftp</command>, <command>rsh</command>,
|
---|
| 337 | <command>rxterm</command>, <command>rxtelnet</command>,
|
---|
| 338 | <command>rcp</command>, <command>xnlock</command>), you first must get
|
---|
| 339 | a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
|
---|
| 340 | get the ticket. After you've acquired the ticket, you can use the
|
---|
| 341 | kerberized programs to connect to any kerberized server on the network.
|
---|
| 342 | You will not be prompted for authentication until your ticket expires
|
---|
| 343 | (default is one day), unless you specify a different user as a command
|
---|
| 344 | line argument to the program.</para>
|
---|
| 345 |
|
---|
| 346 | <para>The kerberized programs will connect to non-kerberized daemons, warning
|
---|
| 347 | you that authentication is not encrypted. As mentioned earlier, only the
|
---|
[359e1043] | 348 | <command>ftp</command> program gives any trouble connecting to
|
---|
[852cd813] | 349 | non-kerberized daemons.</para>
|
---|
[b4b71892] | 350 |
|
---|
[359e1043] | 351 | <para>In order to use the <application>Heimdal</application>
|
---|
[852cd813] | 352 | <application>X</application> programs, you'll need to add a service port
|
---|
[359e1043] | 353 | entry to the <filename>/etc/services</filename> file for the
|
---|
[852cd813] | 354 | <command>kxd</command> server. There is no 'standardized port number' for
|
---|
| 355 | the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to
|
---|
| 356 | pick an unused port number. Add an entry to the <filename>services</filename>
|
---|
| 357 | file similar to the entry below (substitute your chosen port number for
|
---|
[359e1043] | 358 | <replaceable>[49150]</replaceable>):</para>
|
---|
| 359 |
|
---|
[852cd813] | 360 | <screen><userinput role='root'>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
|
---|
[359e1043] | 361 | kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen>
|
---|
| 362 |
|
---|
[852cd813] | 363 | <para>For additional information consult <ulink
|
---|
| 364 | url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
|
---|
| 365 | Heimdal hint</ulink> on which the above instructions are based.</para>
|
---|
[b4b71892] | 366 | </sect4>
|
---|
| 367 | </sect3>
|
---|
| 368 |
|
---|
| 369 | </sect2>
|
---|
| 370 |
|
---|
| 371 | <sect2>
|
---|
| 372 | <title>Contents</title>
|
---|
| 373 |
|
---|
[852cd813] | 374 | <segmentedlist>
|
---|
| 375 | <segtitle>Installed Programs</segtitle>
|
---|
| 376 | <segtitle>Installed Libraries</segtitle>
|
---|
| 377 | <segtitle>Installed Directories</segtitle>
|
---|
| 378 |
|
---|
| 379 | <seglistitem>
|
---|
| 380 | <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave,
|
---|
| 381 | kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist,
|
---|
| 382 | kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp,
|
---|
| 383 | otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet,
|
---|
| 384 | rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log,
|
---|
| 385 | verify_krb5_conf and xnlock</seg>
|
---|
| 386 | <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
|
---|
| 387 | libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
|
---|
| 388 | libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg>
|
---|
| 389 | <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and
|
---|
| 390 | /var/lib/heimdal</seg>
|
---|
| 391 | </seglistitem>
|
---|
| 392 | </segmentedlist>
|
---|
| 393 |
|
---|
| 394 | <variablelist>
|
---|
| 395 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 396 | <?dbfo list-presentation="list"?>
|
---|
| 397 |
|
---|
