source: postlfs/security/heimdal.xml@ 2bca724d

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 2bca724d was 2bca724d, checked in by Randy McMurchy <randy@…>, 14 years ago

Updated to Heimdal-1.3.1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8325 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 46.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "4ce17deae040a3519e542f48fd901f21">
10 <!ENTITY heimdal-size "5.6 MB">
11 <!ENTITY heimdal-buildsize "200 MB">
12 <!ENTITY heimdal-time "4.0 SBU (additional 2.5 SBU to run the test suite)">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <warning>
33 <para>In its current condition, building <application>Heimdal</application>
34 will overwrite <filename class='libraryfile'>/usr/lib/libcom_err.so</filename>
35 and install an additional
36 <filename class='libraryfile'>libcom_err</filename> library in
37 <filename class='directory'>/usr/lib</filename>. This will directly
38 conflict with the <filename class='libraryfile'>/lib/libcom_err</filename>
39 library installed by the <application>E2fsprogs</application> package in LFS.
40 Both upstream maintainers are aware of the problem and both have taken action
41 to eliminate this condition. However, the combination that currently exists
42 will cause this problem.</para>
43
44 <para>There is a fix for the problem, but it will require you to recompile
45 the LFS <application>E2fsprogs</application> package with a patch. The patch is
46 located at <ulink url="&patch-root;/e2fsprogs-1.41.8-heimdal_compat-1.patch"/>.
47 Download the patch, and while you are still in the
48 <filename class='directory'>e2fsprogs-&lfs-e2fsprogs-version;</filename>
49 source directory, install it using the command:</para>
50
51 <screen><userinput>patch -Np1 -i ../e2fsprogs-1.41.8-heimdal_compat-1.patch</userinput></screen>
52
53 <para>Then follow the existing instructions to build
54 <application>E2fsprogs</application> located at
55 <ulink url="&lfs-root;/chapter06/e2fsprogs.html"/>. After
56 recompiling <application>E2fsprogs</application>, you are now ready to
57 install <application>Heimdal</application>.</para>
58 </warning>
59
60 <para><application>Heimdal</application> is a free implementation
61 of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
62 backward compatible with Kerberos 4. Kerberos is a network authentication
63 protocol. Basically it preserves the integrity of passwords in any
64 untrusted network (like the Internet). Kerberized applications work
65 hand-in-hand with sites that support Kerberos to ensure that passwords
66 cannot be stolen or compromised. A Kerberos installation will make changes
67 to the authentication mechanisms on your network and will overwrite several
68 programs and daemons from the <application>Shadow</application>,
69 <application>Inetutils</application> and
70 <application>Qpopper</application> packages. See
71 <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
72 all the files and commands to rename each of them.</para>
73
74 <bridgehead renderas="sect3">Package Information</bridgehead>
75 <itemizedlist spacing="compact">
76 <listitem>
77 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
78 </listitem>
79 <listitem>
80 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
81 </listitem>
82 <listitem>
83 <para>Download MD5 sum: &heimdal-md5sum;</para>
84 </listitem>
85 <listitem>
86 <para>Download size: &heimdal-size;</para>
87 </listitem>
88 <listitem>
89 <para>Estimated disk space required: &heimdal-buildsize;</para>
90 </listitem>
91 <listitem>
92 <para>Estimated build time: &heimdal-time;</para>
93 </listitem>
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
97 <itemizedlist spacing='compact'>
98 <listitem>
99 <para>Required Patch: <ulink
100 url="&patch-root;/heimdal-&heimdal-version;-blfs_docs-1.patch"/></para>
101 </listitem>
102 <!-- <listitem>
103 <para>Required Patch: <ulink
104 url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
105 </listitem> -->
106 </itemizedlist>
107
108 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
109
110 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
111 <para role="required">
112 <xref linkend="db"/> (recommended) or GDBM (GDBM is installed in LFS)</para>
113 <!-- <xref linkend="db"/> is recommended (installed in LFS)
114 or <xref linkend="gdbm"/></para> -->
115
116 <bridgehead renderas="sect4">Recommended</bridgehead>
117 <para role="recommended"><xref linkend="openssl"/></para>
118
119 <bridgehead renderas="sect4">Optional</bridgehead>
120 <para role="optional"><xref linkend="linux-pam"/>,
121 <xref linkend="openldap"/>,
122 <xref linkend="x-window-system"/>, and
123 <ulink url="http://packages.debian.org/stable/source/libcap">libcap</ulink></para>
124
125 <note>
126 <para>Some sort of time synchronization facility on your system
127 (like <xref linkend="ntp"/>) is required since Kerberos won't
128 authenticate if the time differential between a kerberized client
129 and the KDC server is more than 5 minutes.</para>
130 </note>
131
132 <para condition="html" role="usernotes">User Notes:
133 <ulink url="&blfs-wiki;/heimdal"/></para>
134
135 </sect2>
136
137 <sect2 role="installation">
138 <title>Installation of Heimdal</title>
139
140 <warning>
141 <para>Ensure you really need a Kerberos installation before you decide
142 to install this package. Failure to install and configure the package
143 correctly can alter your system so that users cannot log in.</para>
144 </warning>
145
146 <para>Install <application>Heimdal</application> by running the following
147 commands:</para>
148
