Context Navigation

heimdal.xml@ 138eff3

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 138eff3 was 138eff3, checked in by Randy McMurchy <randy@…>, 17 years ago

Fixed a typo in the Heimdal instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7102 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 42.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8	<!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9	<!ENTITY heimdal-md5sum "c937580d6f8b11bf7f0e540530e1dc18">
10	<!ENTITY heimdal-size "4.5 MB">
11	<!ENTITY heimdal-buildsize "101 MB">
12	<!ENTITY heimdal-time "2.4 SBU">
13	]>
14
15	<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16	<?dbhtml filename="heimdal.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>Heimdal-&heimdal-version;</title>
24
25	<indexterm zone="heimdal">
26	<primary sortas="a-Heimdal">Heimdal</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to Heimdal</title>
31
32	<para><application>Heimdal</application> is a free implementation
33	of Kerberos 5 that aims to be compatible with MIT krb5 and is
34	backward compatible with krb4. Kerberos is a network authentication
35	protocol. Basically it preserves the integrity of passwords in any
36	untrusted network (like the Internet). Kerberized applications work
37	hand-in-hand with sites that support Kerberos to ensure that passwords
38	cannot be stolen or compromised. A Kerberos installation will make changes
39	to the authentication mechanisms on your network and will overwrite several
40	programs and daemons from the <application>Coreutils</application>,
41	<application>Inetutils</application>, <application>Qpopper</application>
42	and <application>Shadow</application> packages.</para>
43
44	<bridgehead renderas="sect3">Package Information</bridgehead>
45	<itemizedlist spacing="compact">
46	<listitem>
47	<para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48	</listitem>
49	<listitem>
50	<para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51	</listitem>
52	<listitem>
53	<para>Download MD5 sum: &heimdal-md5sum;</para>
54	</listitem>
55	<listitem>
56	<para>Download size: &heimdal-size;</para>
57	</listitem>
58	<listitem>
59	<para>Estimated disk space required: &heimdal-buildsize;</para>
60	</listitem>
61	<listitem>
62	<para>Estimated build time: &heimdal-time;</para>
63	</listitem>
64	</itemizedlist>
65
66	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
67	<itemizedlist spacing='compact'>
68	<listitem>
69	<para>Required Patch: <ulink
70	url="ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"/></para>
71	</listitem>
72	<listitem>
73	<para>Required Patch: <ulink
74	url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
75	</listitem>
76	<listitem>
77	<para>Required patch for <application>CrackLib</application> support: <ulink
78	url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
79	</listitem>
80	</itemizedlist>
81
82	<bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
83
84	<bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
85	<para role="required">
86	<!-- <xref linkend="db"/> -->
87	<xref linkend="db"/> is recommended (installed in LFS)
88	or <xref linkend="gdbm"/></para>
89
90	<bridgehead renderas="sect4">Recommended</bridgehead>
91	<para role="recommended"><xref linkend="openssl"/></para>
92
93	<bridgehead renderas="sect4">Optional</bridgehead>
94	<para role="optional"><xref linkend="linux-pam"/>,
95	<xref linkend="openldap"/>,
96	<xref linkend="x-window-system"/>,
97	<xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
98	patch), and
99	<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
100
101	<note>
102	<para>Some sort of time synchronization facility on your system
103	(like <xref linkend="ntp"/>) is required since Kerberos won't
104	authenticate if the time differential between a kerberized client
105	and the KDC server is more than 5 minutes.</para>
106	</note>
107
108	<para condition="html" role="usernotes">User Notes:
109	<ulink url="&blfs-wiki;/heimdal"/></para>
110
111	</sect2>
112
113	<sect2 role="installation">
114	<title>Installation of Heimdal</title>
115
116	<!-- This doesn't appear to be needed any longer as testing has
117	shown that the ftp client now works without issues
118
119	<para>Before installing the package, you may want to preserve the
120	<command>ftp</command> program from the <application>Inetutils</application>
121	package. This is because using the <application>Heimdal</application>
122	<command>ftp</command> program to connect to non-kerberized ftp servers may
123	not work properly. It will allow you to connect (letting you know that
124	transmission of the password is clear text) but will have problems doing
125	puts and gets. Issue the following command as the
126	<systemitem class="username">root</systemitem> user.</para>
127
128	<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
129	-->
130
131	<warning>
132	<para>Ensure you really need a Kerberos installation before you decide
