source: postlfs/security/heimdal.xml@ 1ae5e7f

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 1ae5e7f was 84418e6, checked in by Manuel Canales Esparcia <manuel@…>, 19 years ago

Tagged heimdal.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4199 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 36.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "2265fd2d4573dd3a8da45ce62519e48b">
10 <!ENTITY heimdal-size "3.3 MB">
11 <!ENTITY heimdal-buildsize "71 MB">
12 <!ENTITY heimdal-time "2.06 SBU">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <para><application>Heimdal</application> is a free implementation
33 of Kerberos 5, that aims to be compatible with MIT krb5 and is
34 backwards compatible with krb4. Kerberos is a network authentication
35 protocol. Basically it preserves the integrity of passwords in any
36 untrusted network (like the Internet). Kerberized applications work
37 hand-in-hand with sites that support Kerberos to ensure that passwords
38 cannot be stolen. A Kerberos installation will make changes to the
39 authentication mechanisms on your network and will overwrite several
40 programs and daemons from the <application>Coreutils</application>,
41 <application>Inetutils</application>, <application>Qpopper</application>
42 and <application>Shadow</application> packages.</para>
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &heimdal-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &heimdal-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &heimdal-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &heimdal-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <listitem>
69 <para>Required Patch: <ulink
70 url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
71 </listitem>
72 <listitem>
73 <para>Required patch for <application>cracklib</application>: <ulink
74 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
79
80 <bridgehead renderas="sect4">Required</bridgehead>
81 <para><xref linkend="openssl"/> and
82 <xref linkend="db"/></para>
83
84 <bridgehead renderas="sect4">Optional</bridgehead>
85 <para><xref linkend="Linux_PAM"/>,
86 <xref linkend="openldap"/>,
87 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
88 <xref linkend="cracklib"/> and
89 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
90
91 <note>
92 <para>Some sort of time synchronization facility on your system
93 (like <xref linkend="ntp"/>) is required since Kerberos won't
94 authenticate if the time differential between a kerberized client
95 and the KDC server is more than 5 minutes.</para>
96 </note>
97
98 </sect2>
99
100 <sect2 role="installation">
101 <title>Installation of Heimdal</title>
102
103 <para>Before installing the package, you may want to preserve the
104 <command>ftp</command> program from the <application>Inetutils</application>
105 package. This is because using the <application>Heimdal</application>
106 <command>ftp</command> program to connect to non-kerberized ftp servers may
107 not work properly. It will allow you to connect (letting you know that
108 transmission of the password is clear text) but will have problems doing puts
109 and gets. Issue the following command as the <systemitem
110 class="username">root</systemitem> user.</para>
111
112<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
113
114 <para>If you wish the <application>Heimdal</application> package to
115 link against the <application>cracklib</application> library, you
116 must apply a patch:</para>
117
118<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
119
120 <para>Install <application>Heimdal</application> by running the following
121 commands:</para>
122
123<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
124./configure --prefix=/usr --sysconfdir=/etc/heimdal \
125 --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
126 --libexecdir=/usr/sbin --enable-shared \
127 --with-openssl=/usr --with-readline=/usr &amp;&amp;
128make</userinput></screen>
129
130 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
131
132<screen role="root"><userinput>make install &amp;&amp;
133mv -v /bin/login /bin/login.shadow &amp;&amp;
134mv -v /bin/su /bin/su.shadow &amp;&amp;
135mv -v /usr/bin/{login,su} /bin &amp;&amp;
136ln -v -sf ../../bin/login /usr/bin &amp;&amp;
137mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
138 /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &amp;&amp;
139ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
140 /usr/lib &amp;&amp;
141ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