149<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-blfs_docs-1.patch &amp;&amp;
150
151./configure --prefix=/usr \
152 --sysconfdir=/etc/heimdal \
153 --libexecdir=/usr/sbin \
154 --localstatedir=/var/lib/heimdal \
155 --datadir=/var/lib/heimdal \
156 --with-hdbdir=/var/lib/heimdal \
157 --with-readline=/usr \
158 --enable-kcm &amp;&amp;
159make</userinput></screen>
160
161 <para>If you have <xref linkend="tetex"/> installed and wish to create
162 alternate forms of the documentation, change into the
163 <filename class='directory'>doc</filename> directory and issue any or all
164 of the following commands (the <command>makeinfo</command> commands do not
165 require a <application>teTex</application> installation:</para>
166
167<screen><userinput>pushd doc &amp;&amp;
168
169make html &amp;&amp;
170
171texi2pdf heimdal.texi &amp;&amp;
172texi2dvi heimdal.texi &amp;&amp;
173dvips -o heimdal.ps heimdal.dvi &amp;&amp;
174makeinfo --plaintext -o heimdal.txt heimdal.texi &amp;&amp;
175
176texi2pdf hx509.texi &amp;&amp;
177texi2dvi hx509.texi &amp;&amp;
178dvips -o hx509.ps hx509.dvi &amp;&amp;
179makeinfo --plaintext -o hx509.txt hx509.texi &amp;&amp;
180
181popd</userinput></screen>
182
183 <para>To test the results, issue: <command>make -k check</command>. The
184 <command>check-ipropd</command> test is known to fail but all others should
185 pass.</para>
186
187 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
188
189<!-- <screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
190mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &amp;&amp;
191mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &amp;&amp;
192mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.e2fsprogs &amp;&amp;
193-->
194
195<screen role="root"><userinput>make install &amp;&amp;
196
197install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
198install -v -m644 doc/{init-creds,layman.asc} \
199 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
200
201ln -sfv mech.5 /usr/share/man/man5/qop.5 &amp;&amp;
202ln -sfv ../man5/mech.5 /usr/share/man/cat5/qop.5 &amp;&amp;
203ln -sfv ../man5/mech.5 /usr/share/man/cat5 &amp;&amp;
204
205mv -v /bin/login /bin/login.SHADOW &amp;&amp;
206mv -v /bin/su /bin/su.SHADOW &amp;&amp;
207mv -v /usr/bin/{login,su} /bin &amp;&amp;
208ln -v -sf ../../bin/login /usr/bin &amp;&amp;
209
210for LINK in \
211 lib{otp,kafs,krb5,hx509,asn1,roken,crypto,heimsqlite,wind}; do
212 mv -v /usr/lib/${LINK}.so.* /lib &amp;&amp;
213 ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
214 /usr/lib/${LINK}.so
215done &amp;&amp;
216
217mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
218 /usr/lib/libdb-?.so \
219 /lib &amp;&amp;
220ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
221 /usr/lib/libdb.so &amp;&amp;
222
223ldconfig</userinput></screen>
224
225<!-- mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.heimdal &amp;&amp;
226mv -v /usr/include/ss/ss.h.e2fsprogs /usr/include/ss/ss.h &amp;&amp;
227mv -v /usr/lib/libss.a /usr/lib/libss.a.heimdal &amp;&amp;
228mv -v /usr/lib/libss.a.e2fsprogs /usr/lib/libss.a &amp;&amp;
229mv -v /usr/lib/libss.so /usr/lib/libss.so.heimdal &amp;&amp;
230mv -v /usr/lib/libss.so.e2fsprogs /usr/lib/libss.so &amp;&amp;
231mv -v /usr/lib/libss.la /usr/lib/libss.la.heimdal &amp;&amp;
232mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.heimdal &amp;&amp;
233mv -v /usr/bin/mk_cmds.e2fsprogs /usr/bin/mk_cmds &amp;&amp; -->
234
235 <para>If you built any of the alternate forms of documentation, install it
236 using the following commands as the
237 <systemitem class="username">root</systemitem> user:</para>
238
239<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf,html,txt} \
240 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
241
242 <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
243 strong passwords in the KDC database, issue the following commands as the
244 <systemitem class="username">root</systemitem> user:</para>
245
246<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
247 -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
248 -e 's|/var/heimdal|/var/lib/heimdal|' \
249 lib/kadm5/check-cracklib.pl \
250 > /bin/krb5-check-cracklib.pl &amp;&amp;
251
252chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
253
254 </sect2>
255
256 <sect2 role="commands">
257 <title>Command Explanations</title>
258
259 <!-- <para><command>mv -v /usr/include/...</command>,
260 <command>mv -v /usr/lib/libss.* ...</command> and
261 <command>mv -v /usr/bin/mk_cmds ...</command>: The
262 <application>Heimdal</application> installation will overwrite an
263 interface header, static library, library symbolic link and a
264 shell script from the
265 <application>E2fsprogs</application> package. These commands rename the
266 original files before the installation, and then restore them (after
267 renaming the new <application>Heimdal</application> files) after the
268 installation.</para> -->
269
270 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
271 the daemon programs to be installed into
272 <filename class="directory">/usr/sbin</filename>.</para>
273
274 <tip>
275 <para>If you want to preserve all your existing
276 <application>Inetutils</application> package daemons, install the
277 <application>Heimdal</application> daemons into
278 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
279 you want). Since these programs will be called from
280 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
281 really doesn't matter where they are installed, as long as they are
282 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