133	to install this package. Failure to install and configure the package
134	correctly can alter your system so that users cannot log in.</para>
135	</warning>
136
137	<para>If you wish the <application>Heimdal</application> package to
138	link against the <application>CrackLib</application> library to provide
139	enforcement of strong passwords (requires <xref linkend="cracklib"/>
140	installed with the <filename>heimdal</filename> patch), you must apply a
141	patch:</para>
142
143	<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
144
145	<para>Install <application>Heimdal</application> by running the following
146	commands:</para>
147
148	<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-setuid-patch.txt &&
149	patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
150	./configure --prefix=/usr \
151	--sysconfdir=/etc/heimdal \
152	--libexecdir=/usr/sbin \
153	--datadir=/var/lib/heimdal \
154	--localstatedir=/var/lib/heimdal \
155	--enable-shared \
156	--with-readline=/usr &&
157	make</userinput></screen>
158
159	<para>If you have <xref linkend="tetex"/> installed and wish to create
160	alternate forms of the documentation, issue any or all of the following
161	commands:</para>
162
163	<screen><userinput>make -C doc html &&
164	mv doc/heimdal.html doc/html &&
165	make -C doc pdf &&
166	make -C doc ps &&
167	makeinfo --html --no-split -o doc/heimdal.html doc/heimdal.texi &&
168	makeinfo --plaintext -o doc/heimdal.txt doc/heimdal.texi</userinput></screen>
169
170	<para>To test the results, issue: <command>make check</command>.</para>
171
172	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
173
174	<screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.glibc &&
175	mv -v /usr/include/glob.h /usr/include/glob.h.glibc &&
176
177	mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &&
178	mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &&
179	mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &&
180	if [ -f /usr/lib/libss.la ]; then
181	mv -v /usr/lib/libss.la /usr/lib/libss.la.e2fsprogs
182	done &&
183
184	make install &&
185
186	mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.heimdal &&
187	mv -v /usr/include/fnmatch.h.glibc /usr/include/fnmatch.h &&
188	mv -v /usr/include/glob.h /usr/include/glob.h.heimdal &&
189	mv -v /usr/include/glob.h.glibc /usr/include/glob.h &&
190
191	mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.heimdal &&
192	mv -v /usr/include/ss/ss.h.e2fsprogs /usr/include/ss/ss.h &&
193	mv -v /usr/lib/libss.a /usr/lib/libss.a.heimdal &&
194	mv -v /usr/lib/libss.a.e2fsprogs /usr/lib/libss.a &&
195	mv -v /usr/lib/libss.so /usr/lib/libss.so.heimdal &&
196	mv -v /usr/lib/libss.so.e2fsprogs /usr/lib/libss.so &&
197	mv -v /usr/lib/libss.la /usr/lib/libss.la.heimdal &&
198	if [ -e /usr/lib/libss.la.e2fsprogs ]; then
199	mv -v /usr/lib/libss.la.e2fsprogs /usr/lib/libss.la
200	fi &&
201
202	if [ -e /usr/lib/libss.so.2 ]; then rm -v /usr/lib/libss.so.2; fi &&
203
204	install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &&
205	install -v -m644 doc/{init-creds,layman.asc} \
206	/usr/share/doc/heimdal-&heimdal-version; &&
207	install -v -m644 doc/standardisation/* \
208	/usr/share/doc/heimdal-&heimdal-version;/standardisation &&
209
210	mv -v /bin/login /bin/login.shadow &&
211	mv -v /bin/su /bin/su.shadow &&
212	mv -v /usr/bin/{login,su} /bin &&
213	ln -v -sf ../../bin/login /usr/bin &&
214
215	for LINK in lib{otp,kafs,krb5,asn1,roken,crypto}; do
216	mv -v /usr/lib/${LINK}.so.* /lib &&
217	ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
218	/usr/lib/${LINK}.so
219	done &&
220
221	mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
222	/usr/lib/libdb-?.so \
223	/lib &&
224	ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
225	/usr/lib/libdb.so &&
226
227	ldconfig</userinput></screen>
228
229	<para>If you built any of the alternate forms of documentation, install it
230	using the following commands as the
231	<systemitem class="username">root</systemitem> user:</para>
232
233	<screen role="root"><userinput>
234	install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/html &&
235	install -v -m644 doc/html/* \
236	/usr/share/doc/heimdal-&heimdal-version;/html &&
237	install -v -m644 doc/heimdal.{dvi,ps,pdf,html,txt} \
238	/usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
239
240	</sect2>
241
242	<sect2 role="commands">
243	<title>Command Explanations</title>
244
245	<para><command>mv -v /usr/include/...</command> and
246	<command>mv -v /usr/lib/libss.*</command>: The
247	<application>Heimdal</application> installation will overwrite two
248	interface headers from the <application>Glibc</application> package and an
249	interface header, static library and library symbolic link from the
250	<application>E2fsprogs</application> package. These commands rename the
251	original files before the installation, and then restore them (after
252	renaming the new <application>Heimdal</application> files) after the
