source: postlfs/security/heimdal.xml@ 6732c094

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 6732c094 was 6732c094, checked in by Randy McMurchy <randy@…>, 17 years ago

Updated all the XML files (and the one stylesheet) to use the 4.5 version of DocBook XML DTD

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6716 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 42.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "c937580d6f8b11bf7f0e540530e1dc18">
10 <!ENTITY heimdal-size "4.5 MB">
11 <!ENTITY heimdal-buildsize "101 MB">
12 <!ENTITY heimdal-time "2.4 SBU">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <para><application>Heimdal</application> is a free implementation
33 of Kerberos 5 that aims to be compatible with MIT krb5 and is
34 backward compatible with krb4. Kerberos is a network authentication
35 protocol. Basically it preserves the integrity of passwords in any
36 untrusted network (like the Internet). Kerberized applications work
37 hand-in-hand with sites that support Kerberos to ensure that passwords
38 cannot be stolen or compromised. A Kerberos installation will make changes
39 to the authentication mechanisms on your network and will overwrite several
40 programs and daemons from the <application>Coreutils</application>,
41 <application>Inetutils</application>, <application>Qpopper</application>
42 and <application>Shadow</application> packages.</para>
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &heimdal-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &heimdal-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &heimdal-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &heimdal-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <listitem>
69 <para>Required Patch: <ulink
70 url="ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"/></para>
71 </listitem>
72 <listitem>
73 <para>Required Patch: <ulink
74 url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
75 </listitem>
76 <listitem>
77 <para>Required patch for <application>CrackLib</application> support: <ulink
78 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
79 </listitem>
80 </itemizedlist>
81
82 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
83
84 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
85 <para role="required">
86 <!-- <xref linkend="db"/> -->
87 <xref linkend="db"/> is recommended (installed in LFS)
88 or <xref linkend="gdbm"/></para>
89
90 <bridgehead renderas="sect4">Recommended</bridgehead>
91 <para role="recommended"><xref linkend="openssl"/></para>
92
93 <bridgehead renderas="sect4">Optional</bridgehead>
94 <para role="optional"><xref linkend="linux-pam"/>,
95 <xref linkend="openldap"/>,
96 <xref linkend="x-window-system"/>,
97 <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
98 patch), and
99 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
100
101 <note>
102 <para>Some sort of time synchronization facility on your system
103 (like <xref linkend="ntp"/>) is required since Kerberos won't
104 authenticate if the time differential between a kerberized client
105 and the KDC server is more than 5 minutes.</para>
106 </note>
107
108 <para condition="html" role="usernotes">User Notes:
109 <ulink url="&blfs-wiki;/heimdal"/></para>
110
111 </sect2>
112
113 <sect2 role="installation">
114 <title>Installation of Heimdal</title>
115
116 <!-- This doesn't appear to be needed any longer as testing has
117 shown that the ftp client now works without issues
118
119 <para>Before installing the package, you may want to preserve the
120 <command>ftp</command> program from the <application>Inetutils</application>
121 package. This is because using the <application>Heimdal</application>
122 <command>ftp</command> program to connect to non-kerberized ftp servers may
123 not work properly. It will allow you to connect (letting you know that
124 transmission of the password is clear text) but will have problems doing
125 puts and gets. Issue the following command as the
126 <systemitem class="username">root</systemitem> user.</para>
127
128<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
129 -->
130
131 <warning>
132 <para>Ensure you really need a Kerberos installation before you decide
133 to install this package. Failure to install and configure the package
134 in accordance with the instructions below can alter your system so that
135 users cannot log in.</para>
136 </warning>
137
138 <para>If you wish the <application>Heimdal</application> package to
139 link against the <application>CrackLib</application> library to provide
140 enforcement of strong passwords (requires <xref linkend="cracklib"/>
141 installed with the <filename>heimdal</filename> patch), you must apply a
142 patch:</para>
143
144<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
145