142 /usr/lib &amp;&amp;
143ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
144 /usr/lib &amp;&amp;
145ldconfig</userinput></screen>
146
147 </sect2>
148
149 <sect2 role="commands">
150 <title>Command Explanations</title>
151
152 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch
153 puts the daemon programs into
154 <filename class="directory">/usr/sbin</filename>.</para>
155
156 <note>
157 <para>If you want to preserve all your existing
158 <application>Inetutils</application> package daemons, install the
159 <application>Heimdal</application> daemons into
160 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
161 you want). Since these programs will be called from
162 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
163 really doesn't matter where they are installed, as long as they are
164 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
165 and <filename>rc</filename> scripts. If you choose something other than
166 <filename class="directory">/usr/sbin</filename>, you may want to move
167 some of the user programs (such as <command>kadmin</command>) to
168 <filename class="directory">/usr/sbin</filename> manually so they'll be
169 in the privileged user's default path.</para>
170 </note>
171
172 <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
173 The <command>login</command> and <command>su</command> programs installed by
174 <application>Heimdal</application> belong in the
175 <filename class="directory">/bin</filename> directory. The
176 <command>login</command> program is symlinked because
177 <application>Heimdal</application> is expecting to find it in
178 <filename class="directory">/usr/bin</filename>. The old executables are
179 preserved before the move to keep things sane should breaks occur.</para>
180
181 <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>:
182 The <command>login</command> and <command>su</command> programs installed
183 by <application>Heimdal</application> link against
184 <application>Heimdal</application> libraries as well as libraries provided
185 by the <application>OpenSSL</application> and
186 <application>Berkeley DB</application> packages. These
187 libraries are moved to <filename class="directory">/lib</filename> to be
188 FHS compliant and also in case
189 <filename class="directory">/usr</filename> is located on a separate partition
190 which may not always be mounted.</para>
191
192 </sect2>
193
194 <sect2 role="configuration">
195 <title>Configuring Heimdal</title>
196
197 <sect3 id="heimdal-config">
198 <title>Config Files</title>
199
200 <para><filename>/etc/heimdal/*</filename></para>
201
202 <indexterm zone="heimdal heimdal-config">
203 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
204 </indexterm>
205
206 </sect3>
207
208 <sect3>
209 <title>Configuration Information</title>
210
211 <sect4>
212 <title>Master KDC Server Configuration</title>
213
214 <para>Create the Kerberos configuration file with the
215 following commands:</para>
216
217<screen role="root"><userinput>install -v -d /etc/heimdal &amp;&amp;
218cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
219<literal># Begin /etc/heimdal/krb5.conf
220
221[libdefaults]
222 default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
223 encrypt = true
224
225[realms]
226 <replaceable>[EXAMPLE.COM]</replaceable> = {
227 kdc = <replaceable>[hostname.example.com]</replaceable>
228 admin_server = <replaceable>[hostname.example.com]</replaceable>
229 kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
230 }
231
232[domain_realm]
233 .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
234
235[logging]
236 kdc = FILE:/var/log/kdc.log
237 admin_server = FILE:/var/log/kadmin.log
238 default = FILE:/var/log/krb.log
239
240# End /etc/heimdal/krb5.conf</literal>
241EOF</userinput></screen>
242
243 <para>You will need to substitute your domain and proper hostname
244 for the occurrences of the <replaceable>[hostname]</replaceable>
245 and <replaceable>[EXAMPLE.COM]</replaceable> names.</para>
246
247 <para><option>default_realm</option> should be the name of your
248 domain changed to ALL CAPS. This isn't required, but both
249 <application>Heimdal</application> and <application>MIT
250 krb5</application> recommend it.</para>
251
252 <para><option>encrypt = true</option> provides encryption of all
253 traffic between kerberized clients and servers. It's not necessary
254 and can be left off. If you leave it off, you can encrypt all traffic
255 from the client to the server using a switch on the client program