253	installation.</para>
254
255	<para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
256	the daemon programs to be installed into
257	<filename class="directory">/usr/sbin</filename>.</para>
258
259	<tip>
260	<para>If you want to preserve all your existing
261	<application>Inetutils</application> package daemons, install the
262	<application>Heimdal</application> daemons into
263	<filename class="directory">/usr/sbin/heimdal</filename> (or wherever
264	you want). Since these programs will be called from
265	<command>(x)inetd</command> or <filename>rc</filename> scripts, it
266	really doesn't matter where they are installed, as long as they are
267	correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
268	and <filename>rc</filename> scripts. If you choose something other than
269	<filename class="directory">/usr/sbin</filename>, you may want to move
270	some of the user programs (such as <command>kadmin</command>) to
271	<filename class="directory">/usr/sbin</filename> manually so they'll be
272	in the privileged user's default <envar>PATH</envar>.</para>
273	</tip>
274
275	<para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
276	The <command>login</command> and <command>su</command> programs installed by
277	<application>Heimdal</application> belong in the
278	<filename class="directory">/bin</filename> directory. The
279	<command>login</command> program is symlinked because
280	<application>Heimdal</application> is expecting to find it in
281	<filename class="directory">/usr/bin</filename>. The old executables are
282	preserved before the move so that they can be restored if you experience
283	problems logging into the system after the
284	<application>Heimdal</application> package is installed and
285	configured.</para>
286
287	<para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
288	The <command>login</command> and <command>su</command> programs installed
289	by <application>Heimdal</application> link against
290	<application>Heimdal</application> libraries as well as libraries provided
291	by the <application>OpenSSL</application> and
292	<application>Berkeley DB</application> packages. These
293	libraries are moved to <filename class="directory">/lib</filename> to be
294	FHS compliant and also in case
295	<filename class="directory">/usr</filename> is located on a separate
296	partition which may not always be mounted.</para>
297
298	</sect2>
299
300	<sect2 role="configuration">
301	<title>Configuring Heimdal</title>
302
303	<sect3 id="heimdal-config">
304	<title>Config Files</title>
305
306	<para><filename>/etc/heimdal/*</filename></para>
307
308	<indexterm zone="heimdal heimdal-config">
309	<primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
310	</indexterm>
311
312	</sect3>
313
314	<sect3>
315	<title>Configuration Information</title>
316
317	<note>
318	<para>All the configuration steps shown below must be accomplished
319	by the <systemitem class='username'>root</systemitem> user unless
320	otherwise noted.</para>
321	</note>
322
323	<sect4>
324	<title>Master KDC Server Configuration</title>
325
326	<para>Create the Kerberos configuration file with the
327	following commands:</para>
328
329	<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &&
330	cat > /etc/heimdal/krb5.conf << "EOF"
331	<literal># Begin /etc/heimdal/krb5.conf
332
333	[libdefaults]
334	default_realm = <replaceable><EXAMPLE.COM></replaceable>
335	encrypt = true
336
337	[realms]
338	<replaceable><EXAMPLE.COM></replaceable> = {
339	kdc = <replaceable><hostname.example.com></replaceable>
340	admin_server = <replaceable><hostname.example.com></replaceable>
341	kpasswd_server = <replaceable><hostname.example.com></replaceable>
342	}
343
344	[domain_realm]
345	.<replaceable><example.com></replaceable> = <replaceable><EXAMPLE.COM></replaceable>
346
347	[logging]
348	kdc = FILE:/var/log/kdc.log
349	admin_server = FILE:/var/log/kadmin.log
350	default = FILE:/var/log/krb.log
351
352	# End /etc/heimdal/krb5.conf</literal>
353	EOF
354	chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
355
356	<para>You will need to substitute your domain and proper hostname
357	for the occurrences of the <replaceable><hostname></replaceable>
358	and <replaceable><EXAMPLE.COM></replaceable> names.</para>
359
360	<para><option>default_realm</option> should be the name of your
361	domain changed to ALL CAPS. This isn't required, but both
362	<application>Heimdal</application> and <application>MIT
363	krb5</application> recommend it.</para>
364
365	<para><option>encrypt = true</option> provides encryption of all
366	traffic between kerberized clients and servers. It's not necessary
367	and can be left off. If you leave it off, you can encrypt all traffic
368	from the client to the server using a switch on the client program
369	instead.</para>
370
371	<para>The <option>[realms]</option> parameters tell the client