283 and <filename>rc</filename> scripts. If you choose something other than
284 <filename class="directory">/usr/sbin</filename>, you may want to move
285 some of the user programs (such as <command>kadmin</command>) to
286 <filename class="directory">/usr/sbin</filename> manually so they'll be
287 in the privileged user's default <envar>PATH</envar>.</para>
288 </tip>
289
290 <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
291 <parameter>--datadir=/var/lib/heimdal</parameter> and
292 <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
293 are used so that the KDC database and associated files will all reside
294 in <filename class='directory'>/var/lib/heimdal</filename>.</para>
295
296 <para><parameter>--with-readline=/usr</parameter>: This parameter must be
297 used so that the <command>configure</command> script properly locates the
298 installed <application>Readline</application> package.</para>
299
300 <para><parameter>--enable-kcm</parameter>: This parameter enables building
301 the Kerberos Credentials Manager.</para>
302
303 <para><command>ln -sfv .../mech.5 /usr/share/man/...</command>: These
304 commands are used to fix some broken symbolic links.</para>
305
306 <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
307 and <command> ln ... /usr/bin</command>: The <command>login</command>
308 and <command>su</command> programs installed by
309 <application>Heimdal</application> belong in the
310 <filename class="directory">/bin</filename> directory. The
311 <command>login</command> program is symlinked because
312 <application>Heimdal</application> is expecting to find it in
313 <filename class="directory">/usr/bin</filename>. The old executables from
314 the <application>Shadow</application> package are preserved before the move
315 so that they can be restored if you experience problems logging into the
316 system after the <application>Heimdal</application> package is installed
317 and configured.</para>
318
319 <para><command>for LINK in ...; do ...; done</command>,
320 <command>mv ... /lib</command> and
321 <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
322 and <command>su</command> programs previously moved into the
323 <filename class='directory'>/lib</filename> directory link against
324 <application>Heimdal</application> libraries as well as libraries provided
325 by the <application>OpenSSL</application> and
326 <application>Berkeley DB</application> packages. These
327 libraries are also moved to <filename class="directory">/lib</filename>
328 so they are FHS compliant and also in case
329 <filename class="directory">/usr</filename> is located on a separate
330 partition which may not always be mounted.</para>
331
332 </sect2>
333
334 <sect2 role="configuration">
335 <title>Configuring Heimdal</title>
336
337 <sect3 id="heimdal-config">
338 <title>Config Files</title>
339
340 <para><filename>/etc/heimdal/*</filename></para>
341
342 <indexterm zone="heimdal heimdal-config">
343 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
344 </indexterm>
345
346 </sect3>
347
348 <sect3>
349 <title>Configuration Information</title>
350
351 <note>
352 <para>All the configuration steps shown below must be accomplished
353 by the <systemitem class='username'>root</systemitem> user unless
354 otherwise noted.</para>
355 </note>
356
357 <sect4>
358 <title>Master KDC Server Configuration</title>
359
360 <para>Many of the commands below use
361 <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
362 where you need to substitute information specific to your network.
363 Ensure you replace everything in these tags (there will be no angle
364 brackets when you are done) with your site-specific information.</para>
365
366 <para>Create the Kerberos configuration file with the following
367 commands:</para>
368
369<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
370cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
371<literal># Begin /etc/heimdal/krb5.conf
372
373[libdefaults]
374 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
375 encrypt = true
376
377[realms]
378 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
379 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
380 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
381 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
382 }
383
384[domain_realm]
385 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
386
387[logging]
388 kdc = FILE:/var/log/kdc.log
389 admin_server = FILE:/var/log/kadmin.log
390 default = FILE:/var/log/krb.log
391
392# End /etc/heimdal/krb5.conf</literal>
393EOF
394chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
395
396 <para>You will need to substitute your domain and proper hostname
397 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
398 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
399
400 <para><option>default_realm</option> should be the name of your
401 domain changed to ALL CAPS. This isn't required, but both
402 <application>Heimdal</application> and <application>MIT
403 Kerberos</application> recommend it.</para>
404
405 <para><option>encrypt = true</option> provides encryption of all
406 traffic between kerberized clients and servers. It's not necessary
407 and can be left off. If you leave it off, you can encrypt all traffic
408 from the client to the server using a switch on the client program
409 instead. The <option>[realms]</option> parameters tell the client
410 programs where to look for the KDC authentication services. The
411 <option>[domain_realm]</option> section maps a domain
412 to a realm.</para>
413
