source: postlfs/security/heimdal.xml@ 8d9eb0f

10.0 10.1 11.0 11.1 11.2 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules plabs/python-mods qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 8d9eb0f was 8d9eb0f, checked in by Randy McMurchy <randy@…>, 18 years ago

Shortened line lengths in various package instructions so that the instructions fit into the PDF viewable area (through page 250)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3274 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 21.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-size "3.2 MB">
10 <!ENTITY heimdal-buildsize "142 MB">
11 <!ENTITY heimdal-time "2.55 SBU">
12]>
13
14<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
15<sect1info>
16<othername>$LastChangedBy$</othername>
17<date>$Date$</date>
18</sect1info>
19<?dbhtml filename="heimdal.html"?>
20<title>Heimdal-&heimdal-version;</title>
21
22<sect2>
23<title>Introduction to <application>Heimdal</application></title>
24
25<para><application>Heimdal</application> is a free implementation of Kerberos
265, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
27compatible with krb4. Kerberos is a network authentication protocol. Basically
28it preserves the integrity of passwords in any untrusted network (like the
29Internet). Kerberized applications work hand-in-hand with sites that support
30Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
31will make changes to the authentication mechanisms on your network and will
32overwrite several programs and daemons from the
33<application>Coreutils</application>, <application>Inetutils</application>,
34<application>Qpopper</application> and <application>Shadow</application>
35packages.</para>
36
37<sect3><title>Package information</title>
38<itemizedlist spacing='compact'>
39<listitem><para>Download (HTTP):
40<ulink url="&heimdal-download-http;"/></para></listitem>
41<listitem><para>Download (FTP):
42<ulink url="&heimdal-download-ftp;"/></para></listitem>
43<listitem><para>Download size: &heimdal-size;</para></listitem>
44<listitem><para>Estimated disk space required:
45&heimdal-buildsize;</para></listitem>
46<listitem><para>Estimated build time:
47&heimdal-time;</para></listitem></itemizedlist>
48</sect3>
49
50<sect3><title>Additional downloads</title>
51<itemizedlist spacing='compact'>
52<listitem><para>Required Patch: <ulink
53url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
54</listitem>
55<listitem><para>Required patch for cracklib: <ulink
56url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
57</listitem>
58</itemizedlist>
59
60</sect3>
61
62<sect3><title><application>Heimdal</application> dependencies</title>
63<sect4><title>Required</title>
64<para><xref linkend="openssl-package"/> and
65<xref linkend="db"/></para>
66</sect4>
67<sect4><title>Optional</title>
68<para><xref linkend="Linux_PAM"/>,
69<xref linkend="openldap"/>,
70X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
71<xref linkend="cracklib"/> and
72<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
73</para>
74
75<note><para>
76Some sort of time synchronization facility on your system (like <xref
77linkend="ntp"/>) is required since Kerberos won't authenticate if the
78time differential between a kerberized client and the
79<acronym>KDC</acronym> server is more than 5 minutes.</para></note>
80</sect4>
81
82</sect3>
83
84</sect2>
85
86<sect2>
87<title>Installation of <application>Heimdal</application></title>
88
89<para>
90Before installing the package, you may want to preserve the
91<command>ftp</command> program from the <application>Inetutils</application>
92package. This is because using the <application>Heimdal</application>
93<command>ftp</command> program to connect to non-kerberized ftp servers may
94not work properly. It will allow you to connect (letting you know that
95transmission of the password is clear text) but will have problems doing puts
96and gets.