256 instead.</para>
257
258 <para>The <option>[realms]</option> parameters tell the client
259 programs where to look for the KDC authentication services.</para>
260
261 <para>The <option>[domain_realm]</option> section maps a domain
262 to a realm.</para>
263
264 <para>Store the master password in a key file using the following
265 commands:</para>
266
267<screen role="root"><userinput>install -d -m 755 /var/lib/heimdal &amp;&amp;
268kstash</userinput></screen>
269
270 <para>Create the KDC database:</para>
271
272<screen role="root"><userinput>kadmin -l</userinput></screen>
273
274 <para>Choose the defaults for now. You can go in later and change the
275 defaults, should you feel the need. At the <prompt>kadmin&gt;</prompt>
276 prompt, issue the following statement:</para>
277
278<screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen>
279
280 <para>The database must now be populated with at least one principle
281 (user). For now, just use your regular login name or root. You may
282 create as few, or as many principles as you wish using the following
283 statement:</para>
284
285<screen role="root"><userinput>add <replaceable>[loginname]</replaceable></userinput></screen>
286
287 <para>The KDC server and any machine running kerberized
288 server daemons must have a host key installed:</para>
289
290<screen role="root"><userinput>add --random-key host/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
291
292 <para>After choosing the defaults when prompted, you will have to
293 export the data to a keytab file:</para>
294
295<screen role="root"><userinput>ext host/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
296
297 <para>This should have created two files in
298 <filename class="directory">/etc/heimdal</filename>:
299 <filename>krb5.keytab</filename> (Kerberos 5) and
300 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
301 (root rw only) permissions. Keeping the keytab files from public access
302 is crucial to the overall security of the Kerberos installation.</para>
303
304 <para>Eventually, you'll want to add server daemon principles to the
305 database and extract them to the keytab file. You do this in the same
306 way you created the host principles. Below is an example:</para>
307
308<screen role="root"><userinput>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
309
310 <para>(choose the defaults)</para>
311
312<screen role="root"><userinput>ext ftp/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
313
314 <para>Exit the <command>kadmin</command> program (use
315 <command>quit</command> or <command>exit</command>) and return back
316 to the shell prompt. Start the KDC daemon manually, just to test out
317 the installation:</para>
318
319<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
320
321 <para>Attempt to get a TGT (ticket granting ticket) with
322 the following command:</para>
323
324<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
325
326 <para>You will be prompted for the password you created. After you get
327 your ticket, you should list it with the following command:</para>
328
329<screen><userinput>klist</userinput></screen>
330
331 <para>Information about the ticket should be displayed on
332 the screen.</para>
333
334 <para>To test the functionality of the <filename>keytab</filename> file,
335 issue the following command:</para>
336
337<screen><userinput>ktutil list</userinput></screen>
338
339 <para>This should dump a list of the host principals, along with the
340 encryption methods used to access the principals.</para>
341
342 <para>At this point, if everything has been successful so far, you
343 can feel fairly confident in the installation and configuration of
344 the package.</para>
345
346 <para id="heimdal-init">Install the
347 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
348 in the <xref linkend="intro-important-bootscripts"/> package:</para>
349
350 <indexterm zone="heimdal heimdal-init">
351 <primary sortas="f-heimdal">heimdal</primary>
352 </indexterm>
353
354<screen role="root"><userinput>make install-heimdal</userinput></screen>
355
356 </sect4>
357
358 <sect4>
359 <title>Using Kerberized Client Programs</title>
360
361 <para>To use the kerberized client programs (<command>telnet</command>,
362 <command>ftp</command>, <command>rsh</command>,
363 <command>rxterm</command>, <command>rxtelnet</command>,
364 <command>rcp</command>, <command>xnlock</command>), you first must get
365 a TGT. Use the <command>kinit</command> program to get the ticket.