414 <para>Store the master password in a key file using the following
415 commands:</para>
416
417<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
418kstash</userinput></screen>
419
420 <para>Create the KDC database:</para>
421
422<screen role="root"><userinput>kadmin -l</userinput></screen>
423
424 <para>The commands below will prompt you for information about the
425 principles. Choose the defaults for now unless you know what you are
426 doing and need to specify different values. You can go in later and
427 change the defaults, should you feel the need. You may use the up and
428 down arrow keys to use the history feature of <command>kadmin</command>
429 in a similar manner as the <command>bash</command> history
430 feature.</para>
431
432 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
433 statement:</para>
434
435<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
436
437 <para>The database must now be populated with at least one principle
438 (user). For now, just use your regular login name or root. You may
439 create as few, or as many principles as you wish using the following
440 statement:</para>
441
442<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
443
444 <para>The KDC server and any machine running kerberized
445 server daemons must have a host key installed:</para>
446
447<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
448
449 <para>After choosing the defaults when prompted, you will have to
450 export the data to a keytab file:</para>
451
452<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
453
454 <para>This should have created two files in
455 <filename class="directory">/etc/heimdal</filename>:
456 <filename>krb5.keytab</filename> (Kerberos 5) and
457 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
458 (root rw only) permissions. Keeping the keytab files from public access
459 is crucial to the overall security of the Kerberos installation.</para>
460
461 <para>Eventually, you'll want to add server daemon principles to the
462 database and extract them to the keytab file. You do this in the same
463 way you created the host principles. Below is an example:</para>
464
465<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
466
467 <para>(choose the defaults)</para>
468
469<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
470
471 <para>Exit the <command>kadmin</command> program (use
472 <command>quit</command> or <command>exit</command>) and return back
473 to the shell prompt. Start the KDC daemon manually, just to test out
474 the installation:</para>
475
476<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
477
478 <para>Attempt to get a TGT (ticket granting ticket) with
479 the following command:</para>
480
481<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
482
483 <para>You will be prompted for the password you created. After you get
484 your ticket, you should list it with the following command:</para>
485
486<screen><userinput>klist</userinput></screen>
487
488 <para>Information about the ticket should be displayed on
489 the screen.</para>
490
491 <para>To test the functionality of the <filename>keytab</filename> file,
492 issue the following command:</para>
493
494<screen><userinput>ktutil list</userinput></screen>
495
496 <para>This should dump a list of the host principals, along with the
497 encryption methods used to access the principals.</para>
498
499 <para>At this point, if everything has been successful so far, you
500 can feel fairly confident in the installation, setup and configuration
501 of your new <application>Heimdal</application> Kerberos 5
502 installation.</para>
503
504 <para>If you wish to use the <xref linkend="cracklib"/> library to
505 enforce strong passwords in the KDC database, you must do two things.
506 First, add the following lines to the
507 <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
508
509<screen><literal>[password_quality]
510 policies = builtin:external-check
511 external_program = /bin/krb5-check-cracklib.pl</literal></screen>
512
513 <para>Next you must install the
514 <application>Crypt::Cracklib</application>
515 <application>Perl</application> module. Download it from the CPAN
516 site. The URL at the time of this writing is <ulink
517 url="http://cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.2.tar.gz"/>.
518 After unpacking the tarball and changing into the newly created
519 directory, issue the following command to add the BLFS
520 <application>Cracklib</application> dictionary location to one of the
521 source files:</para>
522
523<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
524
525 <para>Then use the standard <command>perl Makefile.PL</command>;
526 <command>make</command>; <command>make test</command>;
527 <command>make install</command> commands. Note that one test fails
528 due to an unknown reason.</para>
529
530 <para id="heimdal-init">Install the
531 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
532 in the <xref linkend="bootscripts"/> package:</para>
533
534 <indexterm zone="heimdal heimdal-init">
535 <primary sortas="f-heimdal">heimdal</primary>
536 </indexterm>
537
538<screen role="root"><userinput>make install-heimdal</userinput></screen>
539
540 </sect4>
541
542 <sect4>
543 <title>Using Kerberized Client Programs</title>
544
545 <para>To use the kerberized client programs (<command>telnet</command>,
546 <command>ftp</command>, <command>rsh</command>,
547 <command>rxterm</command>, <command>rxtelnet</command>,
548 <command>rcp</command>, <command>xnlock</command>), you first must get
549 a TGT. Use the <command>kinit</command> program to get the ticket.