146 <para>Install <application>Heimdal</application> by running the following
147 commands:</para>
148
149<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-setuid-patch.txt &amp;&amp;
150patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
151./configure --prefix=/usr \
152 --sysconfdir=/etc/heimdal \
153 --libexecdir=/usr/sbin \
154 --datadir=/var/lib/heimdal \
155 --localstatedir=/var/lib/heimdal \
156 --enable-shared \
157 --with-readline=/usr &amp;&amp;
158make</userinput></screen>
159
160 <para>If you have <xref linkend="tetex"/> installed and wish to create
161 alternate forms of the documentation, issue any or all of the following
162 commands:</para>
163
164<screen><userinput>make -C doc html &amp;&amp;
165mv doc/heimdal.html doc/html &amp;&amp;
166make -C doc pdf &amp;&amp;
167make -C doc ps &amp;&amp;
168makeinfo --html --no-split -o doc/heimdal.html doc/heimdal.texi &amp;&amp;
169makeinfo --plaintext -o doc/heimdal.txt doc/heimdal.texi</userinput></screen>
170
171 <para>To test the results, issue: <command>make check</command>.</para>
172
173 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
174
175<screen role="root"><userinput>mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.glibc &amp;&amp;
176mv -v /usr/include/glob.h /usr/include/glob.h.glibc &amp;&amp;
177
178mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
179mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &amp;&amp;
180mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &amp;&amp;
181
182make install &amp;&amp;
183
184mv -v /usr/include/fnmatch.h /usr/include/fnmatch.h.heimdal &amp;&amp;
185mv -v /usr/include/fnmatch.h.glibc /usr/include/fnmatch.h &amp;&amp;
186mv -v /usr/include/glob.h /usr/include/glob.h.heimdal &amp;&amp;
187mv -v /usr/include/glob.h.glibc /usr/include/glob.h &amp;&amp;
188
189mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.heimdal &amp;&amp;
190mv -v /usr/include/ss/ss.h.e2fsprogs /usr/include/ss/ss.h &amp;&amp;
191mv -v /usr/lib/libss.a /usr/lib/libss.a.heimdal &amp;&amp;
192mv -v /usr/lib/libss.a.e2fsprogs /usr/lib/libss.a &amp;&amp;
193mv -v /usr/lib/libss.so /usr/lib/libss.so.heimdal &amp;&amp;
194mv -v /usr/lib/libss.la /usr/lib/libss.la.heimdal &amp;&amp;
195mv -v /usr/lib/libss.so.e2fsprogs /usr/lib/libss.so &amp;&amp;
196if [ -e /usr/lib/libss.so.2 ]; then rm -v /usr/lib/libss.so.2; fi &amp;&amp;
197
198install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
199install -v -m644 doc/{init-creds,layman.asc} \
200 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
201install -v -m644 doc/standardisation/* \
202 /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
203
204mv -v /bin/login /bin/login.shadow &amp;&amp;
205mv -v /bin/su /bin/su.shadow &amp;&amp;
206mv -v /usr/bin/{login,su} /bin &amp;&amp;
207ln -v -sf ../../bin/login /usr/bin &amp;&amp;
208mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
209 /usr/lib/libdb-4.5.so /lib &amp;&amp;
210ln -v -sf ../../lib/libdb-4.5.so /usr/lib/libdb.so &amp;&amp;
211ln -v -sf ../../lib/libdb-4.5.so /usr/lib/libdb-4.so &amp;&amp;
212
213for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
214 asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.8
215do
216 ln -v -sf ../../lib/lib$SYMLINK \
217 /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
218done
219
220ldconfig</userinput></screen>
221
222 <para>If you built any of the alternate forms of documentation, install it
223 using the following commands as the
224 <systemitem class="username">root</systemitem> user:</para>
225
226<screen role="root"><userinput>install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
227install -v -m644 doc/html/* \
228 /usr/share/doc/heimdal-&heimdal-version;/html &amp;&amp;
229install -v -m644 doc/heimdal.{dvi,ps,pdf,html,txt} \
230 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
231
232 </sect2>
233
234 <sect2 role="commands">
235 <title>Command Explanations</title>
236
237 <para><command>mv -v /usr/include/...</command> and
238 <command>mv -v /usr/lib/libss.*</command>: The
239 <application>Heimdal</application> installation will overwrite two
240 interface headers from the <application>Glibc</application> package and an
241 interface header, static library and library symbolic link from the
242 <application>E2fsprogs</application> package. These commands rename the
243 original files before the installation, and then restore them (after
244 renaming the new <application>Heimdal</application> files) after the
245 installation.</para>
246
247 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch
248 puts the daemon programs into
249 <filename class="directory">/usr/sbin</filename>.</para>
250
251 <tip>
252 <para>If you want to preserve all your existing
253 <application>Inetutils</application> package daemons, install the
254 <application>Heimdal</application> daemons into