| 398 | <varlistentry id="afslog">
|
---|
| 399 | <term><command>afslog</command></term>
|
---|
| 400 | <listitem><para>obtains <acronym>AFS</acronym> tokens for a number of
|
---|
| 401 | cells.</para>
|
---|
| 402 | <indexterm zone="heimdal afslog">
|
---|
| 403 | <primary sortas="b-afslog">afslog</primary>
|
---|
| 404 | </indexterm></listitem>
|
---|
| 405 | </varlistentry>
|
---|
| 406 |
|
---|
| 407 | <varlistentry id="ftp">
|
---|
| 408 | <term><command>ftp</command></term>
|
---|
| 409 | <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
|
---|
| 410 | <indexterm zone="heimdal ftp">
|
---|
| 411 | <primary sortas="b-ftp">ftp</primary>
|
---|
| 412 | </indexterm></listitem>
|
---|
| 413 | </varlistentry>
|
---|
| 414 |
|
---|
| 415 | <varlistentry id="ftpd">
|
---|
| 416 | <term><command>ftpd</command></term>
|
---|
| 417 | <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
|
---|
| 418 | <indexterm zone="heimdal ftpd">
|
---|
| 419 | <primary sortas="b-ftpd">ftpd</primary>
|
---|
| 420 | </indexterm></listitem>
|
---|
| 421 | </varlistentry>
|
---|
| 422 |
|
---|
| 423 | <varlistentry id="hprop">
|
---|
| 424 | <term><command>hprop</command></term>
|
---|
| 425 | <listitem><para> takes a principal database in a specified format and converts
|
---|
| 426 | it into a stream of <application>Heimdal</application> database records.</para>
|
---|
| 427 | <indexterm zone="heimdal hprop">
|
---|
| 428 | <primary sortas="b-hprop">hprop</primary>
|
---|
| 429 | </indexterm></listitem>
|
---|
| 430 | </varlistentry>
|
---|
| 431 |
|
---|
| 432 | <varlistentry id="hpropd">
|
---|
| 433 | <term><command>hpropd</command></term>
|
---|
| 434 | <listitem><para>is a server that receives a database sent by
|
---|
| 435 | <command>hprop</command> and writes it as a local database.</para>
|
---|
| 436 | <indexterm zone="heimdal hpropd">
|
---|
| 437 | <primary sortas="b-hpropd">hpropd</primary>
|
---|
| 438 | </indexterm></listitem>
|
---|
| 439 | </varlistentry>
|
---|
| 440 |
|
---|
| 441 | <varlistentry id="ipropd-master">
|
---|
| 442 | <term><command>ipropd-master</command></term>
|
---|
| 443 | <listitem><para>is a daemon which runs on the master <acronym>KDC</acronym>
|
---|
| 444 | server which incrementally propogates changes to the <acronym>KDC</acronym>
|
---|
| 445 | database to the slave <acronym>KDC</acronym> servers.</para>
|
---|
| 446 | <indexterm zone="heimdal ipropd-master">
|
---|
| 447 | <primary sortas="b-ipropd-master">ipropd-master</primary>
|
---|
| 448 | </indexterm></listitem>
|
---|
| 449 | </varlistentry>
|
---|
| 450 |
|
---|
| 451 | <varlistentry id="ipropd-slave">
|
---|
| 452 | <term><command>ipropd-slave</command></term>
|
---|
| 453 | <listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym>
|
---|
| 454 | servers which incrementally propogates changes to the <acronym>KDC</acronym>
|
---|
| 455 | database from the master <acronym>KDC</acronym> server.</para>
|
---|
| 456 | <indexterm zone="heimdal ipropd-slave">
|
---|
| 457 | <primary sortas="b-ipropd-slave">ipropd-slave</primary>
|
---|
| 458 | </indexterm></listitem>
|
---|
| 459 | </varlistentry>
|
---|
| 460 |
|
---|
| 461 | <varlistentry id="kadmin">
|
---|
| 462 | <term><command>kadmin</command></term>
|
---|
| 463 | <listitem><para>is a utility used to make modifications to the Kerberos
|
---|
| 464 | database.</para>
|
---|
| 465 | <indexterm zone="heimdal kadmin">
|
---|
| 466 | <primary sortas="b-kadmin">kadmin</primary>
|
---|
| 467 | </indexterm></listitem>
|
---|
| 468 | </varlistentry>
|
---|
| 469 |
|
---|
| 470 | <varlistentry id="kadmind">
|
---|