366 After you've acquired the ticket, you can use the kerberized programs
367 to connect to any kerberized server on the network. You will not be
368 prompted for authentication until your ticket expires (default is one
369 day), unless you specify a different user as a command line argument
370 to the program.</para>
371
372 <para>The kerberized programs will connect to non-kerberized daemons,
373 warning you that authentication is not encrypted. As mentioned earlier,
374 only the <command>ftp</command> program gives any trouble connecting to
375 non-kerberized daemons.</para>
376
377 <para>In order to use the <application>Heimdal</application>
378 <application>X</application> programs, you'll need to add a service
379 port entry to the <filename>/etc/services</filename> file for the
380 <command>kxd</command> server. There is no 'standardized port number'
381 for the 'kx' service in the IANA database, so you'll have to pick an
382 unused port number. Add an entry to the <filename>services</filename>
383 file similar to the entry below (substitute your chosen port number
384 for <replaceable>[49150]</replaceable>):</para>
385
386<screen><literal>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
387kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</literal></screen>
388
389 <para>For additional information consult <ulink
390 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
391 Heimdal hint</ulink> on which the above instructions are based.</para>
392
393 </sect4>
394
395 </sect3>
396
397 </sect2>
398
399 <sect2 role="content">
400 <title>Contents</title>
401
402 <segmentedlist>
403 <segtitle>Installed Programs</segtitle>
404 <segtitle>Installed Libraries</segtitle>
405 <segtitle>Installed Directories</segtitle>
406
407 <seglistitem>
408 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
409 ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred,
410 kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd,
411 login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp,
412 replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet,
413 telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock</seg>
414 <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
415 libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
416 libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a]</seg>
417 <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss, and
418 /var/lib/heimdal</seg>
419 </seglistitem>
420 </segmentedlist>
421
422 <variablelist>
423 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
424 <?dbfo list-presentation="list"?>
425 <?dbhtml list-presentation="table"?>
426
427 <varlistentry id="afslog">
428 <term><command>afslog</command></term>
429 <listitem>
430 <para>obtains AFS tokens for a number of cells.</para>
431 <indexterm zone="heimdal afslog">
432 <primary sortas="b-afslog">afslog</primary>
433 </indexterm>
434 </listitem>
435 </varlistentry>
436
437 <varlistentry id="ftp">
438 <term><command>ftp</command></term>
439 <listitem>
440 <para>is a kerberized FTP client.</para>
441 <indexterm zone="heimdal ftp">
442 <primary sortas="b-ftp">ftp</primary>
443 </indexterm>
444 </listitem>
445 </varlistentry>
446
447 <varlistentry id="ftpd">
448 <term><command>ftpd</command></term>
449 <listitem>
450 <para>is a kerberized FTP daemon.</para>
451 <indexterm zone="heimdal ftpd">
452 <primary sortas="b-ftpd">ftpd</primary>
453 </indexterm>
454 </listitem>
455 </varlistentry>
456
457 <varlistentry id="hprop">
458 <term><command>hprop</command></term>
459 <listitem>
460 <para> takes a principal database in a specified format and converts
461 it into a stream of <application>Heimdal</application> database
462 records.</para>
463 <indexterm zone="heimdal hprop">
464 <primary sortas="b-hprop">hprop</primary>
465 </indexterm>
466 </listitem>
467 </varlistentry>
468
469 <varlistentry id="hpropd">
470 <term><command>hpropd</command></term>
471 <listitem>