255 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
256 you want). Since these programs will be called from
257 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
258 really doesn't matter where they are installed, as long as they are
259 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
260 and <filename>rc</filename> scripts. If you choose something other than
261 <filename class="directory">/usr/sbin</filename>, you may want to move
262 some of the user programs (such as <command>kadmin</command>) to
263 <filename class="directory">/usr/sbin</filename> manually so they'll be
264 in the privileged user's default <envar>PATH</envar>.</para>
265 </tip>
266
267 <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
268 The <command>login</command> and <command>su</command> programs installed by
269 <application>Heimdal</application> belong in the
270 <filename class="directory">/bin</filename> directory. The
271 <command>login</command> program is symlinked because
272 <application>Heimdal</application> is expecting to find it in
273 <filename class="directory">/usr/bin</filename>. The old executables are
274 preserved before the move so that they can be restored if you experience
275 problems logging into the system after the
276 <application>Heimdal</application> package is installed and
277 configured.</para>
278
279 <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
280 The <command>login</command> and <command>su</command> programs installed
281 by <application>Heimdal</application> link against
282 <application>Heimdal</application> libraries as well as libraries provided
283 by the <application>OpenSSL</application> and
284 <application>Berkeley DB</application> packages. These
285 libraries are moved to <filename class="directory">/lib</filename> to be
286 FHS compliant and also in case
287 <filename class="directory">/usr</filename> is located on a separate
288 partition which may not always be mounted.</para>
289
290 </sect2>
291
292 <sect2 role="configuration">
293 <title>Configuring Heimdal</title>
294
295 <sect3 id="heimdal-config">
296 <title>Config Files</title>
297
298 <para><filename>/etc/heimdal/*</filename></para>
299
300 <indexterm zone="heimdal heimdal-config">
301 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
302 </indexterm>
303
304 </sect3>
305
306 <sect3>
307 <title>Configuration Information</title>
308
309 <note>
310 <para>All the configuration steps shown below must be accomplished
311 by the <systemitem class='username'>root</systemitem> user unless
312 otherwise noted.</para>
313 </note>
314
315 <sect4>
316 <title>Master KDC Server Configuration</title>
317
318 <para>Create the Kerberos configuration file with the
319 following commands:</para>
320
321<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
322cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
323<literal># Begin /etc/heimdal/krb5.conf
324
325[libdefaults]
326 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
327 encrypt = true
328
329[realms]
330 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
331 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
332 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
333 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
334 }
335
336[domain_realm]
337 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
338
339[logging]
340 kdc = FILE:/var/log/kdc.log
341 admin_server = FILE:/var/log/kadmin.log
342 default = FILE:/var/log/krb.log
343
344# End /etc/heimdal/krb5.conf</literal>
345EOF
346chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
347
348 <para>You will need to substitute your domain and proper hostname
349 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
350 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
351
352 <para><option>default_realm</option> should be the name of your
353 domain changed to ALL CAPS. This isn't required, but both
354 <application>Heimdal</application> and <application>MIT
355 krb5</application> recommend it.</para>
356
357 <para><option>encrypt = true</option> provides encryption of all
358 traffic between kerberized clients and servers. It's not necessary
359 and can be left off. If you leave it off, you can encrypt all traffic
360 from the client to the server using a switch on the client program
361 instead.</para>
362
363 <para>The <option>[realms]</option> parameters tell the client
364 programs where to look for the KDC authentication services.</para>
365
366 <para>The <option>[domain_realm]</option> section maps a domain
367 to a realm.</para>
368
369 <para>Store the master password in a key file using the following
370 commands:</para>
371
372<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
373kstash</userinput></screen>
374
375 <para>Create the KDC database:</para>
376