| 471 | <term><command>kadmind</command></term>
|
---|
| 472 | <listitem><para>is a server for administrative access to the Kerberos
|
---|
| 473 | database.</para>
|
---|
| 474 | <indexterm zone="heimdal kadmind">
|
---|
| 475 | <primary sortas="b-kadmind">kadmind</primary>
|
---|
| 476 | </indexterm></listitem>
|
---|
| 477 | </varlistentry>
|
---|
| 478 |
|
---|
| 479 | <varlistentry id="kauth">
|
---|
| 480 | <term><command>kauth</command></term>
|
---|
| 481 | <listitem><para>is a symbolic link to the <command>kinit</command>
|
---|
| 482 | program.</para>
|
---|
| 483 | <indexterm zone="heimdal kauth">
|
---|
| 484 | <primary sortas="g-kauth">kauth</primary>
|
---|
| 485 | </indexterm></listitem>
|
---|
| 486 | </varlistentry>
|
---|
| 487 |
|
---|
| 488 | <varlistentry id="kdc">
|
---|
| 489 | <term><command>kdc</command></term>
|
---|
| 490 | <listitem><para>is a Kerberos 5 server.</para>
|
---|
| 491 | <indexterm zone="heimdal kdc">
|
---|
| 492 | <primary sortas="b-kdc">kdc</primary>
|
---|
| 493 | </indexterm></listitem>
|
---|
| 494 | </varlistentry>
|
---|
| 495 |
|
---|
| 496 | <varlistentry id="kdestroy">
|
---|
| 497 | <term><command>kdestroy</command></term>
|
---|
| 498 | <listitem><para>removes a principle's current set of tickets.</para>
|
---|
| 499 | <indexterm zone="heimdal kdestroy">
|
---|
| 500 | <primary sortas="b-kdestroy">kdestroy</primary>
|
---|
| 501 | </indexterm></listitem>
|
---|
| 502 | </varlistentry>
|
---|
| 503 |
|
---|
| 504 | <varlistentry id="kf">
|
---|
| 505 | <term><command>kf</command></term>
|
---|
| 506 | <listitem><para>is a program which forwards tickets to a remote host through
|
---|
| 507 | an authenticated and encrypted stream.</para>
|
---|
| 508 | <indexterm zone="heimdal kf">
|
---|
| 509 | <primary sortas="b-kf">kf</primary>
|
---|
| 510 | </indexterm></listitem>
|
---|
| 511 | </varlistentry>
|
---|
| 512 |
|
---|
| 513 | <varlistentry id="kfd">
|
---|
| 514 | <term><command>kfd</command></term>
|
---|
| 515 | <listitem><para>is a server used to receive forwarded tickets.</para>
|
---|
| 516 | <indexterm zone="heimdal kfd">
|
---|
| 517 | <primary sortas="b-kfd">kfd</primary>
|
---|
| 518 | </indexterm></listitem>
|
---|
| 519 | </varlistentry>
|
---|
| 520 |
|
---|
| 521 | <varlistentry id="kgetcred">
|
---|
| 522 | <term><command>kgetcred</command></term>
|
---|
| 523 | <listitem><para>obtains a ticket for a service.</para>
|
---|
| 524 | <indexterm zone="heimdal kgetcred">
|
---|
| 525 | <primary sortas="b-kgetcred">kgetcred</primary>
|
---|
| 526 | </indexterm></listitem>
|
---|
| 527 | </varlistentry>
|
---|
| 528 |
|
---|
| 529 | <varlistentry id="kinit">
|
---|
| 530 | <term><command>kinit</command></term>
|
---|
| 531 | <listitem><para>is used to authenticate to the Kerberos server as a principal
|
---|
| 532 | and acquire a ticket granting ticket that can later be used to obtain tickets
|
---|
| 533 | for other services.</para>
|
---|
| 534 | <indexterm zone="heimdal kinit">
|
---|
| 535 | <primary sortas="b-kinit">kinit</primary>
|
---|
| 536 | </indexterm></listitem>
|
---|
| 537 | </varlistentry>
|
---|
| 538 |
|
---|
| 539 | <varlistentry id="klist">
|
---|
| 540 | <term><command>klist</command></term>
|
---|
| 541 | <listitem><para>reads and displays the current tickets in the credential
|
---|
| 542 | cache.</para>
|
---|
| 543 | <indexterm zone="heimdal klist">
|
---|
| 544 | <primary sortas="b-klist">klist</primary>
|
---|
| 545 | </indexterm></listitem>
|
---|
| 546 | </varlistentry>
|
---|
| 547 |
|
---|
| 548 | <varlistentry id="kpasswd">
|
---|
| 549 | <term><command>kpasswd</command></term>
|