372	programs where to look for the KDC authentication services.</para>
373
374	<para>The <option>[domain_realm]</option> section maps a domain
375	to a realm.</para>
376
377	<para>Store the master password in a key file using the following
378	commands:</para>
379
380	<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &&
381	kstash</userinput></screen>
382
383	<para>Create the KDC database:</para>
384
385	<screen role="root"><userinput>kadmin -l</userinput></screen>
386
387	<para>The commands below will prompt you for information about the
388	principles. Choose the defaults for now unless you know what you are
389	doing and need to specify different values. You can go in later and
390	change the defaults, should you feel the need. You may use the up and
391	down arrow keys to use the history feature of <command>kadmin</command>
392	in a similar manner as the <command>bash</command> history
393	feature.</para>
394
395	<para>At the <prompt>kadmin></prompt> prompt, issue the following
396	statement:</para>
397
398	<screen role="root"><userinput>init <replaceable><EXAMPLE.COM></replaceable></userinput></screen>
399
400	<para>The database must now be populated with at least one principle
401	(user). For now, just use your regular login name or root. You may
402	create as few, or as many principles as you wish using the following
403	statement:</para>
404
405	<screen role="root"><userinput>add <replaceable><loginname></replaceable></userinput></screen>
406
407	<para>The KDC server and any machine running kerberized
408	server daemons must have a host key installed:</para>
409
410	<screen role="root"><userinput>add --random-key host/<replaceable><hostname.example.com></replaceable></userinput></screen>
411
412	<para>After choosing the defaults when prompted, you will have to
413	export the data to a keytab file:</para>
414
415	<screen role="root"><userinput>ext host/<replaceable><hostname.example.com></replaceable></userinput></screen>
416
417	<para>This should have created two files in
418	<filename class="directory">/etc/heimdal</filename>:
419	<filename>krb5.keytab</filename> (Kerberos 5) and
420	<filename>srvtab</filename> (Kerberos 4). Both files should have 600
421	(root rw only) permissions. Keeping the keytab files from public access
422	is crucial to the overall security of the Kerberos installation.</para>
423
424	<para>Eventually, you'll want to add server daemon principles to the
425	database and extract them to the keytab file. You do this in the same
426	way you created the host principles. Below is an example:</para>
427
428	<screen role="root"><userinput>add --random-key ftp/<replaceable><hostname.example.com></replaceable></userinput></screen>
429
430	<para>(choose the defaults)</para>
431
432	<screen role="root"><userinput>ext ftp/<replaceable><hostname.example.com></replaceable></userinput></screen>
433
434	<para>Exit the <command>kadmin</command> program (use
435	<command>quit</command> or <command>exit</command>) and return back
436	to the shell prompt. Start the KDC daemon manually, just to test out
437	the installation:</para>
438
439	<screen role="root"><userinput>/usr/sbin/kdc &</userinput></screen>
440
441	<para>Attempt to get a TGT (ticket granting ticket) with
442	the following command:</para>
443
444	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
445
446	<para>You will be prompted for the password you created. After you get
447	your ticket, you should list it with the following command:</para>
448
449	<screen><userinput>klist</userinput></screen>
450
451	<para>Information about the ticket should be displayed on
452	the screen.</para>
453
454	<para>To test the functionality of the <filename>keytab</filename> file,
455	issue the following command:</para>
456
457	<screen><userinput>ktutil list</userinput></screen>
458
459	<para>This should dump a list of the host principals, along with the
460	encryption methods used to access the principals.</para>
461
462	<para>At this point, if everything has been successful so far, you
463	can feel fairly confident in the installation, setup and configuration
464	of your new <application>Heimdal</application> Kerberos 5
465	installation.</para>
466
467	<para id="heimdal-init">Install the
468	<filename>/etc/rc.d/init.d/heimdal</filename> init script included
469	in the <xref linkend="bootscripts"/> package:</para>
470
471	<indexterm zone="heimdal heimdal-init">
472	<primary sortas="f-heimdal">heimdal</primary>
473	</indexterm>
474
475	<screen role="root"><userinput>make install-heimdal</userinput></screen>
476
477	</sect4>
478
479	<sect4>
480	<title>Using Kerberized Client Programs</title>
481
482	<para>To use the kerberized client programs (<command>telnet</command>,
483	<command>ftp</command>, <command>rsh</command>,
484	<command>rxterm</command>, <command>rxtelnet</command>,
485	<command>rcp</command>, <command>xnlock</command>), you first must get
486	a TGT. Use the <command>kinit</command> program to get the ticket.