97</para>
98
99<screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
100
101<para>
102If you wish the <application>Heimdal</application> package to link against the
103<application>cracklib</application> library, you must apply a patch:
104</para>
105
106<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
107
108<para>Install <application>Heimdal</application> by running the following commands:</para>
109
110<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
111./configure --prefix=/usr --sysconfdir=/etc/heimdal \
112 --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \
113 --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \
114 --enable-shared --with-openssl=/usr &amp;&amp;
115make &amp;&amp;
116make install &amp;&amp;
117mv /bin/login /bin/login.shadow &amp;&amp;
118mv /bin/su /bin/su.coreutils &amp;&amp;
119mv /usr/bin/{login,su} /bin &amp;&amp;
120ln -sf ../../bin/login /usr/bin &amp;&amp;
121mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &amp;&amp;
122mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &amp;&amp;
123mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &amp;&amp;
124mv /usr/lib/libdb-4.1.so /lib &amp;&amp;
125ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
126 /usr/lib &amp;&amp;
127ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
128 /usr/lib &amp;&amp;
129ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
130 /usr/lib &amp;&amp;
131ln -sf ../../lib/libdb-4.1.so /usr/lib &amp;&amp;
132ldconfig</command></userinput></screen>
133
134</sect2>
135
136<sect2>
137<title>Command explanations</title>
138
139<para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the
140daemon programs into <filename class="directory">/usr/sbin</filename>.
141</para>
142
143<note><para>
144If you want to preserve all your existing <application>Inetutils</application>
145package daemons, install the <application>Heimdal</application> daemons into
146<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you want).
147Since these programs will be called from <command>(x)inetd</command> or
148<filename>rc</filename> scripts, it really doesn't matter where they are
149installed, as long as they are correctly specified in the
150<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
151scripts. If you choose something other than
152<filename class="directory">/usr/sbin</filename>, you may want to move some of
153the user programs (such as <command>kadmin</command>) to
154<filename class="directory">/usr/sbin</filename> manually so they'll be in the
155privileged user's default path.</para></note>
156
157<para>
158<screen><command>mv /bin/login /bin/login.shadow
159mv /bin/su /bin/su.coreutils
160mv /usr/bin/{login,su} /bin
161ln -sf ../../bin/login /usr/bin</command></screen>
162
163The <command>login</command> and <command>su</command> programs installed by
164<application>Heimdal</application> belong in the
165<filename class="directory">/bin</filename> directory. The
166<command>login</command> program is symlinked because
167<application>Heimdal</application> is expecting to find it in
168<filename class="directory">/usr/bin</filename>. The old executables are
169preserved before the move to keep things sane should breaks occur.
170</para>
171
172<para>
173<screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
174mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
175mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
176mv /usr/lib/libdb-4.1.so /lib
177ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
178 /usr/lib
179ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
180 /usr/lib
181ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
182 /usr/lib
183ln -sf ../../lib/libdb-4.1.so /usr/lib</command></screen>
184
185The <command>login</command> and <command>su</command> programs
186installed by <application>Heimdal</application> link against
187<application>Heimdal</application> libraries as well as libraries provided by
188the <application>OpenSSL</application>, <application>Berkeley DB</application>
189and <application>E2fsprogs</application> packages. These libraries are moved
190to <filename class="directory">/lib</filename> to be <acronym>FHS</acronym>
191compliant and also in case <filename class="directory">/usr</filename> is
192located on a separate partition which may not always be mounted.
193</para>
194
195</sect2>
196
197<sect2>
198<title>Configuring <application>Heimdal</application></title>
199
200<sect3><title>Config files</title>
201<para><filename>/etc/heimdal/*</filename></para>
202</sect3>
203
204<sect3><title>Configuration Information</title>
205
206<sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
207
208<para>
209Create the Kerberos configuration file with the following commands:
210</para>
211
212<screen><userinput><command>install -d /etc/heimdal &amp;&amp;
213cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"</command>
214# Begin /etc/heimdal/krb5.conf
215
216[libdefaults]
217 default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
218 encrypt = true
219
220[realms]
221 <replaceable>[EXAMPLE.COM]</replaceable> = {
222 kdc = <replaceable>[hostname.example.com]</replaceable>
223 admin_server = <replaceable>[hostname.example.com]</replaceable>
224 kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
225 }
226
227[domain_realm]
228 .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
229
230[logging]
231 kdc = FILE:/var/log/kdc.log
232 admin_server = FILE:/var/log/kadmin.log
233 default = FILE:/var/log/krb.log
234
235# End /etc/heimdal/krb5.conf
236<command>EOF</command></userinput></screen>
237
238<para>
239You will need to substitute your domain and proper hostname for the
240occurrences of the <replaceable>[hostname]</replaceable> and
241<replaceable>[EXAMPLE.COM]</replaceable> names.