---|
| 550 | <listitem><para>is a program for changing Kerberos 5 passwords.</para>
|
---|
| 551 | <indexterm zone="heimdal kpasswd">
|
---|
| 552 | <primary sortas="b-kpasswd">kpasswd</primary>
|
---|
| 553 | </indexterm></listitem>
|
---|
| 554 | </varlistentry>
|
---|
| 555 |
|
---|
| 556 | <varlistentry id="kpasswdd">
|
---|
| 557 | <term><command>kpasswdd</command></term>
|
---|
| 558 | <listitem><para>is a Kerberos 5 password changing server.</para>
|
---|
| 559 | <indexterm zone="heimdal kpasswdd">
|
---|
| 560 | <primary sortas="b-kpasswdd">kpasswdd</primary>
|
---|
| 561 | </indexterm></listitem>
|
---|
| 562 | </varlistentry>
|
---|
| 563 |
|
---|
| 564 | <varlistentry id="krb5-config-prog">
|
---|
| 565 | <term><command>krb5-config</command></term>
|
---|
| 566 | <listitem><para>gives information on how to link programs against
|
---|
| 567 | <application>Heimdal</application> libraries.</para>
|
---|
| 568 | <indexterm zone="heimdal krb5-config-prog">
|
---|
| 569 | <primary sortas="b-krb5-config">krb5-config</primary>
|
---|
| 570 | </indexterm></listitem>
|
---|
| 571 | </varlistentry>
|
---|
| 572 |
|
---|
| 573 | <varlistentry id="kstash">
|
---|
| 574 | <term><command>kstash</command></term>
|
---|
| 575 | <listitem><para>stores the <acronym>KDC</acronym> master password in a
|
---|
| 576 | file.</para>
|
---|
| 577 | <indexterm zone="heimdal kstash">
|
---|
| 578 | <primary sortas="b-kstash">kstash</primary>
|
---|
| 579 | </indexterm></listitem>
|
---|
| 580 | </varlistentry>
|
---|
| 581 |
|
---|
| 582 | <varlistentry id="ktutil">
|
---|
| 583 | <term><command>ktutil</command></term>
|
---|
| 584 | <listitem><para>is a program for managing Kerberos keytabs.</para>
|
---|
| 585 | <indexterm zone="heimdal ktutil">
|
---|
| 586 | <primary sortas="b-ktutil">ktutil</primary>
|
---|
| 587 | </indexterm></listitem>
|
---|
| 588 | </varlistentry>
|
---|
| 589 |
|
---|
| 590 | <varlistentry id="kx">
|
---|
| 591 | <term><command>kx</command></term>
|
---|
| 592 | <listitem><para>is a program which securely forwards
|
---|
| 593 | <application>X</application> connections.</para>
|
---|
| 594 | <indexterm zone="heimdal kx">
|
---|
| 595 | <primary sortas="b-kx">kx</primary>
|
---|
| 596 | </indexterm></listitem>
|
---|
| 597 | </varlistentry>
|
---|
| 598 |
|
---|
| 599 | <varlistentry id="kxd">
|
---|
| 600 | <term><command>kxd</command></term>
|
---|
| 601 | <listitem><para>is the daemon for <command>kx</command>.</para>
|
---|
| 602 | <indexterm zone="heimdal kxd">
|
---|
| 603 | <primary sortas="b-kxd">kxd</primary>
|
---|
| 604 | </indexterm></listitem>
|
---|
| 605 | </varlistentry>
|
---|
| 606 |
|
---|
| 607 | <varlistentry id="login">
|
---|
| 608 | <term><command>login</command></term>
|
---|
| 609 | <listitem><para>is a kerberized login program.</para>
|
---|
| 610 | <indexterm zone="heimdal login">
|
---|
| 611 | <primary sortas="b-login">login</primary>
|
---|
| 612 | </indexterm></listitem>
|
---|
| 613 | </varlistentry>
|
---|
| 614 |
|
---|
| 615 | <varlistentry id="otp">
|
---|
| 616 | <term><command>otp</command></term>
|
---|
| 617 | <listitem><para>manages one-time passwords.</para>
|
---|
| 618 | <indexterm zone="heimdal otp">
|
---|
| 619 | <primary sortas="b-otp">otp</primary>
|
---|
| 620 | </indexterm></listitem>
|
---|
| 621 | </varlistentry>
|
---|
| 622 |
|
---|
| 623 | <varlistentry id="otpprint">
|
---|
| 624 | <term><command>otpprint</command></term>
|
---|
| 625 | <listitem><para>prints lists of one-time passwords.</para>
|
---|
| 626 | <indexterm zone="heimdal otpprint">
|
---|
| 627 | <primary sortas="b-otpprint">otpprint</primary>