487	After you've acquired the ticket, you can use the kerberized programs
488	to connect to any kerberized server on the network. You will not be
489	prompted for authentication until your ticket expires (default is one
490	day), unless you specify a different user as a command line argument
491	to the program.</para>
492
493	<para>The kerberized programs will connect to non-kerberized daemons,
494	warning you that authentication is not encrypted.</para>
495
496	<para>In order to use the <application>Heimdal</application>
497	<application>X</application> programs, you'll need to add a service
498	port entry to the <filename>/etc/services</filename> file for the
499	<command>kxd</command> server. There is no 'standardized port number'
500	for the 'kx' service in the IANA database, so you'll have to pick an
501	unused port number. Add an entry to the <filename>services</filename>
502	file similar to the entry below (substitute your chosen port number
503	for <replaceable><49150></replaceable>):</para>
504
505	<screen><literal>kx <replaceable><49150></replaceable>/tcp # Heimdal kerberos X
506	kx <replaceable><49150></replaceable>/udp # Heimdal kerberos X</literal></screen>
507
508	<para>For additional information consult <ulink
509	url="&hints-root;/downloads/files/heimdal.txt">the
510	Heimdal hint</ulink> on which the above instructions are based.</para>
511
512	</sect4>
513
514	</sect3>
515
516	</sect2>
517
518	<sect2 role="content">
519	<title>Contents</title>
520
521	<segmentedlist>
522	<segtitle>Installed Programs</segtitle>
523	<segtitle>Installed Libraries</segtitle>
524	<segtitle>Installed Directories</segtitle>
525
526	<seglistitem>
527	<seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
528	ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
529	kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
530	ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
531	push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
532	telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
533	and xnlock</seg>
534	<seg>libasn1.{so,a}, libeditline.{so,a}, libgssapi.{so,a},
535	libhdb.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
536	libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a}, libsl.{so,a}
537	and libss.{so,a}</seg>
538	<seg>/etc/heimdal, /usr/include/kadm5,
539	/usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
540	</seglistitem>
541	</segmentedlist>
542
543	<variablelist>
544	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
545	<?dbfo list-presentation="list"?>
546	<?dbhtml list-presentation="table"?>
547
548	<varlistentry id="afslog">
549	<term><command>afslog</command></term>
550	<listitem>
551	<para>obtains AFS tokens for a number of cells.</para>
552	<indexterm zone="heimdal afslog">
553	<primary sortas="b-afslog">afslog</primary>
554	</indexterm>
555	</listitem>
556	</varlistentry>
557
558	<varlistentry id="ftp">
559	<term><command>ftp</command></term>
560	<listitem>
561	<para>is a kerberized FTP client.</para>
562	<indexterm zone="heimdal ftp">
563	<primary sortas="b-ftp">ftp</primary>
564	</indexterm>
565	</listitem>
566	</varlistentry>
567
568	<varlistentry id="ftpd">
569	<term><command>ftpd</command></term>
570	<listitem>
571	<para>is a kerberized FTP daemon.</para>
572	<indexterm zone="heimdal ftpd">
573	<primary sortas="b-ftpd">ftpd</primary>
574	</indexterm>
575	</listitem>
576	</varlistentry>
577
578	<varlistentry id="hprop">
579	<term><command>hprop</command></term>
580	<listitem>
581	<para> takes a principal database in a specified format and converts
582	it into a stream of <application>Heimdal</application> database
583	records.</para>
584	<indexterm zone="heimdal hprop">
585	<primary sortas="b-hprop">hprop</primary>
586	</indexterm>
587	</listitem>
588	</varlistentry>
589
590	<varlistentry id="hpropd">
591	<term><command>hpropd</command></term>
592	<listitem>
593	<para>is a server that receives a database sent by
594	<command>hprop</command> and writes it as a local database.</para>
595	<indexterm zone="heimdal hpropd">
596	<primary sortas="b-hpropd">hpropd</primary>
597	</indexterm>
598	</listitem>
599	</varlistentry>
600
601	<varlistentry id="ipropd-master">
602	<term><command>ipropd-master</command></term>
603	<listitem>
604	<para>is a daemon which runs on the master KDC
605	server which incrementally propagates changes to the KDC
606	database to the slave KDC servers.</para>
607	<indexterm zone="heimdal ipropd-master">
608	<primary sortas="b-ipropd-master">ipropd-master</primary>
609	</indexterm>
610	</listitem>
611	</varlistentry>
612
613	<varlistentry id="ipropd-slave">
614	<term><command>ipropd-slave</command></term>
615	<listitem>
616	<para>is a daemon which runs on the slave KDC
617	servers which incrementally propagates changes to the KDC
618	database from the master KDC server.</para>
619	<indexterm zone="heimdal ipropd-slave">
620	<primary sortas="b-ipropd-slave">ipropd-slave</primary>
621	</indexterm>
622	</listitem>
623	</varlistentry>
624
625	<varlistentry id="kadmin">