472 <para>is a server that receives a database sent by
473 <command>hprop</command> and writes it as a local database.</para>
474 <indexterm zone="heimdal hpropd">
475 <primary sortas="b-hpropd">hpropd</primary>
476 </indexterm>
477 </listitem>
478 </varlistentry>
479
480 <varlistentry id="ipropd-master">
481 <term><command>ipropd-master</command></term>
482 <listitem>
483 <para>is a daemon which runs on the master KDC
484 server which incrementally propogates changes to the KDC
485 database to the slave KDC servers.</para>
486 <indexterm zone="heimdal ipropd-master">
487 <primary sortas="b-ipropd-master">ipropd-master</primary>
488 </indexterm>
489 </listitem>
490 </varlistentry>
491
492 <varlistentry id="ipropd-slave">
493 <term><command>ipropd-slave</command></term>
494 <listitem>
495 <para>is a daemon which runs on the slave KDC
496 servers which incrementally propogates changes to the KDC
497 database from the master KDC server.</para>
498 <indexterm zone="heimdal ipropd-slave">
499 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
500 </indexterm>
501 </listitem>
502 </varlistentry>
503
504 <varlistentry id="kadmin">
505 <term><command>kadmin</command></term>
506 <listitem>
507 <para>is a utility used to make modifications to the Kerberos
508 database.</para>
509 <indexterm zone="heimdal kadmin">
510 <primary sortas="b-kadmin">kadmin</primary>
511 </indexterm>
512 </listitem>
513 </varlistentry>
514
515 <varlistentry id="kadmind">
516 <term><command>kadmind</command></term>
517 <listitem>
518 <para>is a server for administrative access to the Kerberos
519 database.</para>
520 <indexterm zone="heimdal kadmind">
521 <primary sortas="b-kadmind">kadmind</primary>
522 </indexterm>
523 </listitem>
524 </varlistentry>
525
526 <varlistentry id="kauth">
527 <term><command>kauth</command></term>
528 <listitem>
529 <para>is a symbolic link to the <command>kinit</command> program.</para>
530 <indexterm zone="heimdal kauth">
531 <primary sortas="g-kauth">kauth</primary>
532 </indexterm>
533 </listitem>
534 </varlistentry>
535
536 <varlistentry id="kdc">
537 <term><command>kdc</command></term>
538 <listitem>
539 <para>is a Kerberos 5 server.</para>
540 <indexterm zone="heimdal kdc">
541 <primary sortas="b-kdc">kdc</primary>
542 </indexterm>
543 </listitem>
544 </varlistentry>
545
546 <varlistentry id="kdestroy">
547 <term><command>kdestroy</command></term>
548 <listitem>
549 <para>removes a principle's current set of tickets.</para>
550 <indexterm zone="heimdal kdestroy">
551 <primary sortas="b-kdestroy">kdestroy</primary>
552 </indexterm>
553 </listitem>
554 </varlistentry>
555
556 <varlistentry id="kf">
557 <term><command>kf</command></term>
558 <listitem>
559 <para>is a program which forwards tickets to a remote host through
560 an authenticated and encrypted stream.</para>
561 <indexterm zone="heimdal kf">
562 <primary sortas="b-kf">kf</primary>
563 </indexterm>
564 </listitem>
565 </varlistentry>
566
567 <varlistentry id="kfd">
568 <term><command>kfd</command></term>
569 <listitem>
570 <para>is a server used to receive forwarded tickets.</para>
571 <indexterm zone="heimdal kfd">
572 <primary sortas="b-kfd">kfd</primary>
573 </indexterm>
574 </listitem>
575 </varlistentry>
576
577 <varlistentry id="kgetcred">
578 <term><command>kgetcred</command></term>
579 <listitem>
580 <para>obtains a ticket for a service.</para>
581 <indexterm zone="heimdal kgetcred">
582 <primary sortas="b-kgetcred">kgetcred</primary>
583 </indexterm>
584 </listitem>
585 </varlistentry>
586
587 <varlistentry id="kinit">
588 <term><command>kinit</command></term>
589 <listitem>
590 <para>is used to authenticate to the Kerberos server as a principal
591 and acquire a ticket granting ticket that can later be used to obtain
592 tickets for other services.</para>
593 <indexterm zone="heimdal kinit">
594 <primary sortas="b-kinit">kinit</primary>
595 </indexterm>
596 </listitem>
597 </varlistentry>
598