|
---|
| 628 | </indexterm></listitem>
|
---|
| 629 | </varlistentry>
|
---|
| 630 |
|
---|
| 631 | <varlistentry id="pfrom">
|
---|
| 632 | <term><command>pfrom</command></term>
|
---|
| 633 | <listitem><para>is a script that runs <command>push --from</command>.</para>
|
---|
| 634 | <indexterm zone="heimdal pfrom">
|
---|
| 635 | <primary sortas="b-pfrom">pfrom</primary>
|
---|
| 636 | </indexterm></listitem>
|
---|
| 637 | </varlistentry>
|
---|
| 638 |
|
---|
| 639 | <varlistentry id="popper">
|
---|
| 640 | <term><command>popper</command></term>
|
---|
| 641 | <listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para>
|
---|
| 642 | <indexterm zone="heimdal popper">
|
---|
| 643 | <primary sortas="b-popper">popper</primary>
|
---|
| 644 | </indexterm></listitem>
|
---|
| 645 | </varlistentry>
|
---|
| 646 |
|
---|
| 647 | <varlistentry id="push">
|
---|
| 648 | <term><command>push</command></term>
|
---|
| 649 | <listitem><para>is a kerberized <acronym>POP</acronym> mail retreival
|
---|
| 650 | client.</para>
|
---|
| 651 | <indexterm zone="heimdal push">
|
---|
| 652 | <primary sortas="b-push">push</primary>
|
---|
| 653 | </indexterm></listitem>
|
---|
| 654 | </varlistentry>
|
---|
| 655 |
|
---|
| 656 | <varlistentry id="rcp">
|
---|
| 657 | <term><command>rcp</command></term>
|
---|
| 658 | <listitem><para>is a kerberized rcp client program.</para>
|
---|
| 659 | <indexterm zone="heimdal rcp">
|
---|
| 660 | <primary sortas="b-rcp">rcp</primary>
|
---|
| 661 | </indexterm></listitem>
|
---|
| 662 | </varlistentry>
|
---|
| 663 |
|
---|
| 664 | <varlistentry id="rsh">
|
---|
| 665 | <term><command>rsh</command></term>
|
---|
| 666 | <listitem><para>is a kerberized rsh client program.</para>
|
---|
| 667 | <indexterm zone="heimdal rsh">
|
---|
| 668 | <primary sortas="b-rsh">rsh</primary>
|
---|
| 669 | </indexterm></listitem>
|
---|
| 670 | </varlistentry>
|
---|
| 671 |
|
---|
| 672 | <varlistentry id="rshd">
|
---|
| 673 | <term><command>rshd</command></term>
|
---|
| 674 | <listitem><para>is a kerberized rsh server.</para>
|
---|
| 675 | <indexterm zone="heimdal rshd">
|
---|
| 676 | <primary sortas="b-rshd">rshd</primary>
|
---|
| 677 | </indexterm></listitem>
|
---|
| 678 | </varlistentry>
|
---|
| 679 |
|
---|
| 680 | <varlistentry id="rxtelnet">
|
---|
| 681 | <term><command>rxtelnet</command></term>
|
---|
| 682 | <listitem><para>starts a secure <command>xterm</command> window with a
|
---|
| 683 | <command>telnet</command> to a given host and forwards
|
---|
| 684 | <application>X</application> connections.</para>
|
---|
| 685 | <indexterm zone="heimdal rxtelnet">
|
---|
| 686 | <primary sortas="b-rxtelnet">rxtelnet</primary>
|
---|
| 687 | </indexterm></listitem>
|
---|
| 688 | </varlistentry>
|
---|
| 689 |
|
---|
| 690 | <varlistentry id="rxterm">
|
---|
| 691 | <term><command>rxterm</command></term>
|
---|
| 692 | <listitem><para>starts a secure remote <command>xterm</command>.</para>
|
---|
| 693 | <indexterm zone="heimdal rxterm">
|
---|
| 694 | <primary sortas="b-rxterm">rxterm</primary>
|
---|
| 695 | </indexterm></listitem>
|
---|
| 696 | </varlistentry>
|
---|
| 697 |
|
---|
| 698 | <varlistentry id="string2key">
|
---|
| 699 | <term><command>string2key</command></term>
|
---|
| 700 | <listitem><para>maps a password into a key.</para>
|
---|
| 701 | <indexterm zone="heimdal string2key">
|
---|
| 702 | <primary sortas="b-string2key">string2key</primary>
|
---|
| 703 | </indexterm></listitem>
|
---|
| 704 | </varlistentry>
|
---|
| 705 |
|
---|
| 706 | <varlistentry id="su">
|
---|
| 707 | <term><command>su</command></term>