550 After you've acquired the ticket, you can use the kerberized programs
551 to connect to any kerberized server on the network. You will not be
552 prompted for authentication until your ticket expires (default is one
553 day), unless you specify a different user as a command line argument
554 to the program.</para>
555
556 <para>The kerberized programs will connect to non-kerberized daemons,
557 warning you that authentication is not encrypted.</para>
558
559 <para>In order to use the <application>Heimdal</application>
560 <application>X</application> programs, you'll need to add a service
561 port entry to the <filename>/etc/services</filename> file for the
562 <command>kxd</command> server. There is no 'standardized port number'
563 for the 'kx' service in the IANA database, so you'll have to pick an
564 unused port number. Add an entry to the <filename>services</filename>
565 file similar to the entry below (substitute your chosen port number
566 for <replaceable>&lt;49150&gt;</replaceable>):</para>
567
568<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
569kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
570
571 <para>For additional information consult <ulink
572 url="&hints-root;/downloads/files/heimdal.txt">the
573 Heimdal hint</ulink> on which the above instructions are based.</para>
574
575 </sect4>
576
577 </sect3>
578
579 </sect2>
580
581 <sect2 role="content">
582 <title>Contents</title>
583
584 <segmentedlist>
585 <segtitle>Installed Programs</segtitle>
586 <segtitle>Installed Libraries</segtitle>
587 <segtitle>Installed Directories</segtitle>
588
589 <seglistitem>
590 <seg>afslog, ftp, ftpd, gss, hprop, hpropd, hxtool, iprop-log,
591 ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
592 kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
593 kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
594 ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
595 popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
596 telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
597
598 <seg>hdb_ldap.{so,a}, libasn1.{so,a}, libeditline.{so,a},
599 libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
600 libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
601 libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
602 libsl.{so,a}, libss-krb5.{so,a} and windc.{so,a}</seg>
603
604 <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
605 /usr/include/krb5, /usr/include/roken, /usr/include/ss,
606 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
607 </seglistitem>
608 </segmentedlist>
609
610 <variablelist>
611 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
612 <?dbfo list-presentation="list"?>
613 <?dbhtml list-presentation="table"?>
614
615 <varlistentry id="afslog">
616 <term><command>afslog</command></term>
617 <listitem>
618 <para>obtains AFS tokens for a number of cells.</para>
619 <indexterm zone="heimdal afslog">
620 <primary sortas="b-afslog">afslog</primary>
621 </indexterm>
622 </listitem>
623 </varlistentry>
624
625 <varlistentry id="ftp">
626 <term><command>ftp</command></term>
627 <listitem>
628 <para>is a kerberized FTP client.</para>
629 <indexterm zone="heimdal ftp">
630 <primary sortas="b-ftp">ftp</primary>
631 </indexterm>
632 </listitem>
633 </varlistentry>
634
635 <varlistentry id="ftpd">
636 <term><command>ftpd</command></term>
637 <listitem>
638 <para>is a kerberized FTP daemon.</para>
639 <indexterm zone="heimdal ftpd">
640 <primary sortas="b-ftpd">ftpd</primary>
641 </indexterm>
642 </listitem>
643 </varlistentry>
644
645 <varlistentry id="hprop">
646 <term><command>hprop</command></term>
647 <listitem>
648 <para> takes a principal database in a specified format and converts
649 it into a stream of <application>Heimdal</application> database
650 records.</para>
651 <indexterm zone="heimdal hprop">
652 <primary sortas="b-hprop">hprop</primary>
653 </indexterm>
654 </listitem>
655 </varlistentry>
656
657 <varlistentry id="hpropd">
658 <term><command>hpropd</command></term>
659 <listitem>
660 <para>is a server that receives a database sent by
661 <command>hprop</command> and writes it as a local database.</para>
662 <indexterm zone="heimdal hpropd">
663 <primary sortas="b-hpropd">hpropd</primary>
664 </indexterm>
665 </listitem>
666 </varlistentry>
667
668 <varlistentry id="iprop-log">
669 <term><command>iprop-log</command></term>
670 <listitem>
671 <para>is used to maintain the iprop log file.</para>
672 <indexterm zone="heimdal iprop-log">
673 <primary sortas="b-iprop-log">iprop-log</primary>
674 </indexterm>
675 </listitem>
676 </varlistentry>
677
678 <varlistentry id="ipropd-master">
679 <term><command>ipropd-master</command></term>
680 <listitem>
681 <para>is a daemon which runs on the master KDC
682 server which incrementally propagates changes to the KDC
683 database to the slave KDC servers.</para>
684 <indexterm zone="heimdal ipropd-master">
685 <primary sortas="b-ipropd-master">ipropd-master</primary>
686 </indexterm>
687 </listitem>
688 </varlistentry>
689
690 <varlistentry id="ipropd-slave">
691 <term><command>ipropd-slave</command></term>
692 <listitem>