377<screen role="root"><userinput>kadmin -l</userinput></screen>
378
379 <para>The commands below will prompt you for information about the
380 principles. Choose the defaults for now unless you know what you are
381 doing and need to specify different values. You can go in later and
382 change the defaults, should you feel the need. You may use the up and
383 down arrow keys to use the history feature of <command>kadmin</command>
384 in a similar manner as the <command>bash</command> history
385 feature.</para>
386
387 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
388 statement:</para>
389
390<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
391
392 <para>The database must now be populated with at least one principle
393 (user). For now, just use your regular login name or root. You may
394 create as few, or as many principles as you wish using the following
395 statement:</para>
396
397<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
398
399 <para>The KDC server and any machine running kerberized
400 server daemons must have a host key installed:</para>
401
402<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
403
404 <para>After choosing the defaults when prompted, you will have to
405 export the data to a keytab file:</para>
406
407<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
408
409 <para>This should have created two files in
410 <filename class="directory">/etc/heimdal</filename>:
411 <filename>krb5.keytab</filename> (Kerberos 5) and
412 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
413 (root rw only) permissions. Keeping the keytab files from public access
414 is crucial to the overall security of the Kerberos installation.</para>
415
416 <para>Eventually, you'll want to add server daemon principles to the
417 database and extract them to the keytab file. You do this in the same
418 way you created the host principles. Below is an example:</para>
419
420<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
421
422 <para>(choose the defaults)</para>
423
424<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
425
426 <para>Exit the <command>kadmin</command> program (use
427 <command>quit</command> or <command>exit</command>) and return back
428 to the shell prompt. Start the KDC daemon manually, just to test out
429 the installation:</para>
430
431<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
432
433 <para>Attempt to get a TGT (ticket granting ticket) with
434 the following command:</para>
435
436<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
437
438 <para>You will be prompted for the password you created. After you get
439 your ticket, you should list it with the following command:</para>
440
441<screen><userinput>klist</userinput></screen>
442
443 <para>Information about the ticket should be displayed on
444 the screen.</para>
445
446 <para>To test the functionality of the <filename>keytab</filename> file,
447 issue the following command:</para>
448
449<screen><userinput>ktutil list</userinput></screen>
450
451 <para>This should dump a list of the host principals, along with the
452 encryption methods used to access the principals.</para>
453
454 <para>At this point, if everything has been successful so far, you
455 can feel fairly confident in the installation, setup and configuration
456 of your new <application>Heimdal</application> Kerberos 5
457 installation.</para>
458
459 <para id="heimdal-init">Install the
460 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
461 in the <xref linkend="bootscripts"/> package:</para>
462
463 <indexterm zone="heimdal heimdal-init">
464 <primary sortas="f-heimdal">heimdal</primary>
465 </indexterm>
466
467<screen role="root"><userinput>make install-heimdal</userinput></screen>
468
469 </sect4>
470
471 <sect4>
472 <title>Using Kerberized Client Programs</title>
473
474 <para>To use the kerberized client programs (<command>telnet</command>,
475 <command>ftp</command>, <command>rsh</command>,
476 <command>rxterm</command>, <command>rxtelnet</command>,
477 <command>rcp</command>, <command>xnlock</command>), you first must get
478 a TGT. Use the <command>kinit</command> program to get the ticket.
479 After you've acquired the ticket, you can use the kerberized programs
480 to connect to any kerberized server on the network. You will not be
481 prompted for authentication until your ticket expires (default is one
482 day), unless you specify a different user as a command line argument
483 to the program.</para>
484
485 <para>The kerberized programs will connect to non-kerberized daemons,
486 warning you that authentication is not encrypted.</para>
487
488 <para>In order to use the <application>Heimdal</application>
489 <application>X</application> programs, you'll need to add a service
490 port entry to the <filename>/etc/services</filename> file for the