|
---|
| 708 | <listitem><para>is a kerberized su client program.</para>
|
---|
| 709 | <indexterm zone="heimdal su">
|
---|
| 710 | <primary sortas="b-su">su</primary>
|
---|
| 711 | </indexterm></listitem>
|
---|
| 712 | </varlistentry>
|
---|
| 713 |
|
---|
| 714 | <varlistentry id="telnet">
|
---|
| 715 | <term><command>telnet</command></term>
|
---|
| 716 | <listitem><para>is a kerberized telnet client program.</para>
|
---|
| 717 | <indexterm zone="heimdal telnet">
|
---|
| 718 | <primary sortas="b-telnet">telnet</primary>
|
---|
| 719 | </indexterm></listitem>
|
---|
| 720 | </varlistentry>
|
---|
| 721 |
|
---|
| 722 | <varlistentry id="telnetd">
|
---|
| 723 | <term><command>telnetd</command></term>
|
---|
| 724 | <listitem><para>is a kerberized telnet server.</para>
|
---|
| 725 | <indexterm zone="heimdal telnetd">
|
---|
| 726 | <primary sortas="b-telnetd">telnetd</primary>
|
---|
| 727 | </indexterm></listitem>
|
---|
| 728 | </varlistentry>
|
---|
| 729 |
|
---|
| 730 | <varlistentry id="tenletxr">
|
---|
| 731 | <term><command>tenletxr</command></term>
|
---|
| 732 | <listitem><para>forwards <application>X</application> connections
|
---|
| 733 | backwards.</para>
|
---|
| 734 | <indexterm zone="heimdal tenletxr">
|
---|
| 735 | <primary sortas="b-tenletxr">tenletxr</primary>
|
---|
| 736 | </indexterm></listitem>
|
---|
| 737 | </varlistentry>
|
---|
| 738 |
|
---|
| 739 | <varlistentry id="verify_krb5_conf">
|
---|
| 740 | <term><command>verify_krb5_conf</command></term>
|
---|
| 741 | <listitem><para>checks <filename>krb5.conf</filename> file for obvious
|
---|
| 742 | errors.</para>
|
---|
| 743 | <indexterm zone="heimdal verify_krb5_conf">
|
---|
| 744 | <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
|
---|
| 745 | </indexterm></listitem>
|
---|
| 746 | </varlistentry>
|
---|
| 747 |
|
---|
| 748 | <varlistentry id="xnlock">
|
---|
| 749 | <term><command>xnlock</command></term>
|
---|
| 750 | <listitem><para>is a program that acts as a secure screen saver for
|
---|
| 751 | workstations running <application>X</application>.</para>
|
---|
| 752 | <indexterm zone="heimdal xnlock">
|
---|
| 753 | <primary sortas="b-xnlock">xnlock</primary>
|
---|
| 754 | </indexterm></listitem>
|
---|
| 755 | </varlistentry>
|
---|
| 756 |
|
---|
| 757 | <varlistentry id="libasn1">
|
---|
| 758 | <term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
|
---|
| 759 | <listitem><para>provides the ASN.1 and DER functions to encode and decode
|
---|
| 760 | the Kerberos TGTs.</para>
|
---|
| 761 | <indexterm zone="heimdal libasn1">
|
---|
| 762 | <primary sortas="c-libasn1">libasn1.[so,a]</primary>
|
---|
| 763 | </indexterm></listitem>
|
---|
| 764 | </varlistentry>
|
---|
| 765 |
|
---|
| 766 | <varlistentry id="libeditline">
|
---|
| 767 | <term><filename class='libraryfile'>libeditline.a</filename></term>
|
---|
| 768 | <listitem><para>is a command-line editing library with history.</para>
|
---|
| 769 | <indexterm zone="heimdal libeditline">
|
---|
| 770 | <primary sortas="c-libeditline">libeditline.a</primary>
|
---|
| 771 | </indexterm></listitem>
|
---|
| 772 | </varlistentry>
|
---|
| 773 |
|
---|
| 774 | <varlistentry id="libgssapi">
|
---|
| 775 | <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
|
---|
| 776 | <listitem><para>contain the Generic Security Service Application Programming
|
---|
| 777 | Interface (<acronym>GSSAPI</acronym>) functions which provides security
|
---|
| 778 | services to callers in a generic fashion, supportable with a range of
|
---|
| 779 | underlying mechanisms and technologies and hence allowing source-level