599 <varlistentry id="klist">
600 <term><command>klist</command></term>
601 <listitem>
602 <para>reads and displays the current tickets in the credential
603 cache.</para>
604 <indexterm zone="heimdal klist">
605 <primary sortas="b-klist">klist</primary>
606 </indexterm>
607 </listitem>
608 </varlistentry>
609
610 <varlistentry id="kpasswd">
611 <term><command>kpasswd</command></term>
612 <listitem>
613 <para>is a program for changing Kerberos 5 passwords.</para>
614 <indexterm zone="heimdal kpasswd">
615 <primary sortas="b-kpasswd">kpasswd</primary>
616 </indexterm>
617 </listitem>
618 </varlistentry>
619
620 <varlistentry id="kpasswdd">
621 <term><command>kpasswdd</command></term>
622 <listitem>
623 <para>is a Kerberos 5 password changing server.</para>
624 <indexterm zone="heimdal kpasswdd">
625 <primary sortas="b-kpasswdd">kpasswdd</primary>
626 </indexterm>
627 </listitem>
628 </varlistentry>
629
630 <varlistentry id="krb5-config-prog">
631 <term><command>krb5-config</command></term>
632 <listitem>
633 <para>gives information on how to link programs against
634 <application>Heimdal</application> libraries.</para>
635 <indexterm zone="heimdal krb5-config-prog">
636 <primary sortas="b-krb5-config">krb5-config</primary>
637 </indexterm>
638 </listitem>
639 </varlistentry>
640
641 <varlistentry id="kstash">
642 <term><command>kstash</command></term>
643 <listitem>
644 <para>stores the KDC master password in a file.</para>
645 <indexterm zone="heimdal kstash">
646 <primary sortas="b-kstash">kstash</primary>
647 </indexterm>
648 </listitem>
649 </varlistentry>
650
651 <varlistentry id="ktutil">
652 <term><command>ktutil</command></term>
653 <listitem>
654 <para>is a program for managing Kerberos keytabs.</para>
655 <indexterm zone="heimdal ktutil">
656 <primary sortas="b-ktutil">ktutil</primary>
657 </indexterm>
658 </listitem>
659 </varlistentry>
660
661 <varlistentry id="kx">
662 <term><command>kx</command></term>
663 <listitem>
664 <para>is a program which securely forwards
665 <application>X</application> connections.</para>
666 <indexterm zone="heimdal kx">
667 <primary sortas="b-kx">kx</primary>
668 </indexterm>
669 </listitem>
670 </varlistentry>
671
672 <varlistentry id="kxd">
673 <term><command>kxd</command></term>
674 <listitem>
675 <para>is the daemon for <command>kx</command>.</para>
676 <indexterm zone="heimdal kxd">
677 <primary sortas="b-kxd">kxd</primary>
678 </indexterm>
679 </listitem>
680 </varlistentry>
681
682 <varlistentry id="login">
683 <term><command>login</command></term>
684 <listitem>
685 <para>is a kerberized login program.</para>
686 <indexterm zone="heimdal login">
687 <primary sortas="b-login">login</primary>
688 </indexterm>
689 </listitem>
690 </varlistentry>
691
692 <varlistentry id="otp">
693 <term><command>otp</command></term>
694 <listitem>
695 <para>manages one-time passwords.</para>
696 <indexterm zone="heimdal otp">
697 <primary sortas="b-otp">otp</primary>
698 </indexterm>
699 </listitem>
700 </varlistentry>
701
702 <varlistentry id="otpprint">
703 <term><command>otpprint</command></term>
704 <listitem>
705 <para>prints lists of one-time passwords.</para>
706 <indexterm zone="heimdal otpprint">
707 <primary sortas="b-otpprint">otpprint</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>
711
712 <varlistentry id="pfrom">
713 <term><command>pfrom</command></term>
714 <listitem>
715 <para>is a script that runs <command>push --from</command>.</para>
716 <indexterm zone="heimdal pfrom">
717 <primary sortas="b-pfrom">pfrom</primary>
718 </indexterm>
719 </listitem>
720 </varlistentry>
721
722 <varlistentry id="popper">
723 <term><command>popper</command></term>
724 <listitem>
725 <para>is a kerberized POP-3 server.</para>
726 <indexterm zone="heimdal popper">
727 <primary sortas="b-popper">popper</primary>
728 </indexterm>
729 </listitem>
730 </varlistentry>
731
732 <varlistentry id="push">
733 <term><command>push</command></term>
734 <listitem>