491 <command>kxd</command> server. There is no 'standardized port number'
492 for the 'kx' service in the IANA database, so you'll have to pick an
493 unused port number. Add an entry to the <filename>services</filename>
494 file similar to the entry below (substitute your chosen port number
495 for <replaceable>&lt;49150&gt;</replaceable>):</para>
496
497<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
498kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
499
500 <para>For additional information consult <ulink
501 url="&hints-root;/downloads/files/heimdal.txt">the
502 Heimdal hint</ulink> on which the above instructions are based.</para>
503
504 </sect4>
505
506 </sect3>
507
508 </sect2>
509
510 <sect2 role="content">
511 <title>Contents</title>
512
513 <segmentedlist>
514 <segtitle>Installed Programs</segtitle>
515 <segtitle>Installed Libraries</segtitle>
516 <segtitle>Installed Directories</segtitle>
517
518 <seglistitem>
519 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
520 ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
521 kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
522 ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
523 push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
524 telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
525 and xnlock</seg>
526 <seg>libasn1.{so,a}, libeditline.{so,a}, libgssapi.{so,a},
527 libhdb.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
528 libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a}, libsl.{so,a}
529 and libss.{so,a}</seg>
530 <seg>/etc/heimdal, /usr/include/kadm5,
531 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
532 </seglistitem>
533 </segmentedlist>
534
535 <variablelist>
536 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
537 <?dbfo list-presentation="list"?>
538 <?dbhtml list-presentation="table"?>
539
540 <varlistentry id="afslog">
541 <term><command>afslog</command></term>
542 <listitem>
543 <para>obtains AFS tokens for a number of cells.</para>
544 <indexterm zone="heimdal afslog">
545 <primary sortas="b-afslog">afslog</primary>
546 </indexterm>
547 </listitem>
548 </varlistentry>
549
550 <varlistentry id="ftp">
551 <term><command>ftp</command></term>
552 <listitem>
553 <para>is a kerberized FTP client.</para>
554 <indexterm zone="heimdal ftp">
555 <primary sortas="b-ftp">ftp</primary>
556 </indexterm>
557 </listitem>
558 </varlistentry>
559
560 <varlistentry id="ftpd">
561 <term><command>ftpd</command></term>
562 <listitem>
563 <para>is a kerberized FTP daemon.</para>
564 <indexterm zone="heimdal ftpd">
565 <primary sortas="b-ftpd">ftpd</primary>
566 </indexterm>
567 </listitem>
568 </varlistentry>
569
570 <varlistentry id="hprop">
571 <term><command>hprop</command></term>
572 <listitem>
573 <para> takes a principal database in a specified format and converts
574 it into a stream of <application>Heimdal</application> database
575 records.</para>
576 <indexterm zone="heimdal hprop">
577 <primary sortas="b-hprop">hprop</primary>
578 </indexterm>
579 </listitem>
580 </varlistentry>
581
582 <varlistentry id="hpropd">
583 <term><command>hpropd</command></term>
584 <listitem>
585 <para>is a server that receives a database sent by
586 <command>hprop</command> and writes it as a local database.</para>
587 <indexterm zone="heimdal hpropd">
588 <primary sortas="b-hpropd">hpropd</primary>
589 </indexterm>
590 </listitem>
591 </varlistentry>
592
593 <varlistentry id="ipropd-master">
594 <term><command>ipropd-master</command></term>
595 <listitem>
596 <para>is a daemon which runs on the master KDC
597 server which incrementally propagates changes to the KDC
598 database to the slave KDC servers.</para>
599 <indexterm zone="heimdal ipropd-master">
600 <primary sortas="b-ipropd-master">ipropd-master</primary>
601 </indexterm>
602 </listitem>
603 </varlistentry>
604
605 <varlistentry id="ipropd-slave">
606 <term><command>ipropd-slave</command></term>
607 <listitem>
608 <para>is a daemon which runs on the slave KDC
609 servers which incrementally propagates changes to the KDC
610 database from the master KDC server.</para>
611 <indexterm zone="heimdal ipropd-slave">
612 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
613 </indexterm>
614 </listitem>
615 </varlistentry>
616
617 <varlistentry id="kadmin">
618 <term><command>kadmin</command></term>
619 <listitem>
620 <para>is a utility used to make modifications to the Kerberos
621 database.</para>
622 <indexterm zone="heimdal kadmin">
623 <primary sortas="b-kadmin">kadmin</primary>
624 </indexterm>
625 </listitem>
626 </varlistentry>
627
628 <varlistentry id="kadmind">
629 <term><command>kadmind</command></term>
630 <listitem>
631 <para>is a server for administrative access to the Kerberos
632 database.</para>
633 <indexterm zone="heimdal kadmind">