|
---|
| 780 | portability of applications to different environments.</para>
|
---|
| 781 | <indexterm zone="heimdal libgssapi">
|
---|
| 782 | <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
|
---|
| 783 | </indexterm></listitem>
|
---|
| 784 | </varlistentry>
|
---|
| 785 |
|
---|
| 786 | <varlistentry id="libhdb">
|
---|
| 787 | <term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
|
---|
| 788 | <listitem><para>is a <application>Heimdal</application> Kerberos 5
|
---|
| 789 | authentication/authorization database access library.</para>
|
---|
| 790 | <indexterm zone="heimdal libhdb">
|
---|
| 791 | <primary sortas="c-libhdb">libhdb.[so,a]</primary>
|
---|
| 792 | </indexterm></listitem>
|
---|
| 793 | </varlistentry>
|
---|
| 794 |
|
---|
| 795 | <varlistentry id="libkadm5clnt">
|
---|
| 796 | <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
|
---|
| 797 | <listitem><para>contains the administrative authentication and password
|
---|
| 798 | checking functions required by Kerberos 5 client-side programs.</para>
|
---|
| 799 | <indexterm zone="heimdal libkadm5clnt">
|
---|
| 800 | <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
|
---|
| 801 | </indexterm></listitem>
|
---|
| 802 | </varlistentry>
|
---|
| 803 |
|
---|
| 804 | <varlistentry id="libkadm5srv">
|
---|
| 805 | <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
|
---|
| 806 | <listitem><para>contain the administrative authentication and password
|
---|
| 807 | checking functions required by Kerberos 5 servers.</para>
|
---|
| 808 | <indexterm zone="heimdal libkadm5srv">
|
---|
| 809 | <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
|
---|
| 810 | </indexterm></listitem>
|
---|
| 811 | </varlistentry>
|
---|
| 812 |
|
---|
| 813 | <varlistentry id="libkafs">
|
---|
| 814 | <term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
|
---|
| 815 | <listitem><para>contains the functions required to authenticated to AFS.</para>
|
---|
| 816 | <indexterm zone="heimdal libkafs">
|
---|
| 817 | <primary sortas="c-libkafs">libkafs.[so,a]</primary>
|
---|
| 818 | </indexterm></listitem>
|
---|
| 819 | </varlistentry>
|
---|
| 820 |
|
---|
| 821 | <varlistentry id="libkrb5">
|
---|
| 822 | <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
|
---|
| 823 | <listitem><para>is an all-purpose Kerberos 5 library.</para>
|
---|
| 824 | <indexterm zone="heimdal libkrb5">
|
---|
| 825 | <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
|
---|
| 826 | </indexterm></listitem>
|
---|
| 827 | </varlistentry>
|
---|
| 828 |
|
---|
| 829 | <varlistentry id="libotp">
|
---|
| 830 | <term><filename class='libraryfile'>libotp.[so,a]</filename></term>
|
---|
| 831 | <listitem><para>contains the functions required to handle authenticating
|
---|
| 832 | one time passwords.</para>
|
---|
| 833 | <indexterm zone="heimdal libotp">
|
---|
| 834 | <primary sortas="c-libotp">libotp.[so,a]</primary>
|
---|
| 835 | </indexterm></listitem>
|
---|
| 836 | </varlistentry>
|
---|
| 837 |
|
---|
| 838 | <varlistentry id="libroken">
|
---|
| 839 | <term><filename class='libraryfile'>libroken.[so,a]</filename></term>
|
---|
| 840 | <listitem><para>is a library containing Kerberos 5 compatibility
|
---|
| 841 | functions.</para>
|
---|
| 842 | <indexterm zone="heimdal libroken">
|
---|
| 843 | <primary sortas="c-libroken">libroken.[so,a]</primary>
|
---|
| 844 | </indexterm></listitem>
|
---|
| 845 | </varlistentry>
|
---|
| 846 |
|
---|
| 847 | </variablelist>
|
---|
[b4b71892] | 848 |
|
---|
| 849 | </sect2>
|
---|
[6856556] | 850 |
|
---|
| 851 | </sect1>
|
---|