626	<term><command>kadmin</command></term>
627	<listitem>
628	<para>is a utility used to make modifications to the Kerberos
629	database.</para>
630	<indexterm zone="heimdal kadmin">
631	<primary sortas="b-kadmin">kadmin</primary>
632	</indexterm>
633	</listitem>
634	</varlistentry>
635
636	<varlistentry id="kadmind">
637	<term><command>kadmind</command></term>
638	<listitem>
639	<para>is a server for administrative access to the Kerberos
640	database.</para>
641	<indexterm zone="heimdal kadmind">
642	<primary sortas="b-kadmind">kadmind</primary>
643	</indexterm>
644	</listitem>
645	</varlistentry>
646
647	<varlistentry id="kauth">
648	<term><command>kauth</command></term>
649	<listitem>
650	<para>is a symbolic link to the <command>kinit</command>
651	program.</para>
652	<indexterm zone="heimdal kauth">
653	<primary sortas="g-kauth">kauth</primary>
654	</indexterm>
655	</listitem>
656	</varlistentry>
657
658	<varlistentry id="kcm">
659	<term><command>kcm</command></term>
660	<listitem>
661	<para>is a process based credential cache for Kerberos
662	tickets.</para>
663	<indexterm zone="heimdal kcm">
664	<primary sortas="b-kcm">kcm</primary>
665	</indexterm>
666	</listitem>
667	</varlistentry>
668
669	<varlistentry id="kdc">
670	<term><command>kdc</command></term>
671	<listitem>
672	<para>is a Kerberos 5 server.</para>
673	<indexterm zone="heimdal kdc">
674	<primary sortas="b-kdc">kdc</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="kdestroy">
680	<term><command>kdestroy</command></term>
681	<listitem>
682	<para>removes a principle's current set of tickets.</para>
683	<indexterm zone="heimdal kdestroy">
684	<primary sortas="b-kdestroy">kdestroy</primary>
685	</indexterm>
686	</listitem>
687	</varlistentry>
688
689	<varlistentry id="kf">
690	<term><command>kf</command></term>
691	<listitem>
692	<para>is a program which forwards tickets to a remote host through
693	an authenticated and encrypted stream.</para>
694	<indexterm zone="heimdal kf">
695	<primary sortas="b-kf">kf</primary>
696	</indexterm>
697	</listitem>
698	</varlistentry>
699
700	<varlistentry id="kfd">
701	<term><command>kfd</command></term>
702	<listitem>
703	<para>is a server used to receive forwarded tickets.</para>
704	<indexterm zone="heimdal kfd">
705	<primary sortas="b-kfd">kfd</primary>
706	</indexterm>
707	</listitem>
708	</varlistentry>
709
710	<varlistentry id="kgetcred">
711	<term><command>kgetcred</command></term>
712	<listitem>
713	<para>obtains a ticket for a service.</para>
714	<indexterm zone="heimdal kgetcred">
715	<primary sortas="b-kgetcred">kgetcred</primary>
716	</indexterm>
717	</listitem>
718	</varlistentry>
719
720	<varlistentry id="kinit">
721	<term><command>kinit</command></term>
722	<listitem>
723	<para>is used to authenticate to the Kerberos server as a principal
724	and acquire a ticket granting ticket that can later be used to obtain
725	tickets for other services.</para>
726	<indexterm zone="heimdal kinit">
727	<primary sortas="b-kinit">kinit</primary>
728	</indexterm>
729	</listitem>
730	</varlistentry>
731
732	<varlistentry id="klist">
733	<term><command>klist</command></term>
734	<listitem>
735	<para>reads and displays the current tickets in the credential
736	cache.</para>
737	<indexterm zone="heimdal klist">
738	<primary sortas="b-klist">klist</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="kpasswd">
744	<term><command>kpasswd</command></term>
745	<listitem>
746	<para>is a program for changing Kerberos 5 passwords.</para>
747	<indexterm zone="heimdal kpasswd">
748	<primary sortas="b-kpasswd">kpasswd</primary>
749	</indexterm>
750	</listitem>
751	</varlistentry>
752
753	<varlistentry id="kpasswdd">
754	<term><command>kpasswdd</command></term>
755	<listitem>
756	<para>is a Kerberos 5 password changing server.</para>
757	<indexterm zone="heimdal kpasswdd">
758	<primary sortas="b-kpasswdd">kpasswdd</primary>
759	</indexterm>
760	</listitem>
761	</varlistentry>
762
763	<varlistentry id="krb5-config-prog">
764	<term><command>krb5-config</command></term>
765	<listitem>
766	<para>gives information on how to link programs against
767	<application>Heimdal</application> libraries.</para>
768	<indexterm zone="heimdal krb5-config-prog">
769	<primary sortas="b-krb5-config">krb5-config</primary>
770	</indexterm>
771	</listitem>
772	</varlistentry>
773
774	<varlistentry id="kstash">
775	<term><command>kstash</command></term>
776	<listitem>
777	<para>stores the KDC master password in a file.</para>
778	<indexterm zone="heimdal kstash">
779	<primary sortas="b-kstash">kstash</primary>
780	</indexterm>
781	</listitem>
782	</varlistentry>
783
784	<varlistentry id="ktutil">
785	<term><command>ktutil</command></term>
786	<listitem>
787	<para>is a program for managing Kerberos keytabs.</para>
788	<indexterm zone="heimdal ktutil">
789	<primary sortas="b-ktutil">ktutil</primary>
790	</indexterm>
791	</listitem>
792	</varlistentry>
793
794	<varlistentry id="kx">
795	<term><command>kx</command></term>
796	<listitem>