634 <primary sortas="b-kadmind">kadmind</primary>
635 </indexterm>
636 </listitem>
637 </varlistentry>
638
639 <varlistentry id="kauth">
640 <term><command>kauth</command></term>
641 <listitem>
642 <para>is a symbolic link to the <command>kinit</command>
643 program.</para>
644 <indexterm zone="heimdal kauth">
645 <primary sortas="g-kauth">kauth</primary>
646 </indexterm>
647 </listitem>
648 </varlistentry>
649
650 <varlistentry id="kcm">
651 <term><command>kcm</command></term>
652 <listitem>
653 <para>is a process based credential cache for Kerberos
654 tickets.</para>
655 <indexterm zone="heimdal kcm">
656 <primary sortas="b-kcm">kcm</primary>
657 </indexterm>
658 </listitem>
659 </varlistentry>
660
661 <varlistentry id="kdc">
662 <term><command>kdc</command></term>
663 <listitem>
664 <para>is a Kerberos 5 server.</para>
665 <indexterm zone="heimdal kdc">
666 <primary sortas="b-kdc">kdc</primary>
667 </indexterm>
668 </listitem>
669 </varlistentry>
670
671 <varlistentry id="kdestroy">
672 <term><command>kdestroy</command></term>
673 <listitem>
674 <para>removes a principle's current set of tickets.</para>
675 <indexterm zone="heimdal kdestroy">
676 <primary sortas="b-kdestroy">kdestroy</primary>
677 </indexterm>
678 </listitem>
679 </varlistentry>
680
681 <varlistentry id="kf">
682 <term><command>kf</command></term>
683 <listitem>
684 <para>is a program which forwards tickets to a remote host through
685 an authenticated and encrypted stream.</para>
686 <indexterm zone="heimdal kf">
687 <primary sortas="b-kf">kf</primary>
688 </indexterm>
689 </listitem>
690 </varlistentry>
691
692 <varlistentry id="kfd">
693 <term><command>kfd</command></term>
694 <listitem>
695 <para>is a server used to receive forwarded tickets.</para>
696 <indexterm zone="heimdal kfd">
697 <primary sortas="b-kfd">kfd</primary>
698 </indexterm>
699 </listitem>
700 </varlistentry>
701
702 <varlistentry id="kgetcred">
703 <term><command>kgetcred</command></term>
704 <listitem>
705 <para>obtains a ticket for a service.</para>
706 <indexterm zone="heimdal kgetcred">
707 <primary sortas="b-kgetcred">kgetcred</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>
711
712 <varlistentry id="kinit">
713 <term><command>kinit</command></term>
714 <listitem>
715 <para>is used to authenticate to the Kerberos server as a principal
716 and acquire a ticket granting ticket that can later be used to obtain
717 tickets for other services.</para>
718 <indexterm zone="heimdal kinit">
719 <primary sortas="b-kinit">kinit</primary>
720 </indexterm>
721 </listitem>
722 </varlistentry>
723
724 <varlistentry id="klist">
725 <term><command>klist</command></term>
726 <listitem>
727 <para>reads and displays the current tickets in the credential
728 cache.</para>
729 <indexterm zone="heimdal klist">
730 <primary sortas="b-klist">klist</primary>
731 </indexterm>
732 </listitem>
733 </varlistentry>
734
735 <varlistentry id="kpasswd">
736 <term><command>kpasswd</command></term>
737 <listitem>
738 <para>is a program for changing Kerberos 5 passwords.</para>
739 <indexterm zone="heimdal kpasswd">
740 <primary sortas="b-kpasswd">kpasswd</primary>
741 </indexterm>
742 </listitem>
743 </varlistentry>
744
745 <varlistentry id="kpasswdd">
746 <term><command>kpasswdd</command></term>
747 <listitem>
748 <para>is a Kerberos 5 password changing server.</para>
749 <indexterm zone="heimdal kpasswdd">
750 <primary sortas="b-kpasswdd">kpasswdd</primary>
751 </indexterm>
752 </listitem>
753 </varlistentry>
754
755 <varlistentry id="krb5-config-prog">
756 <term><command>krb5-config</command></term>
757 <listitem>
758 <para>gives information on how to link programs against
759 <application>Heimdal</application> libraries.</para>
760 <indexterm zone="heimdal krb5-config-prog">
761 <primary sortas="b-krb5-config">krb5-config</primary>
762 </indexterm>
763 </listitem>
764 </varlistentry>
765
766 <varlistentry id="kstash">
767 <term><command>kstash</command></term>
768 <listitem>
769 <para>stores the KDC master password in a file.</para>
770 <indexterm zone="heimdal kstash">
771 <primary sortas="b-kstash">kstash</primary>
772 </indexterm>
773 </listitem>
774 </varlistentry>
775
776 <varlistentry id="ktutil">
777 <term><command>ktutil</command></term>
778 <listitem>
779 <para>is a program for managing Kerberos keytabs.</para>
780 <indexterm zone="heimdal ktutil">
781 <primary sortas="b-ktutil">ktutil</primary>
782 </indexterm>
783 </listitem>
784 </varlistentry>
785
786 <varlistentry id="kx">
787 <term><command>kx</command></term>
788 <listitem>
789 <para>is a program which securely forwards
790 <application>X</application> connections.</para>
791 <indexterm zone="heimdal kx">
792 <primary sortas="b-kx">kx</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="kxd">
798 <term><command>kxd</command></term>