242</para>
243
244<para>
245<userinput>default_realm</userinput> should be the name of your domain changed
246to ALL CAPS. This isn't required, but both <application>Heimdal</application>
247and <application><acronym>MIT</acronym> krb5</application> recommend it.
248</para>
249
250<para>
251<userinput>encrypt = true</userinput> provides encryption of all traffic
252between kerberized clients and servers. It's not necessary and can be left
253off. If you leave it off, you can encrypt all traffic from the client to the
254server using a switch on the client program instead.
255</para>
256
257<para>
258The <userinput>[realms]</userinput> parameters tell the client programs where
259to look for the <acronym>KDC</acronym> authentication services.
260</para>
261
262<para>
263The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
264</para>
265
266<para>
267Store the master password in a key file using the following commands:
268</para>
269
270<screen><userinput><command>install -d -m 755 /var/lib/heimdal &amp;&amp;
271kstash</command></userinput></screen>
272
273<para>
274Create the <acronym>KDC</acronym> database:
275</para>
276
277<screen><userinput><command>kadmin -l</command></userinput></screen>
278
279<para>
280Choose the defaults for now. You can go in later and change the
281defaults, should you feel the need. At the
282<userinput>kadmin&gt;</userinput> prompt, issue the following statement:
283</para>
284
285<screen><userinput><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
286
287<para>
288The database must now be populated with at least one principle (user). For now,
289just use your regular login name or root. You may create as few, or as many
290principles as you wish using the following statement:
291</para>
292
293<screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
294
295<para>
296The <acronym>KDC</acronym> server and any machine running kerberized
297server daemons must have a host key installed:
298</para>
299
300<screen><userinput><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
301
302<para>
303After choosing the defaults when prompted, you will have to export the
304data to a keytab file:
305</para>
306
307<screen><userinput><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
308
309<para>
310This should have created two files in
311<filename class="directory">/etc/heimdal</filename>:
312<filename>krb5.keytab</filename> (Kerberos 5) and
313<filename>srvtab</filename> (Kerberos 4). Both files should have 600
314(root rw only) permissions. Keeping the keytab files from public access
315is crucial to the overall security of the Kerberos installation.
316</para>
317
318<para>
319Eventually, you'll want to add server daemon principles to the database
320and extract them to the keytab file. You do this in the same way you
321created the host principles. Below is an example:
322</para>
323
324<screen><userinput><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
325
326<para>
327(choose the defaults)
328</para>
329
330<screen><userinput><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
331
332<para>
333Exit the <command>kadmin</command> program (use <command>quit</command>
334or <command>exit</command>) and return back to the shell prompt. Start
335the <acronym>KDC</acronym> daemon manually, just to test out the
336installation:
337</para>
338
339<screen><userinput><command>/usr/sbin/kdc &amp;</command></userinput></screen>
340
341<para>
342Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the
343following command:
344</para>
345
346<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
347
348<para>
349You will be prompted for the password you created. After you get your
350ticket, you should list it with the following command:
351</para>
352
353<screen><userinput><command>klist</command></userinput></screen>
354
355<para>
356Information about the ticket should be displayed on the screen.
357</para>
358
359<para>
360To test the functionality of the keytab file, issue the following command:
361</para>
362
363<screen><userinput><command>ktutil list</command></userinput></screen>
364
365<para>
366This should dump a list of the host principals, along with the encryption
367methods used to access the principals.
368</para>
369
370<para>
371At this point, if everything has been successful so far, you can feel
372fairly confident in the installation and configuration of the package.