735 <para>is a kerberized POP mail retreival client.</para>
736 <indexterm zone="heimdal push">
737 <primary sortas="b-push">push</primary>
738 </indexterm>
739 </listitem>
740 </varlistentry>
741
742 <varlistentry id="rcp">
743 <term><command>rcp</command></term>
744 <listitem>
745 <para>is a kerberized rcp client program.</para>
746 <indexterm zone="heimdal rcp">
747 <primary sortas="b-rcp">rcp</primary>
748 </indexterm>
749 </listitem>
750 </varlistentry>
751
752 <varlistentry id="rsh">
753 <term><command>rsh</command></term>
754 <listitem>
755 <para>is a kerberized rsh client program.</para>
756 <indexterm zone="heimdal rsh">
757 <primary sortas="b-rsh">rsh</primary>
758 </indexterm>
759 </listitem>
760 </varlistentry>
761
762 <varlistentry id="rshd">
763 <term><command>rshd</command></term>
764 <listitem>
765 <para>is a kerberized rsh server.</para>
766 <indexterm zone="heimdal rshd">
767 <primary sortas="b-rshd">rshd</primary>
768 </indexterm>
769 </listitem>
770 </varlistentry>
771
772 <varlistentry id="rxtelnet">
773 <term><command>rxtelnet</command></term>
774 <listitem>
775 <para>starts a secure <command>xterm</command> window with a
776 <command>telnet</command> to a given host and forwards
777 <application>X</application> connections.</para>
778 <indexterm zone="heimdal rxtelnet">
779 <primary sortas="b-rxtelnet">rxtelnet</primary>
780 </indexterm>
781 </listitem>
782 </varlistentry>
783
784 <varlistentry id="rxterm">
785 <term><command>rxterm</command></term>
786 <listitem>
787 <para>starts a secure remote <command>xterm</command>.</para>
788 <indexterm zone="heimdal rxterm">
789 <primary sortas="b-rxterm">rxterm</primary>
790 </indexterm>
791 </listitem>
792 </varlistentry>
793
794 <varlistentry id="string2key">
795 <term><command>string2key</command></term>
796 <listitem>
797 <para>maps a password into a key.</para>
798 <indexterm zone="heimdal string2key">
799 <primary sortas="b-string2key">string2key</primary>
800 </indexterm>
801 </listitem>
802 </varlistentry>
803
804 <varlistentry id="su">
805 <term><command>su</command></term>
806 <listitem>
807 <para>is a kerberized su client program.</para>
808 <indexterm zone="heimdal su">
809 <primary sortas="b-su">su</primary>
810 </indexterm>
811 </listitem>
812 </varlistentry>
813
814 <varlistentry id="telnet">
815 <term><command>telnet</command></term>
816 <listitem>
817 <para>is a kerberized telnet client program.</para>
818 <indexterm zone="heimdal telnet">
819 <primary sortas="b-telnet">telnet</primary>
820 </indexterm>
821 </listitem>
822 </varlistentry>
823
824 <varlistentry id="telnetd">
825 <term><command>telnetd</command></term>
826 <listitem>
827 <para>is a kerberized telnet server.</para>
828 <indexterm zone="heimdal telnetd">
829 <primary sortas="b-telnetd">telnetd</primary>
830 </indexterm>
831 </listitem>
832 </varlistentry>
833
834 <varlistentry id="tenletxr">
835 <term><command>tenletxr</command></term>
836 <listitem>
837 <para>forwards <application>X</application> connections
838 backwards.</para>
839 <indexterm zone="heimdal tenletxr">
840 <primary sortas="b-tenletxr">tenletxr</primary>
841 </indexterm>
842 </listitem>
843 </varlistentry>
844
845 <varlistentry id="verify_krb5_conf">
846 <term><command>verify_krb5_conf</command></term>
847 <listitem>
848 <para>checks <filename>krb5.conf</filename> file for obvious
849 errors.</para>
850 <indexterm zone="heimdal verify_krb5_conf">
851 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
852 </indexterm>
853 </listitem>
854 </varlistentry>
855
856 <varlistentry id="xnlock">
857 <term><command>xnlock</command></term>
858 <listitem>
859 <para>is a program that acts as a secure screen saver for
860 workstations running <application>X</application>.</para>
861 <indexterm zone="heimdal xnlock">
862 <primary sortas="b-xnlock">xnlock</primary>
863 </indexterm>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry id="libasn1">