799 <listitem>
800 <para>is the daemon for <command>kx</command>.</para>
801 <indexterm zone="heimdal kxd">
802 <primary sortas="b-kxd">kxd</primary>
803 </indexterm>
804 </listitem>
805 </varlistentry>
806
807 <varlistentry id="login">
808 <term><command>login</command></term>
809 <listitem>
810 <para>is a kerberized login program.</para>
811 <indexterm zone="heimdal login">
812 <primary sortas="b-login">login</primary>
813 </indexterm>
814 </listitem>
815 </varlistentry>
816
817 <varlistentry id="otp">
818 <term><command>otp</command></term>
819 <listitem>
820 <para>manages one-time passwords.</para>
821 <indexterm zone="heimdal otp">
822 <primary sortas="b-otp">otp</primary>
823 </indexterm>
824 </listitem>
825 </varlistentry>
826
827 <varlistentry id="otpprint">
828 <term><command>otpprint</command></term>
829 <listitem>
830 <para>prints lists of one-time passwords.</para>
831 <indexterm zone="heimdal otpprint">
832 <primary sortas="b-otpprint">otpprint</primary>
833 </indexterm>
834 </listitem>
835 </varlistentry>
836
837 <varlistentry id="pfrom">
838 <term><command>pfrom</command></term>
839 <listitem>
840 <para>is a script that runs <command>push --from</command>.</para>
841 <indexterm zone="heimdal pfrom">
842 <primary sortas="b-pfrom">pfrom</primary>
843 </indexterm>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry id="popper">
848 <term><command>popper</command></term>
849 <listitem>
850 <para>is a kerberized POP-3 server.</para>
851 <indexterm zone="heimdal popper">
852 <primary sortas="b-popper">popper</primary>
853 </indexterm>
854 </listitem>
855 </varlistentry>
856
857 <varlistentry id="push">
858 <term><command>push</command></term>
859 <listitem>
860 <para>is a kerberized POP mail retrieval client.</para>
861 <indexterm zone="heimdal push">
862 <primary sortas="b-push">push</primary>
863 </indexterm>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry id="rcp">
868 <term><command>rcp</command></term>
869 <listitem>
870 <para>is a kerberized rcp client program.</para>
871 <indexterm zone="heimdal rcp">
872 <primary sortas="b-rcp">rcp</primary>
873 </indexterm>
874 </listitem>
875 </varlistentry>
876
877 <varlistentry id="rsh">
878 <term><command>rsh</command></term>
879 <listitem>
880 <para>is a kerberized rsh client program.</para>
881 <indexterm zone="heimdal rsh">
882 <primary sortas="b-rsh">rsh</primary>
883 </indexterm>
884 </listitem>
885 </varlistentry>
886
887 <varlistentry id="rshd">
888 <term><command>rshd</command></term>
889 <listitem>
890 <para>is a kerberized rsh server.</para>
891 <indexterm zone="heimdal rshd">
892 <primary sortas="b-rshd">rshd</primary>
893 </indexterm>
894 </listitem>
895 </varlistentry>
896
897 <varlistentry id="rxtelnet">
898 <term><command>rxtelnet</command></term>
899 <listitem>
900 <para>starts a secure <command>xterm</command> window with a
901 <command>telnet</command> to a given host and forwards
902 <application>X</application> connections.</para>
903 <indexterm zone="heimdal rxtelnet">
904 <primary sortas="b-rxtelnet">rxtelnet</primary>
905 </indexterm>
906 </listitem>
907 </varlistentry>
908
909 <varlistentry id="rxterm">
910 <term><command>rxterm</command></term>
911 <listitem>
912 <para>starts a secure remote <command>xterm</command>.</para>
913 <indexterm zone="heimdal rxterm">
914 <primary sortas="b-rxterm">rxterm</primary>
915 </indexterm>
916 </listitem>
917 </varlistentry>
918
919 <varlistentry id="string2key">
920 <term><command>string2key</command></term>
921 <listitem>
922 <para>maps a password into a key.</para>
923 <indexterm zone="heimdal string2key">
924 <primary sortas="b-string2key">string2key</primary>
925 </indexterm>
926 </listitem>
927 </varlistentry>
928
929 <varlistentry id="su">
930 <term><command>su</command></term>
931 <listitem>
932 <para>is a kerberized su client program.</para>
933 <indexterm zone="heimdal su">
934 <primary sortas="b-su">su</primary>
935 </indexterm>
936 </listitem>
937 </varlistentry>
938
939 <varlistentry id="telnet">
940 <term><command>telnet</command></term>
941 <listitem>
942 <para>is a kerberized telnet client program.</para>
943 <indexterm zone="heimdal telnet">
944 <primary sortas="b-telnet">telnet</primary>
945 </indexterm>
946 </listitem>
947 </varlistentry>
948
949 <varlistentry id="telnetd">
950 <term><command>telnetd</command></term>
951 <listitem>
952 <para>is a kerberized telnet server.</para>
953 <indexterm zone="heimdal telnetd">
954 <primary sortas="b-telnetd">telnetd</primary>
955 </indexterm>
956 </listitem>
957 </varlistentry>
958
959 <varlistentry id="tenletxr">
960 <term><command>tenletxr</command></term>
961 <listitem>
962 <para>forwards <application>X</application> connections
963 backwards.</para>
964 <indexterm zone="heimdal tenletxr">
965 <primary sortas="b-tenletxr">tenletxr</primary>