373</para>
374
375<para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script
376included in the <xref linkend="intro-important-bootscripts"/>
377package:</para>
378
379<screen><userinput><command>make install-heimdal</command></userinput></screen>
380
381</sect4>
382
383<sect4><title>Using Kerberized Client Programs</title>
384
385<para>
386To use the kerberized client programs (<command>telnet</command>,
387<command>ftp</command>, <command>rsh</command>,
388<command>rxterm</command>, <command>rxtelnet</command>,
389<command>rcp</command>, <command>xnlock</command>), you first must get
390a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
391get the ticket. After you've acquired the ticket, you can use the
392kerberized programs to connect to any kerberized server on the network.
393You will not be prompted for authentication until your ticket expires
394(default is one day), unless you specify a different user as a command
395line argument to the program.
396</para>
397
398<para>
399The kerberized programs will connect to non-kerberized daemons, warning
400you that authentication is not encrypted. As mentioned earlier, only the
401<command>ftp</command> program gives any trouble connecting to
402non-kerberized daemons.
403</para>
404
405<para>In order to use the <application>Heimdal</application>
406<application>X</application> programs, you'll need to add a service port
407entry to the <filename>/etc/services</filename> file for the
408<command>kxd</command> server. There is no 'standardized port number' for
409the 'kx' service in the IANA database, so you'll have to pick an unused port
410number. Add an entry to the <filename>services</filename> file similar to the
411entry below (substitute your chosen port number for
412<replaceable>[49150]</replaceable>):</para>
413
414<screen><userinput>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
415kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen>
416
417<para>
418For additional information consult <ulink
419url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
420Heimdal hint</ulink> on which the above instructions are based.
421</para>
422
423</sect4>
424
425</sect3>
426
427</sect2>
428
429<sect2>
430<title>Contents</title>
431
432<para>The <application>Heimdal</application> package contains
433<command>afslog</command>,
434<command>dump_log</command>,
435<command>ftp</command>,
436<command>ftpd</command>,
437<command>hprop</command>,
438<command>hpropd</command>,
439<command>ipropd-master</command>,
440<command>ipropd-slave</command>,
441<command>kadmin</command>,
442<command>kadmind</command>,
443<command>kauth</command>,
444<command>kdc</command>,
445<command>kdestroy</command>,
446<command>kf</command>,
447<command>kfd</command>,
448<command>kgetcred</command>,
449<command>kinit</command>,
450<command>klist</command>,
451<command>kpasswd</command>,
452<command>kpasswdd</command>,
453<command>krb5-config</command>,
454<command>kstash</command>,
455<command>ktutil</command>,
456<command>kx</command>,
457<command>kxd</command>,
458<command>login</command>,
459<command>mk_cmds</command>,
460<command>otp</command>,
461<command>otpprint</command>,
462<command>pagsh</command>,
463<command>pfrom</command>,
464<command>popper</command>,
465<command>push</command>,
466<command>rcp</command>,
467<command>replay_log</command>,
468<command>rsh</command>,
469<command>rshd</command>,
470<command>rxtelnet</command>,
471<command>rxterm</command>,
472<command>string2key</command>,
473<command>su</command>,
474<command>telnet</command>,
475<command>telnetd</command>,
476<command>tenletxr</command>,
477<command>truncate_log</command>,
478<command>verify_krb5_conf</command>,
479<command>xnlock</command>,
480<filename class="libraryfile">libasn1</filename>,
481<filename class="libraryfile">libeditline</filename>,
482<filename class="libraryfile">libgssapi</filename>,
483<filename class="libraryfile">libhdb</filename>,
484<filename class="libraryfile">libkadm5clnt</filename>,
485<filename class="libraryfile">libkadm5srv</filename>,
486<filename class="libraryfile">libkafs</filename>,
487<filename class="libraryfile">libkrb5</filename>,
488<filename class="libraryfile">libotp</filename>,
489<filename class="libraryfile">libroken</filename>,
490<filename class="libraryfile">libsl</filename> and
491<filename class="libraryfile">libss</filename>.