693 <para>is a daemon which runs on the slave KDC
694 servers which incrementally propagates changes to the KDC
695 database from the master KDC server.</para>
696 <indexterm zone="heimdal ipropd-slave">
697 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
698 </indexterm>
699 </listitem>
700 </varlistentry>
701
702 <varlistentry id="kadmin">
703 <term><command>kadmin</command></term>
704 <listitem>
705 <para>is a utility used to make modifications to the Kerberos
706 database.</para>
707 <indexterm zone="heimdal kadmin">
708 <primary sortas="b-kadmin">kadmin</primary>
709 </indexterm>
710 </listitem>
711 </varlistentry>
712
713 <varlistentry id="kadmind">
714 <term><command>kadmind</command></term>
715 <listitem>
716 <para>is a server for administrative access to the Kerberos
717 database.</para>
718 <indexterm zone="heimdal kadmind">
719 <primary sortas="b-kadmind">kadmind</primary>
720 </indexterm>
721 </listitem>
722 </varlistentry>
723
724 <varlistentry id="kauth">
725 <term><command>kauth</command></term>
726 <listitem>
727 <para>is a symbolic link to the <command>kinit</command>
728 program.</para>
729 <indexterm zone="heimdal kauth">
730 <primary sortas="g-kauth">kauth</primary>
731 </indexterm>
732 </listitem>
733 </varlistentry>
734
735 <varlistentry id="kcm">
736 <term><command>kcm</command></term>
737 <listitem>
738 <para>is a process based credential cache for Kerberos
739 tickets.</para>
740 <indexterm zone="heimdal kcm">
741 <primary sortas="b-kcm">kcm</primary>
742 </indexterm>
743 </listitem>
744 </varlistentry>
745
746 <varlistentry id="kdc">
747 <term><command>kdc</command></term>
748 <listitem>
749 <para>is a Kerberos 5 server.</para>
750 <indexterm zone="heimdal kdc">
751 <primary sortas="b-kdc">kdc</primary>
752 </indexterm>
753 </listitem>
754 </varlistentry>
755
756 <varlistentry id="kdestroy">
757 <term><command>kdestroy</command></term>
758 <listitem>
759 <para>removes a principle's current set of tickets.</para>
760 <indexterm zone="heimdal kdestroy">
761 <primary sortas="b-kdestroy">kdestroy</primary>
762 </indexterm>
763 </listitem>
764 </varlistentry>
765
766 <varlistentry id="kf">
767 <term><command>kf</command></term>
768 <listitem>
769 <para>is a program which forwards tickets to a remote host through
770 an authenticated and encrypted stream.</para>
771 <indexterm zone="heimdal kf">
772 <primary sortas="b-kf">kf</primary>
773 </indexterm>
774 </listitem>
775 </varlistentry>
776
777 <varlistentry id="kfd">
778 <term><command>kfd</command></term>
779 <listitem>
780 <para>is a server used to receive forwarded tickets.</para>
781 <indexterm zone="heimdal kfd">
782 <primary sortas="b-kfd">kfd</primary>
783 </indexterm>
784 </listitem>
785 </varlistentry>
786
787 <varlistentry id="kgetcred">
788 <term><command>kgetcred</command></term>
789 <listitem>
790 <para>obtains a ticket for a service.</para>
791 <indexterm zone="heimdal kgetcred">
792 <primary sortas="b-kgetcred">kgetcred</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="kinit">
798 <term><command>kinit</command></term>
799 <listitem>
800 <para>is used to authenticate to the Kerberos server as a principal
801 and acquire a ticket granting ticket that can later be used to obtain
802 tickets for other services.</para>
803 <indexterm zone="heimdal kinit">
804 <primary sortas="b-kinit">kinit</primary>
805 </indexterm>
806 </listitem>
807 </varlistentry>
808
809 <varlistentry id="klist">
810 <term><command>klist</command></term>
811 <listitem>
812 <para>reads and displays the current tickets in the credential
813 cache.</para>
814 <indexterm zone="heimdal klist">
815 <primary sortas="b-klist">klist</primary>
816 </indexterm>
817 </listitem>
818 </varlistentry>
819
820 <varlistentry id="kpasswd">
821 <term><command>kpasswd</command></term>
822 <listitem>
823 <para>is a program for changing Kerberos 5 passwords.</para>
824 <indexterm zone="heimdal kpasswd">
825 <primary sortas="b-kpasswd">kpasswd</primary>
826 </indexterm>
827 </listitem>
828 </varlistentry>
829
830 <varlistentry id="kpasswdd">
831 <term><command>kpasswdd</command></term>
832 <listitem>
833 <para>is a Kerberos 5 password changing server.</para>
834 <indexterm zone="heimdal kpasswdd">
835 <primary sortas="b-kpasswdd">kpasswdd</primary>
836 </indexterm>
837 </listitem>
838 </varlistentry>
839
840 <varlistentry id="krb5-config-prog">
841 <term><command>krb5-config</command></term>
842 <listitem>
843 <para>gives information on how to link programs against
844 <application>Heimdal</application> libraries.</para>
845 <indexterm zone="heimdal krb5-config-prog">
846 <primary sortas="b-krb5-config">krb5-config</primary>
847 </indexterm>
848 </listitem>
849 </varlistentry>
850
851 <varlistentry id="kstash">
852 <term><command>kstash</command></term>
853 <listitem>
854 <para>stores the KDC master password in a file.</para>
855 <indexterm zone="heimdal kstash">
856 <primary sortas="b-kstash">kstash</primary>
857 </indexterm>
858 </listitem>
859 </varlistentry>
860
861 <varlistentry id="ktutil">
862 <term><command>ktutil</command></term>
863 <listitem>
864 <para>is a program for managing Kerberos keytabs.</para>
865 <indexterm zone="heimdal ktutil">
866 <primary sortas="b-ktutil">ktutil</primary>
867 </indexterm>
868 </listitem>
869 </varlistentry>
870
871 <varlistentry id="kx">
872 <term><command>kx</command></term>
873 <listitem>
874 <para>is a program which securely forwards
875 <application>X</application> connections.</para>
876 <indexterm zone="heimdal kx">
877 <primary sortas="b-kx">kx</primary>
878 </indexterm>
879 </listitem>
880 </varlistentry>
881
882 <varlistentry id="kxd">
883 <term><command>kxd</command></term>
884 <listitem>
885 <para>is the daemon for <command>kx</command>.</para>
886 <indexterm zone="heimdal kxd">
887 <primary sortas="b-kxd">kxd</primary>
888 </indexterm>
889 </listitem>
890 </varlistentry>
891
892 <varlistentry id="login">
893 <term><command>login</command></term>
894 <listitem>
895 <para>is a kerberized login program.</para>
896 <indexterm zone="heimdal login">
897 <primary sortas="b-login">login</primary>
898 </indexterm>
899 </listitem>
900 </varlistentry>
901
902 <varlistentry id="otp">
903 <term><command>otp</command></term>
904 <listitem>
905 <para>manages one-time passwords.</para>
906 <indexterm zone="heimdal otp">
907 <primary sortas="b-otp">otp</primary>
908 </indexterm>
909 </listitem>
910 </varlistentry>
911
912 <varlistentry id="otpprint">
913 <term><command>otpprint</command></term>
914 <listitem>
915 <para>prints lists of one-time passwords.</para>
916 <indexterm zone="heimdal otpprint">
917 <primary sortas="b-otpprint">otpprint</primary>
918 </indexterm>
919 </listitem>
920 </varlistentry>
921
922 <varlistentry id="pfrom">
923 <term><command>pfrom</command></term>
924 <listitem>
925 <para>is a script that runs <command>push --from</command>.</para>
926 <indexterm zone="heimdal pfrom">
927 <primary sortas="b-pfrom">pfrom</primary>
928 </indexterm>
929 </listitem>
930 </varlistentry>
931
932 <varlistentry id="popper">
933 <term><command>popper</command></term>
934 <listitem>
935 <para>is a kerberized POP-3 server.</para>
936 <indexterm zone="heimdal popper">
937 <primary sortas="b-popper">popper</primary>
938 </indexterm>
939 </listitem>
940 </varlistentry>
941
942 <varlistentry id="push">
943 <term><command>push</command></term>
944 <listitem>
945 <para>is a kerberized POP mail retrieval client.</para>
946 <indexterm zone="heimdal push">
947 <primary sortas="b-push">push</primary>
948 </indexterm>
949 </listitem>
950 </varlistentry>
951
952 <varlistentry id="rcp">
953 <term><command>rcp</command></term>
954 <listitem>
955 <para>is a kerberized rcp client program.</para>
956 <indexterm zone="heimdal rcp">
957 <primary sortas="b-rcp">rcp</primary>
958 </indexterm>
959 </listitem>
960 </varlistentry>
961
962 <varlistentry id="rsh">
963 <term><command>rsh</command></term>
964 <listitem>
965 <para>is a kerberized rsh client program.</para>
966 <indexterm zone="heimdal rsh">
967 <primary sortas="b-rsh">rsh</primary>
968 </indexterm>
969 </listitem>
970 </varlistentry>
971
972 <varlistentry id="rshd">
973 <term><command>rshd</command></term>
974 <listitem>
975 <para>is a kerberized rsh server.</para>
976 <indexterm zone="heimdal rshd">
977 <primary sortas="b-rshd">rshd</primary>
978 </indexterm>
979 </listitem>
980 </varlistentry>
981
982 <varlistentry id="rxtelnet">
983 <term><command>rxtelnet</command></term>
984 <listitem>
985 <para>starts a secure <command>xterm</command> window with a
986 <command>telnet</command> to a given host and forwards
987 <application>X</application> connections.</para>
988 <indexterm zone="heimdal rxtelnet">
989 <primary sortas="b-rxtelnet">rxtelnet</primary>
990 </indexterm>
991 </listitem>
992 </varlistentry>
993
994 <varlistentry id="rxterm">
995 <term><command>rxterm</command></term>
996 <listitem>
997 <para>starts a secure remote <command>xterm</command>.</para>
998 <indexterm zone="heimdal rxterm">
999 <primary sortas="b-rxterm">rxterm</primary>
1000 </indexterm>
1001 </listitem>
1002 </varlistentry>
1003
1004 <varlistentry id="string2key">
1005 <term><command>string2key</command></term>
1006 <listitem>
1007 <para>maps a password into a key.</para>
1008 <indexterm zone="heimdal string2key">
1009 <primary sortas="b-string2key">string2key</primary>
1010 </indexterm>
1011 </listitem>
1012 </varlistentry>
1013
1014 <varlistentry id="su">
1015 <term><command>su</command></term>
1016 <listitem>
1017 <para>is a kerberized su client program.</para>
1018 <indexterm zone="heimdal su">
1019 <primary sortas="b-su">su</primary>
1020 </indexterm>
1021 </listitem>
1022 </varlistentry>
1023
1024 <varlistentry id="telnet">
1025 <term><command>telnet</command></term>
1026 <listitem>
1027 <para>is a kerberized telnet client program.</para>
1028 <indexterm zone="heimdal telnet">
1029 <primary sortas="b-telnet">telnet</primary>
1030 </indexterm>
1031 </listitem>
1032 </varlistentry>
1033
1034 <varlistentry id="telnetd">
1035 <term><command>telnetd</command></term>
1036 <listitem>
1037 <para>is a kerberized telnet server.</para>
1038 <indexterm zone="heimdal telnetd">
1039 <primary sortas="b-telnetd">telnetd</primary>
1040 </indexterm>
1041 </listitem>
1042 </varlistentry>
1043
1044 <varlistentry id="tenletxr">
1045 <term><command>tenletxr</command></term>
1046 <listitem>
1047 <para>forwards <application>X</application> connections
1048 backwards.</para>
1049 <indexterm zone="heimdal tenletxr">
1050 <primary sortas="b-tenletxr">tenletxr</primary>
1051 </indexterm>
1052 </listitem>
1053 </varlistentry>
1054
1055 <varlistentry id="verify_krb5_conf">
1056 <term><command>verify_krb5_conf</command></term>
1057 <listitem>
1058 <para>checks <filename>krb5.conf</filename> file for obvious
1059 errors.</para>
1060 <indexterm zone="heimdal verify_krb5_conf">
1061 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
1062 </indexterm>
1063 </listitem>
1064 </varlistentry>
1065
1066 <varlistentry id="xnlock">
1067 <term><command>xnlock</command></term>
1068 <listitem>
1069 <para>is a program that acts as a secure screen saver for
1070 workstations running <application>X</application>.</para>
1071 <indexterm zone="heimdal xnlock">
1072 <primary sortas="b-xnlock">xnlock</primary>
1073 </indexterm>
1074 </listitem>
1075 </varlistentry>
1076
1077 <varlistentry id="libasn1">
1078 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1079 <listitem>
1080 <para>provides the ASN.1 and DER functions to encode and decode
1081 the Kerberos TGTs.</para>
1082 <indexterm zone="heimdal libasn1">
1083 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
1084 </indexterm>
1085 </listitem>
1086 </varlistentry>
1087
1088 <varlistentry id="libeditline">
1089 <term><filename class='libraryfile'>libeditline.a</filename></term>
1090 <listitem>
1091 <para>is a command-line editing library with history.</para>
1092 <indexterm zone="heimdal libeditline">
1093 <primary sortas="c-libeditline">libeditline.a</primary>
1094 </indexterm>
1095 </listitem>
1096 </varlistentry>
1097
1098 <varlistentry id="libgssapi">
1099 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1100 <listitem>
1101 <para>contain the Generic Security Service Application Programming
1102 Interface (GSSAPI) functions which provides security
1103 services to callers in a generic fashion, supportable with a range of
1104 underlying mechanisms and technologies and hence allowing source-level
1105 portability of applications to different environments.</para>
1106 <indexterm zone="heimdal libgssapi">
1107 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1108 </indexterm>
1109 </listitem>
1110 </varlistentry>
1111
1112 <varlistentry id="libhdb">
1113 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1114 <listitem>
1115 <para>is a <application>Heimdal</application> Kerberos 5
1116 authentication/authorization database access library.</para>
1117 <indexterm zone="heimdal libhdb">
1118 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1119 </indexterm>
1120 </listitem>
1121 </varlistentry>
1122
1123 <varlistentry id="libkadm5clnt">
1124 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1125 <listitem>
1126 <para>contains the administrative authentication and password
1127 checking functions required by Kerberos 5 client-side programs.</para>
1128 <indexterm zone="heimdal libkadm5clnt">
1129 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1130 </indexterm>
1131 </listitem>
1132 </varlistentry>
1133
1134 <varlistentry id="libkadm5srv">
1135 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1136 <listitem>
1137 <para>contain the administrative authentication and password
1138 checking functions required by Kerberos 5 servers.</para>
1139 <indexterm zone="heimdal libkadm5srv">
1140 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1141 </indexterm>
1142 </listitem>
1143 </varlistentry>
1144
1145 <varlistentry id="libkafs">
1146 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1147 <listitem>
1148 <para>contains the functions required to authenticated to AFS.</para>
1149 <indexterm zone="heimdal libkafs">
1150 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1151 </indexterm>
1152 </listitem>
1153 </varlistentry>
1154
1155 <varlistentry id="libkrb5">
1156 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1157 <listitem>
1158 <para>is an all-purpose Kerberos 5 library.</para>
1159 <indexterm zone="heimdal libkrb5">
1160 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1161 </indexterm>
1162 </listitem>
1163 </varlistentry>
1164
1165 <varlistentry id="libotp">
1166 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1167 <listitem>
1168 <para>contains the functions required to handle authenticating
1169 one time passwords.</para>
1170 <indexterm zone="heimdal libotp">
1171 <primary sortas="c-libotp">libotp.{so,a}</primary>
1172 </indexterm>
1173 </listitem>
1174 </varlistentry>
1175
1176 <varlistentry id="libroken">
1177 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1178 <listitem>
1179 <para>is a library containing Kerberos 5 compatibility
1180 functions.</para>
1181 <indexterm zone="heimdal libroken">
1182 <primary sortas="c-libroken">libroken.{so,a}</primary>
1183 </indexterm>
1184 </listitem>
1185 </varlistentry>
1186
1187 </variablelist>
1188
1189 </sect2>
1190
1191</sect1>
Note: See TracBrowser for help on using the repository browser.