966 </indexterm>
967 </listitem>
968 </varlistentry>
969
970 <varlistentry id="verify_krb5_conf">
971 <term><command>verify_krb5_conf</command></term>
972 <listitem>
973 <para>checks <filename>krb5.conf</filename> file for obvious
974 errors.</para>
975 <indexterm zone="heimdal verify_krb5_conf">
976 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
977 </indexterm>
978 </listitem>
979 </varlistentry>
980
981 <varlistentry id="xnlock">
982 <term><command>xnlock</command></term>
983 <listitem>
984 <para>is a program that acts as a secure screen saver for
985 workstations running <application>X</application>.</para>
986 <indexterm zone="heimdal xnlock">
987 <primary sortas="b-xnlock">xnlock</primary>
988 </indexterm>
989 </listitem>
990 </varlistentry>
991
992 <varlistentry id="libasn1">
993 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
994 <listitem>
995 <para>provides the ASN.1 and DER functions to encode and decode
996 the Kerberos TGTs.</para>
997 <indexterm zone="heimdal libasn1">
998 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
999 </indexterm>
1000 </listitem>
1001 </varlistentry>
1002
1003 <varlistentry id="libeditline">
1004 <term><filename class='libraryfile'>libeditline.a</filename></term>
1005 <listitem>
1006 <para>is a command-line editing library with history.</para>
1007 <indexterm zone="heimdal libeditline">
1008 <primary sortas="c-libeditline">libeditline.a</primary>
1009 </indexterm>
1010 </listitem>
1011 </varlistentry>
1012
1013 <varlistentry id="libgssapi">
1014 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1015 <listitem>
1016 <para>contain the Generic Security Service Application Programming
1017 Interface (GSSAPI) functions which provides security
1018 services to callers in a generic fashion, supportable with a range of
1019 underlying mechanisms and technologies and hence allowing source-level
1020 portability of applications to different environments.</para>
1021 <indexterm zone="heimdal libgssapi">
1022 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1023 </indexterm>
1024 </listitem>
1025 </varlistentry>
1026
1027 <varlistentry id="libhdb">
1028 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1029 <listitem>
1030 <para>is a <application>Heimdal</application> Kerberos 5
1031 authentication/authorization database access library.</para>
1032 <indexterm zone="heimdal libhdb">
1033 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1034 </indexterm>
1035 </listitem>
1036 </varlistentry>
1037
1038 <varlistentry id="libkadm5clnt">
1039 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1040 <listitem>
1041 <para>contains the administrative authentication and password
1042 checking functions required by Kerberos 5 client-side programs.</para>
1043 <indexterm zone="heimdal libkadm5clnt">
1044 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1045 </indexterm>
1046 </listitem>
1047 </varlistentry>
1048
1049 <varlistentry id="libkadm5srv">
1050 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1051 <listitem>
1052 <para>contain the administrative authentication and password
1053 checking functions required by Kerberos 5 servers.</para>
1054 <indexterm zone="heimdal libkadm5srv">
1055 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1056 </indexterm>
1057 </listitem>
1058 </varlistentry>
1059
1060 <varlistentry id="libkafs">
1061 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1062 <listitem>
1063 <para>contains the functions required to authenticated to AFS.</para>
1064 <indexterm zone="heimdal libkafs">
1065 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1066 </indexterm>
1067 </listitem>
1068 </varlistentry>
1069
1070 <varlistentry id="libkrb5">
1071 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1072 <listitem>
1073 <para>is an all-purpose Kerberos 5 library.</para>
1074 <indexterm zone="heimdal libkrb5">
1075 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1076 </indexterm>
1077 </listitem>
1078 </varlistentry>
1079
1080 <varlistentry id="libotp">
1081 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1082 <listitem>
1083 <para>contains the functions required to handle authenticating
1084 one time passwords.</para>
1085 <indexterm zone="heimdal libotp">
1086 <primary sortas="c-libotp">libotp.{so,a}</primary>
1087 </indexterm>
1088 </listitem>
1089 </varlistentry>
1090
1091 <varlistentry id="libroken">
1092 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1093 <listitem>
1094 <para>is a library containing Kerberos 5 compatibility
1095 functions.</para>
1096 <indexterm zone="heimdal libroken">
1097 <primary sortas="c-libroken">libroken.{so,a}</primary>
1098 </indexterm>
1099 </listitem>
1100 </varlistentry>
1101
1102 </variablelist>
1103
1104 </sect2>
1105
1106</sect1>
Note: See TracBrowser for help on using the repository browser.