797	<para>is a program which securely forwards
798	<application>X</application> connections.</para>
799	<indexterm zone="heimdal kx">
800	<primary sortas="b-kx">kx</primary>
801	</indexterm>
802	</listitem>
803	</varlistentry>
804
805	<varlistentry id="kxd">
806	<term><command>kxd</command></term>
807	<listitem>
808	<para>is the daemon for <command>kx</command>.</para>
809	<indexterm zone="heimdal kxd">
810	<primary sortas="b-kxd">kxd</primary>
811	</indexterm>
812	</listitem>
813	</varlistentry>
814
815	<varlistentry id="login">
816	<term><command>login</command></term>
817	<listitem>
818	<para>is a kerberized login program.</para>
819	<indexterm zone="heimdal login">
820	<primary sortas="b-login">login</primary>
821	</indexterm>
822	</listitem>
823	</varlistentry>
824
825	<varlistentry id="otp">
826	<term><command>otp</command></term>
827	<listitem>
828	<para>manages one-time passwords.</para>
829	<indexterm zone="heimdal otp">
830	<primary sortas="b-otp">otp</primary>
831	</indexterm>
832	</listitem>
833	</varlistentry>
834
835	<varlistentry id="otpprint">
836	<term><command>otpprint</command></term>
837	<listitem>
838	<para>prints lists of one-time passwords.</para>
839	<indexterm zone="heimdal otpprint">
840	<primary sortas="b-otpprint">otpprint</primary>
841	</indexterm>
842	</listitem>
843	</varlistentry>
844
845	<varlistentry id="pfrom">
846	<term><command>pfrom</command></term>
847	<listitem>
848	<para>is a script that runs <command>push --from</command>.</para>
849	<indexterm zone="heimdal pfrom">
850	<primary sortas="b-pfrom">pfrom</primary>
851	</indexterm>
852	</listitem>
853	</varlistentry>
854
855	<varlistentry id="popper">
856	<term><command>popper</command></term>
857	<listitem>
858	<para>is a kerberized POP-3 server.</para>
859	<indexterm zone="heimdal popper">
860	<primary sortas="b-popper">popper</primary>
861	</indexterm>
862	</listitem>
863	</varlistentry>
864
865	<varlistentry id="push">
866	<term><command>push</command></term>
867	<listitem>
868	<para>is a kerberized POP mail retrieval client.</para>
869	<indexterm zone="heimdal push">
870	<primary sortas="b-push">push</primary>
871	</indexterm>
872	</listitem>
873	</varlistentry>
874
875	<varlistentry id="rcp">
876	<term><command>rcp</command></term>
877	<listitem>
878	<para>is a kerberized rcp client program.</para>
879	<indexterm zone="heimdal rcp">
880	<primary sortas="b-rcp">rcp</primary>
881	</indexterm>
882	</listitem>
883	</varlistentry>
884
885	<varlistentry id="rsh">
886	<term><command>rsh</command></term>
887	<listitem>
888	<para>is a kerberized rsh client program.</para>
889	<indexterm zone="heimdal rsh">
890	<primary sortas="b-rsh">rsh</primary>
891	</indexterm>
892	</listitem>
893	</varlistentry>
894
895	<varlistentry id="rshd">
896	<term><command>rshd</command></term>
897	<listitem>
898	<para>is a kerberized rsh server.</para>
899	<indexterm zone="heimdal rshd">
900	<primary sortas="b-rshd">rshd</primary>
901	</indexterm>
902	</listitem>
903	</varlistentry>
904
905	<varlistentry id="rxtelnet">
906	<term><command>rxtelnet</command></term>
907	<listitem>
908	<para>starts a secure <command>xterm</command> window with a
909	<command>telnet</command> to a given host and forwards
910	<application>X</application> connections.</para>
911	<indexterm zone="heimdal rxtelnet">
912	<primary sortas="b-rxtelnet">rxtelnet</primary>
913	</indexterm>
914	</listitem>
915	</varlistentry>
916
917	<varlistentry id="rxterm">
918	<term><command>rxterm</command></term>
919	<listitem>
920	<para>starts a secure remote <command>xterm</command>.</para>
921	<indexterm zone="heimdal rxterm">
922	<primary sortas="b-rxterm">rxterm</primary>
923	</indexterm>
924	</listitem>
925	</varlistentry>
926
927	<varlistentry id="string2key">
928	<term><command>string2key</command></term>
929	<listitem>
930	<para>maps a password into a key.</para>
931	<indexterm zone="heimdal string2key">
932	<primary sortas="b-string2key">string2key</primary>
933	</indexterm>
934	</listitem>
935	</varlistentry>
936
937	<varlistentry id="su">
938	<term><command>su</command></term>
939	<listitem>
940	<para>is a kerberized su client program.</para>
941	<indexterm zone="heimdal su">
942	<primary sortas="b-su">su</primary>
943	</indexterm>
944	</listitem>
945	</varlistentry>
946
947	<varlistentry id="telnet">
948	<term><command>telnet</command></term>
949	<listitem>
950	<para>is a kerberized telnet client program.</para>
951	<indexterm zone="heimdal telnet">
952	<primary sortas="b-telnet">telnet</primary>
953	</indexterm>
954	</listitem>
955	</varlistentry>
956
957	<varlistentry id="telnetd">
958	<term><command>telnetd</command></term>
959	<listitem>
960	<para>is a kerberized telnet server.</para>
961	<indexterm zone="heimdal telnetd">
962	<primary sortas="b-telnetd">telnetd</primary>
963	</indexterm>
964	</listitem>
965	</varlistentry>
966
967	<varlistentry id="tenletxr">
968	<term><command>tenletxr</command></term>
969	<listitem>
970	<para>forwards <application>X</application> connections
971	backwards.</para>