492</para>
493
494</sect2>
495
496<sect2><title>Description</title>
497
498<sect3><title>afslog</title>
499<para><command>afslog</command> obtains <acronym>AFS</acronym> tokens for a
500number of cells.</para></sect3>
501
502<sect3><title>hprop</title>
503<para><command>hprop</command> takes a principal database in a specified
504format and converts it into a stream of <application>Heimdal</application>
505database records.</para></sect3>
506
507<sect3><title>hpropd</title>
508<para><command>hpropd</command> receives a database sent by
509<command>hprop</command> and writes it as a local database.</para></sect3>
510
511<sect3><title>kadmin</title>
512<para><command>kadmin</command> is a utility used to make modifications
513to the Kerberos database.</para></sect3>
514
515<sect3><title>kadmind</title>
516<para><command>kadmind</command> is a server for administrative access
517to the Kerberos database.</para></sect3>
518
519<sect3><title>kauth, kinit</title>
520<para><command>kauth</command> and <command>kinit</command> are used to
521authenticate to the Kerberos server as a principal and acquire a ticket
522granting ticket that can later be used to obtain tickets for other
523services.</para></sect3>
524
525<sect3><title>kdc</title>
526<para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
527
528<sect3><title>kdestroy</title>
529<para><command>kdestroy</command> removes a principle's current set of
530tickets.</para></sect3>
531
532<sect3><title>kf</title>
533<para><command>kf</command> is a program which forwards tickets to a
534remote host through an authenticated and encrypted
535stream.</para></sect3>
536
537<sect3><title>kfd</title>
538<para><command>kfd</command> receives forwarded tickets.</para></sect3>
539
540<sect3><title>kgetcred</title>
541<para><command>kgetcred</command> obtains a ticket for a
542service.</para></sect3>
543
544<sect3><title>klist</title>
545<para><command>klist</command> reads and displays the current tickets in
546the credential cache.</para></sect3>
547
548<sect3><title>kpasswd</title>
549<para><command>kpasswd</command> is a program for changing Kerberos 5
550passwords.</para></sect3>
551
552<sect3><title>kpasswdd</title>
553<para><command>kpasswdd</command> is a Kerberos 5 password changing
554server.</para></sect3>
555
556<sect3><title>krb5-config</title>
557<para><command>krb5-config</command> gives information on how to link
558programs against <application>Heimdal</application> libraries.</para></sect3>
559
560<sect3><title>kstash</title>
561<para><command>kstash</command> stores the <acronym>KDC</acronym> master
562password in a file.</para></sect3>
563
564<sect3><title>ktutil</title>
565<para><command>ktutil</command> is a program for managing Kerberos
566keytabs.</para></sect3>
567
568<sect3><title>kx</title>
569<para><command>kx</command> is a program which securely forwards
570<application>X</application> connections.</para></sect3>
571
572<sect3><title>kxd</title>
573<para><command>kxd</command> is the daemon for
574<command>kx</command>.</para></sect3>
575
576<sect3><title>otp</title>
577<para><command>otp</command> manages one-time passwords.</para></sect3>
578
579<sect3><title>otpprint</title>
580<para><command>otpprint</command> prints lists of one-time
581passwords.</para></sect3>
582
583<sect3><title>rxtelnet</title>
584<para><command>rxtelnet</command> starts an <command>xterm</command>
585window with a telnet to a given host and forwards
586<application>X</application> connections.</para></sect3>
587
588<sect3><title>rxterm</title>
589<para><command>rxterm</command> starts a secure remote
590<command>xterm</command>.</para></sect3>
591
592<sect3><title>string2key</title>
593<para><command>string2key</command> maps a password into a
594key.</para></sect3>
595
596<sect3><title>tenletxr</title>
597<para><command>tenletxr</command> forwards <application>X</application>
598connections backwards.</para></sect3>
599
600<sect3><title>verify_krb5_conf</title>
601<para><command>verify_krb5_conf</command> checks
602<filename>krb5.conf</filename> file for obvious errors.</para></sect3>
603
604<sect3><title>xnlock</title>
605<para><command>xnlock</command> is a program that acts as a secure screen
606saver for workstations running <application>X</application>.</para></sect3>
607
608</sect2>
609
610</sect1>
Note: See TracBrowser for help on using the repository browser.