868 <term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
869 <listitem>
870 <para>provides the ASN.1 and DER functions to encode and decode
871 the Kerberos TGTs.</para>
872 <indexterm zone="heimdal libasn1">
873 <primary sortas="c-libasn1">libasn1.[so,a]</primary>
874 </indexterm>
875 </listitem>
876 </varlistentry>
877
878 <varlistentry id="libeditline">
879 <term><filename class='libraryfile'>libeditline.a</filename></term>
880 <listitem>
881 <para>is a command-line editing library with history.</para>
882 <indexterm zone="heimdal libeditline">
883 <primary sortas="c-libeditline">libeditline.a</primary>
884 </indexterm>
885 </listitem>
886 </varlistentry>
887
888 <varlistentry id="libgssapi">
889 <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
890 <listitem>
891 <para>contain the Generic Security Service Application Programming
892 Interface (GSSAPI) functions which provides security
893 services to callers in a generic fashion, supportable with a range of
894 underlying mechanisms and technologies and hence allowing source-level
895 portability of applications to different environments.</para>
896 <indexterm zone="heimdal libgssapi">
897 <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
898 </indexterm>
899 </listitem>
900 </varlistentry>
901
902 <varlistentry id="libhdb">
903 <term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
904 <listitem>
905 <para>is a <application>Heimdal</application> Kerberos 5
906 authentication/authorization database access library.</para>
907 <indexterm zone="heimdal libhdb">
908 <primary sortas="c-libhdb">libhdb.[so,a]</primary>
909 </indexterm>
910 </listitem>
911 </varlistentry>
912
913 <varlistentry id="libkadm5clnt">
914 <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
915 <listitem>
916 <para>contains the administrative authentication and password
917 checking functions required by Kerberos 5 client-side programs.</para>
918 <indexterm zone="heimdal libkadm5clnt">
919 <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
920 </indexterm>
921 </listitem>
922 </varlistentry>
923
924 <varlistentry id="libkadm5srv">
925 <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
926 <listitem>
927 <para>contain the administrative authentication and password
928 checking functions required by Kerberos 5 servers.</para>
929 <indexterm zone="heimdal libkadm5srv">
930 <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
931 </indexterm>
932 </listitem>
933 </varlistentry>
934
935 <varlistentry id="libkafs">
936 <term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
937 <listitem>
938 <para>contains the functions required to authenticated to AFS.</para>
939 <indexterm zone="heimdal libkafs">
940 <primary sortas="c-libkafs">libkafs.[so,a]</primary>
941 </indexterm>
942 </listitem>
943 </varlistentry>
944
945 <varlistentry id="libkrb5">
946 <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
947 <listitem>
948 <para>is an all-purpose Kerberos 5 library.</para>
949 <indexterm zone="heimdal libkrb5">
950 <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
951 </indexterm>
952 </listitem>
953 </varlistentry>
954
955 <varlistentry id="libotp">
956 <term><filename class='libraryfile'>libotp.[so,a]</filename></term>
957 <listitem>
958 <para>contains the functions required to handle authenticating
959 one time passwords.</para>
960 <indexterm zone="heimdal libotp">
961 <primary sortas="c-libotp">libotp.[so,a]</primary>
962 </indexterm>
963 </listitem>
964 </varlistentry>
965
966 <varlistentry id="libroken">
967 <term><filename class='libraryfile'>libroken.[so,a]</filename></term>
968 <listitem>
969 <para>is a library containing Kerberos 5 compatibility
970 functions.</para>
971 <indexterm zone="heimdal libroken">
972 <primary sortas="c-libroken">libroken.[so,a]</primary>
973 </indexterm>
974 </listitem>
975 </varlistentry>
976
977 </variablelist>
978
979 </sect2>
980
981</sect1>
Note: See TracBrowser for help on using the repository browser.