972	<indexterm zone="heimdal tenletxr">
973	<primary sortas="b-tenletxr">tenletxr</primary>
974	</indexterm>
975	</listitem>
976	</varlistentry>
977
978	<varlistentry id="verify_krb5_conf">
979	<term><command>verify_krb5_conf</command></term>
980	<listitem>
981	<para>checks <filename>krb5.conf</filename> file for obvious
982	errors.</para>
983	<indexterm zone="heimdal verify_krb5_conf">
984	<primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
985	</indexterm>
986	</listitem>
987	</varlistentry>
988
989	<varlistentry id="xnlock">
990	<term><command>xnlock</command></term>
991	<listitem>
992	<para>is a program that acts as a secure screen saver for
993	workstations running <application>X</application>.</para>
994	<indexterm zone="heimdal xnlock">
995	<primary sortas="b-xnlock">xnlock</primary>
996	</indexterm>
997	</listitem>
998	</varlistentry>
999
1000	<varlistentry id="libasn1">
1001	<term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1002	<listitem>
1003	<para>provides the ASN.1 and DER functions to encode and decode
1004	the Kerberos TGTs.</para>
1005	<indexterm zone="heimdal libasn1">
1006	<primary sortas="c-libasn1">libasn1.{so,a}</primary>
1007	</indexterm>
1008	</listitem>
1009	</varlistentry>
1010
1011	<varlistentry id="libeditline">
1012	<term><filename class='libraryfile'>libeditline.a</filename></term>
1013	<listitem>
1014	<para>is a command-line editing library with history.</para>
1015	<indexterm zone="heimdal libeditline">
1016	<primary sortas="c-libeditline">libeditline.a</primary>
1017	</indexterm>
1018	</listitem>
1019	</varlistentry>
1020
1021	<varlistentry id="libgssapi">
1022	<term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1023	<listitem>
1024	<para>contain the Generic Security Service Application Programming
1025	Interface (GSSAPI) functions which provides security
1026	services to callers in a generic fashion, supportable with a range of
1027	underlying mechanisms and technologies and hence allowing source-level
1028	portability of applications to different environments.</para>
1029	<indexterm zone="heimdal libgssapi">
1030	<primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1031	</indexterm>
1032	</listitem>
1033	</varlistentry>
1034
1035	<varlistentry id="libhdb">
1036	<term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1037	<listitem>
1038	<para>is a <application>Heimdal</application> Kerberos 5
1039	authentication/authorization database access library.</para>
1040	<indexterm zone="heimdal libhdb">
1041	<primary sortas="c-libhdb">libhdb.{so,a}</primary>
1042	</indexterm>
1043	</listitem>
1044	</varlistentry>
1045
1046	<varlistentry id="libkadm5clnt">
1047	<term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1048	<listitem>
1049	<para>contains the administrative authentication and password
1050	checking functions required by Kerberos 5 client-side programs.</para>
1051	<indexterm zone="heimdal libkadm5clnt">
1052	<primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1053	</indexterm>
1054	</listitem>
1055	</varlistentry>
1056
1057	<varlistentry id="libkadm5srv">
1058	<term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1059	<listitem>
1060	<para>contain the administrative authentication and password
1061	checking functions required by Kerberos 5 servers.</para>
1062	<indexterm zone="heimdal libkadm5srv">
1063	<primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1064	</indexterm>
1065	</listitem>
1066	</varlistentry>
1067
1068	<varlistentry id="libkafs">
1069	<term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1070	<listitem>
1071	<para>contains the functions required to authenticated to AFS.</para>
1072	<indexterm zone="heimdal libkafs">
1073	<primary sortas="c-libkafs">libkafs.{so,a}</primary>
1074	</indexterm>
1075	</listitem>
1076	</varlistentry>
1077
1078	<varlistentry id="libkrb5">
1079	<term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1080	<listitem>
1081	<para>is an all-purpose Kerberos 5 library.</para>
1082	<indexterm zone="heimdal libkrb5">
1083	<primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1084	</indexterm>
1085	</listitem>
1086	</varlistentry>
1087
1088	<varlistentry id="libotp">
1089	<term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1090	<listitem>
1091	<para>contains the functions required to handle authenticating
1092	one time passwords.</para>
1093	<indexterm zone="heimdal libotp">
1094	<primary sortas="c-libotp">libotp.{so,a}</primary>
1095	</indexterm>
1096	</listitem>
1097	</varlistentry>
1098
1099	<varlistentry id="libroken">
1100	<term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1101	<listitem>
1102	<para>is a library containing Kerberos 5 compatibility
1103	functions.</para>
1104	<indexterm zone="heimdal libroken">
1105	<primary sortas="c-libroken">libroken.{so,a}</primary>
1106	</indexterm>
1107	</listitem>
1108	</varlistentry>
1109
1110	</variablelist>
1111
1112	</sect2>
1113
1114	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/heimdal.xml@ 138eff3

Download in other formats: