source: postlfs/security/heimdal.xml@ 4ece6c2

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 4ece6c2 was 9f12e36, checked in by Randy McMurchy <randy@…>, 18 years ago

Removed 'keywordset' blocks and extra spaces from the XML files (note this was by accident as I meant to do just in the gnome directory but I was in the root of BOOK when I ran the script, but this was going to happen anyway so I don't think it is a big deal)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6192 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 41.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "c937580d6f8b11bf7f0e540530e1dc18">
10 <!ENTITY heimdal-size "4.5 MB">
11 <!ENTITY heimdal-buildsize "96.9 MB">
12 <!ENTITY heimdal-time "2.5 SBU">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <para><application>Heimdal</application> is a free implementation
33 of Kerberos 5 that aims to be compatible with MIT krb5 and is
34 backward compatible with krb4. Kerberos is a network authentication
35 protocol. Basically it preserves the integrity of passwords in any
36 untrusted network (like the Internet). Kerberized applications work
37 hand-in-hand with sites that support Kerberos to ensure that passwords
38 cannot be stolen or compromised. A Kerberos installation will make changes
39 to the authentication mechanisms on your network and will overwrite several
40 programs and daemons from the <application>Coreutils</application>,
41 <application>Inetutils</application>, <application>Qpopper</application>
42 and <application>Shadow</application> packages.</para>
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &heimdal-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &heimdal-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &heimdal-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &heimdal-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <listitem>
69 <para>Required Patch: <ulink
70 url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
71 </listitem>
72 <listitem>
73 <para>Required patch for <application>CrackLib</application> support: <ulink
74 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
79
80 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
81 <para role="required">
82 <!-- <xref linkend="db"/> -->
83 <xref linkend="db"/> is recommended (installed in LFS)
84 or <xref linkend="gdbm"/></para>
85
86 <bridgehead renderas="sect4">Recommended</bridgehead>
87 <para role="recommended"><xref linkend="openssl"/></para>
88
89 <bridgehead renderas="sect4">Optional</bridgehead>
90 <para role="optional"><xref linkend="linux-pam"/>,
91 <xref linkend="openldap"/>,
92 <xref linkend="x-window-system"/>,
93 <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
94 patch), and
95 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
96
97 <note>
98 <para>Some sort of time synchronization facility on your system
99 (like <xref linkend="ntp"/>) is required since Kerberos won't
100 authenticate if the time differential between a kerberized client
101 and the KDC server is more than 5 minutes.</para>
102 </note>
103
104 <para condition="html" role="usernotes">User Notes:
105 <ulink url="&blfs-wiki;/heimdal"/></para>
106
107 </sect2>
108
109 <sect2 role="installation">
110 <title>Installation of Heimdal</title>
111
112 <!-- This doesn't appear to be needed any longer as testing has
113 shown that the ftp client now works without issues
114
115 <para>Before installing the package, you may want to preserve the
116 <command>ftp</command> program from the <application>Inetutils</application>
117 package. This is because using the <application>Heimdal</application>
118 <command>ftp</command> program to connect to non-kerberized ftp servers may
119 not work properly. It will allow you to connect (letting you know that
120 transmission of the password is clear text) but will have problems doing
121 puts and gets. Issue the following command as the
122 <systemitem class="username">root</systemitem> user.</para>
123
124<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
125
126 -->
127
128 <warning>
129 <para>Ensure you really need a Kerberos installation before you decide
130 to install this package. Failure to install and configure the package
131 in accordance with the instructions below can alter your system so that
132 users cannot log in.</para>
133 </warning>
134
135 <para>If you wish the <application>Heimdal</application> package to
136 link against the <application>CrackLib</application> library to provide
137 enforcement of strong passwords (requires <xref linkend="cracklib"/>
138 installed with the <filename>heimdal</filename> patch), you must apply a
139 patch:</para>
140
141<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
142
143 <para>Install <application>Heimdal</application> by running the following
144 commands:</para>
145
146<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
147./configure --prefix=/usr \
148 --sysconfdir=/etc/heimdal \
149 --libexecdir=/usr/sbin \
150 --datadir=/var/lib/heimdal \
151 --localstatedir=/var/lib/heimdal \
152 --enable-shared \
153 --with-readline=/usr &amp;&amp;
154make</userinput></screen>
155
156 <para>If you wish to create HTML documentation, issue the following
157 command:</para>
158
159<screen><userinput>make -C doc heimdal.html</userinput></screen>
160
161 <para>If you wish to create a text-based version of the documentation,
162 issue the following commands:</para>
163
164<screen><userinput>cd doc &amp;&amp;
165makeinfo --plaintext -o heimdal.txt heimdal.texi &amp;&amp;
166cd ..</userinput></screen>
167
168 <para>To test the results, issue: <command>make check</command>.</para>
169
170 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
171
172<screen role="root"><userinput>mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.glibc &amp;&amp;
173mv -v /usr/include/glob.h /usr/include/glob.h.glibc &amp;&amp;
174mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
175mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &amp;&amp;
176mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &amp;&amp;
177make install &amp;&amp;
178mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.heimdal &amp;&amp;
179mv -v /usr/include/fnmatch.h.glibc /usr/include/fnmatch.h &amp;&amp;
180mv -v /usr/include/glob.h /usr/include/glob.h.heimdal &amp;&amp;
181mv -v /usr/include/glob.h.glibc /usr/include/glob.h &amp;&amp;
182install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
183install -v -m644 doc/{init-creds,layman.asc} \
184 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
185install -v -m644 doc/standardisation/* \
186 /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
187mv -v /bin/login /bin/login.shadow &amp;&amp;
188mv -v /bin/su /bin/su.shadow &amp;&amp;
189mv -v /usr/bin/{login,su} /bin &amp;&amp;
190ln -v -sf ../../bin/login /usr/bin &amp;&amp;
191mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
192 /usr/lib/libdb-4.4.so /lib &amp;&amp;
193ln -v -sf ../../lib/libdb-4.4.so /usr/lib/libdb.so &amp;&amp;
194ln -v -sf ../../lib/libdb-4.4.so /usr/lib/libdb-4.so &amp;&amp;
195for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
196 asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.8
197do
198 ln -v -sf ../../lib/lib$SYMLINK \
199 /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
200done
201ldconfig</userinput></screen>
202
203 <para>If you built the HTML or text-based documentation, install it using
204 the following commands as the
205 <systemitem class="username">root</systemitem> user:</para>
206
207<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
208install -v -m644 doc/heimdal.html/* \
209 /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
210install -v -m644 doc/heimdal.txt /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
211
212 </sect2>
213
214 <sect2 role="commands">
215 <title>Command Explanations</title>
216
217 <para><command>mv -v /usr/include/...</command> and
218 <command>mv -v /usr/lib/libss.*</command>: The
219 <application>Heimdal</application> installation will overwrite two
220 interface headers from the <application>Glibc</application> package and an
221 interface header, static library and library symbolic link from the
222 <application>E2fsprogs</application> package. These commands move the
223 original files out of the way before the installation, and then restore
224 the original <application>Glibc</application> headers after the
225 installation. The two <application>Heimdal</application> headers are renamed
226 and preserved on the system. Testing has shown that the system is stable
227 using the <application>Heimdal</application> version of the
228 <filename>libss</filename> library and interface header.</para>
229
230 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch
231 puts the daemon programs into
232 <filename class="directory">/usr/sbin</filename>.</para>
233
234 <tip>
235 <para>If you want to preserve all your existing
236 <application>Inetutils</application> package daemons, install the
237 <application>Heimdal</application> daemons into
238 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
239 you want). Since these programs will be called from
240 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
241 really doesn't matter where they are installed, as long as they are
242 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
243 and <filename>rc</filename> scripts. If you choose something other than
244 <filename class="directory">/usr/sbin</filename>, you may want to move
245 some of the user programs (such as <command>kadmin</command>) to
246 <filename class="directory">/usr/sbin</filename> manually so they'll be
247 in the privileged user's default <envar>PATH</envar>.</para>
248 </tip>
249
250 <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
251 The <command>login</command> and <command>su</command> programs installed by
252 <application>Heimdal</application> belong in the
253 <filename class="directory">/bin</filename> directory. The
254 <command>login</command> program is symlinked because
255 <application>Heimdal</application> is expecting to find it in
256 <filename class="directory">/usr/bin</filename>. The old executables are
257 preserved before the move so that they can be restored if you experience
258 problems logging into the system after the
259 <application>Heimdal</application> package is installed and
260 configured.</para>
261
262 <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
263 The <command>login</command> and <command>su</command> programs installed
264 by <application>Heimdal</application> link against
265 <application>Heimdal</application> libraries as well as libraries provided
266 by the <application>OpenSSL</application> and
267 <application>Berkeley DB</application> packages. These
268 libraries are moved to <filename class="directory">/lib</filename> to be
269 FHS compliant and also in case
270 <filename class="directory">/usr</filename> is located on a separate
271 partition which may not always be mounted.</para>
272
273 </sect2>
274
275 <sect2 role="configuration">
276 <title>Configuring Heimdal</title>
277
278 <sect3 id="heimdal-config">
279 <title>Config Files</title>
280
281 <para><filename>/etc/heimdal/*</filename></para>
282
283 <indexterm zone="heimdal heimdal-config">
284 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
285 </indexterm>
286
287 </sect3>
288
289 <sect3>
290 <title>Configuration Information</title>
291
292 <note>
293 <para>All the configuration steps shown below must be accomplished
294 by the <systemitem class='username'>root</systemitem> user unless
295 otherwise noted.</para>
296 </note>
297
298 <sect4>
299 <title>Master KDC Server Configuration</title>
300
301 <para>Create the Kerberos configuration file with the
302 following commands:</para>
303
304<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
305cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
306<literal># Begin /etc/heimdal/krb5.conf
307
308[libdefaults]
309 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
310 encrypt = true
311
312[realms]
313 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
314 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
315 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
316 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
317 }
318
319[domain_realm]
320 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
321
322[logging]
323 kdc = FILE:/var/log/kdc.log
324 admin_server = FILE:/var/log/kadmin.log
325 default = FILE:/var/log/krb.log
326
327# End /etc/heimdal/krb5.conf</literal>
328EOF
329chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
330
331 <para>You will need to substitute your domain and proper hostname
332 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
333 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
334
335 <para><option>default_realm</option> should be the name of your
336 domain changed to ALL CAPS. This isn't required, but both
337 <application>Heimdal</application> and <application>MIT
338 krb5</application> recommend it.</para>
339
340 <para><option>encrypt = true</option> provides encryption of all
341 traffic between kerberized clients and servers. It's not necessary
342 and can be left off. If you leave it off, you can encrypt all traffic
343 from the client to the server using a switch on the client program
344 instead.</para>
345
346 <para>The <option>[realms]</option> parameters tell the client
347 programs where to look for the KDC authentication services.</para>
348
349 <para>The <option>[domain_realm]</option> section maps a domain
350 to a realm.</para>
351
352 <para>Store the master password in a key file using the following
353 commands:</para>
354
355<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
356kstash</userinput></screen>
357
358 <para>Create the KDC database:</para>
359
360<screen role="root"><userinput>kadmin -l</userinput></screen>
361
362 <para>The commands below will prompt you for information about the
363 principles. Choose the defaults for now unless you know what you are
364 doing and need to specify different values. You can go in later and
365 change the defaults, should you feel the need. You may use the up and
366 down arrow keys to use the history feature of <command>kadmin</command>
367 in a similar manner as the <command>bash</command> history
368 feature.</para>
369
370 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
371 statement:</para>
372
373<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
374
375 <para>The database must now be populated with at least one principle
376 (user). For now, just use your regular login name or root. You may
377 create as few, or as many principles as you wish using the following
378 statement:</para>
379
380<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
381
382 <para>The KDC server and any machine running kerberized
383 server daemons must have a host key installed:</para>
384
385<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
386
387 <para>After choosing the defaults when prompted, you will have to
388 export the data to a keytab file:</para>
389
390<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
391
392 <para>This should have created two files in
393 <filename class="directory">/etc/heimdal</filename>:
394 <filename>krb5.keytab</filename> (Kerberos 5) and
395 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
396 (root rw only) permissions. Keeping the keytab files from public access
397 is crucial to the overall security of the Kerberos installation.</para>
398
399 <para>Eventually, you'll want to add server daemon principles to the
400 database and extract them to the keytab file. You do this in the same
401 way you created the host principles. Below is an example:</para>
402
403<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
404
405 <para>(choose the defaults)</para>
406
407<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
408
409 <para>Exit the <command>kadmin</command> program (use
410 <command>quit</command> or <command>exit</command>) and return back
411 to the shell prompt. Start the KDC daemon manually, just to test out
412 the installation:</para>
413
414<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
415
416 <para>Attempt to get a TGT (ticket granting ticket) with
417 the following command:</para>
418
419<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
420
421 <para>You will be prompted for the password you created. After you get
422 your ticket, you should list it with the following command:</para>
423
424<screen><userinput>klist</userinput></screen>
425
426 <para>Information about the ticket should be displayed on
427 the screen.</para>
428
429 <para>To test the functionality of the <filename>keytab</filename> file,
430 issue the following command:</para>
431
432<screen><userinput>ktutil list</userinput></screen>
433
434 <para>This should dump a list of the host principals, along with the
435 encryption methods used to access the principals.</para>
436
437 <para>At this point, if everything has been successful so far, you
438 can feel fairly confident in the installation, setup and configuration
439 of your new <application>Heimdal</application> Kerberos 5
440 installation.</para>
441
442 <para id="heimdal-init">Install the
443 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
444 in the <xref linkend="bootscripts"/> package:</para>
445
446 <indexterm zone="heimdal heimdal-init">
447 <primary sortas="f-heimdal">heimdal</primary>
448 </indexterm>
449
450<screen role="root"><userinput>make install-heimdal</userinput></screen>
451
452 </sect4>
453
454 <sect4>
455 <title>Using Kerberized Client Programs</title>
456
457 <para>To use the kerberized client programs (<command>telnet</command>,
458 <command>ftp</command>, <command>rsh</command>,
459 <command>rxterm</command>, <command>rxtelnet</command>,
460 <command>rcp</command>, <command>xnlock</command>), you first must get
461 a TGT. Use the <command>kinit</command> program to get the ticket.
462 After you've acquired the ticket, you can use the kerberized programs
463 to connect to any kerberized server on the network. You will not be
464 prompted for authentication until your ticket expires (default is one
465 day), unless you specify a different user as a command line argument
466 to the program.</para>
467
468 <para>The kerberized programs will connect to non-kerberized daemons,
469 warning you that authentication is not encrypted.</para>
470
471 <para>In order to use the <application>Heimdal</application>
472 <application>X</application> programs, you'll need to add a service
473 port entry to the <filename>/etc/services</filename> file for the
474 <command>kxd</command> server. There is no 'standardized port number'
475 for the 'kx' service in the IANA database, so you'll have to pick an
476 unused port number. Add an entry to the <filename>services</filename>
477 file similar to the entry below (substitute your chosen port number
478 for <replaceable>&lt;49150&gt;</replaceable>):</para>
479
480<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
481kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
482
483 <para>For additional information consult <ulink
484 url="&hints-root;/downloads/files/heimdal.txt">the
485 Heimdal hint</ulink> on which the above instructions are based.</para>
486
487 </sect4>
488
489 </sect3>
490
491 </sect2>
492
493 <sect2 role="content">
494 <title>Contents</title>
495
496 <segmentedlist>
497 <segtitle>Installed Programs</segtitle>
498 <segtitle>Installed Libraries</segtitle>
499 <segtitle>Installed Directories</segtitle>
500
501 <seglistitem>
502 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
503 ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
504 kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
505 ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
506 push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
507 telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
508 and xnlock</seg>
509 <seg>libasn1.{so,a}, libeditline.{so,a}, libgssapi.{so,a},
510 libhdb.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
511 libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a}, libsl.{so,a}
512 and libss.{so,a}</seg>
513 <seg>/etc/heimdal, /usr/include/kadm5,
514 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
515 </seglistitem>
516 </segmentedlist>
517
518 <variablelist>
519 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
520 <?dbfo list-presentation="list"?>
521 <?dbhtml list-presentation="table"?>
522
523 <varlistentry id="afslog">
524 <term><command>afslog</command></term>
525 <listitem>
526 <para>obtains AFS tokens for a number of cells.</para>
527 <indexterm zone="heimdal afslog">
528 <primary sortas="b-afslog">afslog</primary>
529 </indexterm>
530 </listitem>
531 </varlistentry>
532
533 <varlistentry id="ftp">
534 <term><command>ftp</command></term>
535 <listitem>
536 <para>is a kerberized FTP client.</para>
537 <indexterm zone="heimdal ftp">
538 <primary sortas="b-ftp">ftp</primary>
539 </indexterm>
540 </listitem>
541 </varlistentry>
542
543 <varlistentry id="ftpd">
544 <term><command>ftpd</command></term>
545 <listitem>
546 <para>is a kerberized FTP daemon.</para>
547 <indexterm zone="heimdal ftpd">
548 <primary sortas="b-ftpd">ftpd</primary>
549 </indexterm>
550 </listitem>
551 </varlistentry>
552
553 <varlistentry id="hprop">
554 <term><command>hprop</command></term>
555 <listitem>
556 <para> takes a principal database in a specified format and converts
557 it into a stream of <application>Heimdal</application> database
558 records.</para>
559 <indexterm zone="heimdal hprop">
560 <primary sortas="b-hprop">hprop</primary>
561 </indexterm>
562 </listitem>
563 </varlistentry>
564
565 <varlistentry id="hpropd">
566 <term><command>hpropd</command></term>
567 <listitem>
568 <para>is a server that receives a database sent by
569 <command>hprop</command> and writes it as a local database.</para>
570 <indexterm zone="heimdal hpropd">
571 <primary sortas="b-hpropd">hpropd</primary>
572 </indexterm>
573 </listitem>
574 </varlistentry>
575
576 <varlistentry id="ipropd-master">
577 <term><command>ipropd-master</command></term>
578 <listitem>
579 <para>is a daemon which runs on the master KDC
580 server which incrementally propagates changes to the KDC
581 database to the slave KDC servers.</para>
582 <indexterm zone="heimdal ipropd-master">
583 <primary sortas="b-ipropd-master">ipropd-master</primary>
584 </indexterm>
585 </listitem>
586 </varlistentry>
587
588 <varlistentry id="ipropd-slave">
589 <term><command>ipropd-slave</command></term>
590 <listitem>
591 <para>is a daemon which runs on the slave KDC
592 servers which incrementally propagates changes to the KDC
593 database from the master KDC server.</para>
594 <indexterm zone="heimdal ipropd-slave">
595 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
596 </indexterm>
597 </listitem>
598 </varlistentry>
599
600 <varlistentry id="kadmin">
601 <term><command>kadmin</command></term>
602 <listitem>
603 <para>is a utility used to make modifications to the Kerberos
604 database.</para>
605 <indexterm zone="heimdal kadmin">
606 <primary sortas="b-kadmin">kadmin</primary>
607 </indexterm>
608 </listitem>
609 </varlistentry>
610
611 <varlistentry id="kadmind">
612 <term><command>kadmind</command></term>
613 <listitem>
614 <para>is a server for administrative access to the Kerberos
615 database.</para>
616 <indexterm zone="heimdal kadmind">
617 <primary sortas="b-kadmind">kadmind</primary>
618 </indexterm>
619 </listitem>
620 </varlistentry>
621
622 <varlistentry id="kauth">
623 <term><command>kauth</command></term>
624 <listitem>
625 <para>is a symbolic link to the <command>kinit</command>
626 program.</para>
627 <indexterm zone="heimdal kauth">
628 <primary sortas="g-kauth">kauth</primary>
629 </indexterm>
630 </listitem>
631 </varlistentry>
632
633 <varlistentry id="kcm">
634 <term><command>kcm</command></term>
635 <listitem>
636 <para>is a process based credential cache for Kerberos
637 tickets.</para>
638 <indexterm zone="heimdal kcm">
639 <primary sortas="b-kcm">kcm</primary>
640 </indexterm>
641 </listitem>
642 </varlistentry>
643
644 <varlistentry id="kdc">
645 <term><command>kdc</command></term>
646 <listitem>
647 <para>is a Kerberos 5 server.</para>
648 <indexterm zone="heimdal kdc">
649 <primary sortas="b-kdc">kdc</primary>
650 </indexterm>
651 </listitem>
652 </varlistentry>
653
654 <varlistentry id="kdestroy">
655 <term><command>kdestroy</command></term>
656 <listitem>
657 <para>removes a principle's current set of tickets.</para>
658 <indexterm zone="heimdal kdestroy">
659 <primary sortas="b-kdestroy">kdestroy</primary>
660 </indexterm>
661 </listitem>
662 </varlistentry>
663
664 <varlistentry id="kf">
665 <term><command>kf</command></term>
666 <listitem>
667 <para>is a program which forwards tickets to a remote host through
668 an authenticated and encrypted stream.</para>
669 <indexterm zone="heimdal kf">
670 <primary sortas="b-kf">kf</primary>
671 </indexterm>
672 </listitem>
673 </varlistentry>
674
675 <varlistentry id="kfd">
676 <term><command>kfd</command></term>
677 <listitem>
678 <para>is a server used to receive forwarded tickets.</para>
679 <indexterm zone="heimdal kfd">
680 <primary sortas="b-kfd">kfd</primary>
681 </indexterm>
682 </listitem>
683 </varlistentry>
684
685 <varlistentry id="kgetcred">
686 <term><command>kgetcred</command></term>
687 <listitem>
688 <para>obtains a ticket for a service.</para>
689 <indexterm zone="heimdal kgetcred">
690 <primary sortas="b-kgetcred">kgetcred</primary>
691 </indexterm>
692 </listitem>
693 </varlistentry>
694
695 <varlistentry id="kinit">
696 <term><command>kinit</command></term>
697 <listitem>
698 <para>is used to authenticate to the Kerberos server as a principal
699 and acquire a ticket granting ticket that can later be used to obtain
700 tickets for other services.</para>
701 <indexterm zone="heimdal kinit">
702 <primary sortas="b-kinit">kinit</primary>
703 </indexterm>
704 </listitem>
705 </varlistentry>
706
707 <varlistentry id="klist">
708 <term><command>klist</command></term>
709 <listitem>
710 <para>reads and displays the current tickets in the credential
711 cache.</para>
712 <indexterm zone="heimdal klist">
713 <primary sortas="b-klist">klist</primary>
714 </indexterm>
715 </listitem>
716 </varlistentry>
717
718 <varlistentry id="kpasswd">
719 <term><command>kpasswd</command></term>
720 <listitem>
721 <para>is a program for changing Kerberos 5 passwords.</para>
722 <indexterm zone="heimdal kpasswd">
723 <primary sortas="b-kpasswd">kpasswd</primary>
724 </indexterm>
725 </listitem>
726 </varlistentry>
727
728 <varlistentry id="kpasswdd">
729 <term><command>kpasswdd</command></term>
730 <listitem>
731 <para>is a Kerberos 5 password changing server.</para>
732 <indexterm zone="heimdal kpasswdd">
733 <primary sortas="b-kpasswdd">kpasswdd</primary>
734 </indexterm>
735 </listitem>
736 </varlistentry>
737
738 <varlistentry id="krb5-config-prog">
739 <term><command>krb5-config</command></term>
740 <listitem>
741 <para>gives information on how to link programs against
742 <application>Heimdal</application> libraries.</para>
743 <indexterm zone="heimdal krb5-config-prog">
744 <primary sortas="b-krb5-config">krb5-config</primary>
745 </indexterm>
746 </listitem>
747 </varlistentry>
748
749 <varlistentry id="kstash">
750 <term><command>kstash</command></term>
751 <listitem>
752 <para>stores the KDC master password in a file.</para>
753 <indexterm zone="heimdal kstash">
754 <primary sortas="b-kstash">kstash</primary>
755 </indexterm>
756 </listitem>
757 </varlistentry>
758
759 <varlistentry id="ktutil">
760 <term><command>ktutil</command></term>
761 <listitem>
762 <para>is a program for managing Kerberos keytabs.</para>
763 <indexterm zone="heimdal ktutil">
764 <primary sortas="b-ktutil">ktutil</primary>
765 </indexterm>
766 </listitem>
767 </varlistentry>
768
769 <varlistentry id="kx">
770 <term><command>kx</command></term>
771 <listitem>
772 <para>is a program which securely forwards
773 <application>X</application> connections.</para>
774 <indexterm zone="heimdal kx">
775 <primary sortas="b-kx">kx</primary>
776 </indexterm>
777 </listitem>
778 </varlistentry>
779
780 <varlistentry id="kxd">
781 <term><command>kxd</command></term>
782 <listitem>
783 <para>is the daemon for <command>kx</command>.</para>
784 <indexterm zone="heimdal kxd">
785 <primary sortas="b-kxd">kxd</primary>
786 </indexterm>
787 </listitem>
788 </varlistentry>
789
790 <varlistentry id="login">
791 <term><command>login</command></term>
792 <listitem>
793 <para>is a kerberized login program.</para>
794 <indexterm zone="heimdal login">
795 <primary sortas="b-login">login</primary>
796 </indexterm>
797 </listitem>
798 </varlistentry>
799
800 <varlistentry id="otp">
801 <term><command>otp</command></term>
802 <listitem>
803 <para>manages one-time passwords.</para>
804 <indexterm zone="heimdal otp">
805 <primary sortas="b-otp">otp</primary>
806 </indexterm>
807 </listitem>
808 </varlistentry>
809
810 <varlistentry id="otpprint">
811 <term><command>otpprint</command></term>
812 <listitem>
813 <para>prints lists of one-time passwords.</para>
814 <indexterm zone="heimdal otpprint">
815 <primary sortas="b-otpprint">otpprint</primary>
816 </indexterm>
817 </listitem>
818 </varlistentry>
819
820 <varlistentry id="pfrom">
821 <term><command>pfrom</command></term>
822 <listitem>
823 <para>is a script that runs <command>push --from</command>.</para>
824 <indexterm zone="heimdal pfrom">
825 <primary sortas="b-pfrom">pfrom</primary>
826 </indexterm>
827 </listitem>
828 </varlistentry>
829
830 <varlistentry id="popper">
831 <term><command>popper</command></term>
832 <listitem>
833 <para>is a kerberized POP-3 server.</para>
834 <indexterm zone="heimdal popper">
835 <primary sortas="b-popper">popper</primary>
836 </indexterm>
837 </listitem>
838 </varlistentry>
839
840 <varlistentry id="push">
841 <term><command>push</command></term>
842 <listitem>
843 <para>is a kerberized POP mail retrieval client.</para>
844 <indexterm zone="heimdal push">
845 <primary sortas="b-push">push</primary>
846 </indexterm>
847 </listitem>
848 </varlistentry>
849
850 <varlistentry id="rcp">
851 <term><command>rcp</command></term>
852 <listitem>
853 <para>is a kerberized rcp client program.</para>
854 <indexterm zone="heimdal rcp">
855 <primary sortas="b-rcp">rcp</primary>
856 </indexterm>
857 </listitem>
858 </varlistentry>
859
860 <varlistentry id="rsh">
861 <term><command>rsh</command></term>
862 <listitem>
863 <para>is a kerberized rsh client program.</para>
864 <indexterm zone="heimdal rsh">
865 <primary sortas="b-rsh">rsh</primary>
866 </indexterm>
867 </listitem>
868 </varlistentry>
869
870 <varlistentry id="rshd">
871 <term><command>rshd</command></term>
872 <listitem>
873 <para>is a kerberized rsh server.</para>
874 <indexterm zone="heimdal rshd">
875 <primary sortas="b-rshd">rshd</primary>
876 </indexterm>
877 </listitem>
878 </varlistentry>
879
880 <varlistentry id="rxtelnet">
881 <term><command>rxtelnet</command></term>
882 <listitem>
883 <para>starts a secure <command>xterm</command> window with a
884 <command>telnet</command> to a given host and forwards
885 <application>X</application> connections.</para>
886 <indexterm zone="heimdal rxtelnet">
887 <primary sortas="b-rxtelnet">rxtelnet</primary>
888 </indexterm>
889 </listitem>
890 </varlistentry>
891
892 <varlistentry id="rxterm">
893 <term><command>rxterm</command></term>
894 <listitem>
895 <para>starts a secure remote <command>xterm</command>.</para>
896 <indexterm zone="heimdal rxterm">
897 <primary sortas="b-rxterm">rxterm</primary>
898 </indexterm>
899 </listitem>
900 </varlistentry>
901
902 <varlistentry id="string2key">
903 <term><command>string2key</command></term>
904 <listitem>
905 <para>maps a password into a key.</para>
906 <indexterm zone="heimdal string2key">
907 <primary sortas="b-string2key">string2key</primary>
908 </indexterm>
909 </listitem>
910 </varlistentry>
911
912 <varlistentry id="su">
913 <term><command>su</command></term>
914 <listitem>
915 <para>is a kerberized su client program.</para>
916 <indexterm zone="heimdal su">
917 <primary sortas="b-su">su</primary>
918 </indexterm>
919 </listitem>
920 </varlistentry>
921
922 <varlistentry id="telnet">
923 <term><command>telnet</command></term>
924 <listitem>
925 <para>is a kerberized telnet client program.</para>
926 <indexterm zone="heimdal telnet">
927 <primary sortas="b-telnet">telnet</primary>
928 </indexterm>
929 </listitem>
930 </varlistentry>
931
932 <varlistentry id="telnetd">
933 <term><command>telnetd</command></term>
934 <listitem>
935 <para>is a kerberized telnet server.</para>
936 <indexterm zone="heimdal telnetd">
937 <primary sortas="b-telnetd">telnetd</primary>
938 </indexterm>
939 </listitem>
940 </varlistentry>
941
942 <varlistentry id="tenletxr">
943 <term><command>tenletxr</command></term>
944 <listitem>
945 <para>forwards <application>X</application> connections
946 backwards.</para>
947 <indexterm zone="heimdal tenletxr">
948 <primary sortas="b-tenletxr">tenletxr</primary>
949 </indexterm>
950 </listitem>
951 </varlistentry>
952
953 <varlistentry id="verify_krb5_conf">
954 <term><command>verify_krb5_conf</command></term>
955 <listitem>
956 <para>checks <filename>krb5.conf</filename> file for obvious
957 errors.</para>
958 <indexterm zone="heimdal verify_krb5_conf">
959 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
960 </indexterm>
961 </listitem>
962 </varlistentry>
963
964 <varlistentry id="xnlock">
965 <term><command>xnlock</command></term>
966 <listitem>
967 <para>is a program that acts as a secure screen saver for
968 workstations running <application>X</application>.</para>
969 <indexterm zone="heimdal xnlock">
970 <primary sortas="b-xnlock">xnlock</primary>
971 </indexterm>
972 </listitem>
973 </varlistentry>
974
975 <varlistentry id="libasn1">
976 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
977 <listitem>
978 <para>provides the ASN.1 and DER functions to encode and decode
979 the Kerberos TGTs.</para>
980 <indexterm zone="heimdal libasn1">
981 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
982 </indexterm>
983 </listitem>
984 </varlistentry>
985
986 <varlistentry id="libeditline">
987 <term><filename class='libraryfile'>libeditline.a</filename></term>
988 <listitem>
989 <para>is a command-line editing library with history.</para>
990 <indexterm zone="heimdal libeditline">
991 <primary sortas="c-libeditline">libeditline.a</primary>
992 </indexterm>
993 </listitem>
994 </varlistentry>
995
996 <varlistentry id="libgssapi">
997 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
998 <listitem>
999 <para>contain the Generic Security Service Application Programming
1000 Interface (GSSAPI) functions which provides security
1001 services to callers in a generic fashion, supportable with a range of
1002 underlying mechanisms and technologies and hence allowing source-level
1003 portability of applications to different environments.</para>
1004 <indexterm zone="heimdal libgssapi">
1005 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1006 </indexterm>
1007 </listitem>
1008 </varlistentry>
1009
1010 <varlistentry id="libhdb">
1011 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1012 <listitem>
1013 <para>is a <application>Heimdal</application> Kerberos 5
1014 authentication/authorization database access library.</para>
1015 <indexterm zone="heimdal libhdb">
1016 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1017 </indexterm>
1018 </listitem>
1019 </varlistentry>
1020
1021 <varlistentry id="libkadm5clnt">
1022 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1023 <listitem>
1024 <para>contains the administrative authentication and password
1025 checking functions required by Kerberos 5 client-side programs.</para>
1026 <indexterm zone="heimdal libkadm5clnt">
1027 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1028 </indexterm>
1029 </listitem>
1030 </varlistentry>
1031
1032 <varlistentry id="libkadm5srv">
1033 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1034 <listitem>
1035 <para>contain the administrative authentication and password
1036 checking functions required by Kerberos 5 servers.</para>
1037 <indexterm zone="heimdal libkadm5srv">
1038 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1039 </indexterm>
1040 </listitem>
1041 </varlistentry>
1042
1043 <varlistentry id="libkafs">
1044 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1045 <listitem>
1046 <para>contains the functions required to authenticated to AFS.</para>
1047 <indexterm zone="heimdal libkafs">
1048 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1049 </indexterm>
1050 </listitem>
1051 </varlistentry>
1052
1053 <varlistentry id="libkrb5">
1054 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1055 <listitem>
1056 <para>is an all-purpose Kerberos 5 library.</para>
1057 <indexterm zone="heimdal libkrb5">
1058 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1059 </indexterm>
1060 </listitem>
1061 </varlistentry>
1062
1063 <varlistentry id="libotp">
1064 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1065 <listitem>
1066 <para>contains the functions required to handle authenticating
1067 one time passwords.</para>
1068 <indexterm zone="heimdal libotp">
1069 <primary sortas="c-libotp">libotp.{so,a}</primary>
1070 </indexterm>
1071 </listitem>
1072 </varlistentry>
1073
1074 <varlistentry id="libroken">
1075 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1076 <listitem>
1077 <para>is a library containing Kerberos 5 compatibility
1078 functions.</para>
1079 <indexterm zone="heimdal libroken">
1080 <primary sortas="c-libroken">libroken.{so,a}</primary>
1081 </indexterm>
1082 </listitem>
1083 </varlistentry>
1084
1085 </variablelist>
1086
1087 </sect2>
1088
1089</sect1>
Note: See TracBrowser for help on using the repository browser.