source: postlfs/security/heimdal.xml@ 939cf0da

10.0 10.1 11.0 11.1 11.2 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules plabs/python-mods qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 939cf0da was 939cf0da, checked in by Randy McMurchy <randy@…>, 18 years ago

Moved OpenSSL from Chapter 8 to Chapter 4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3268 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 21.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-size "3.2 MB">
10 <!ENTITY heimdal-buildsize "142 MB">
11 <!ENTITY heimdal-time "2.55 SBU">
12]>
13
14<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
15<sect1info>
16<othername>$LastChangedBy$</othername>
17<date>$Date$</date>
18</sect1info>
19<?dbhtml filename="heimdal.html"?>
20<title>Heimdal-&heimdal-version;</title>
21
22<sect2>
23<title>Introduction to <application>Heimdal</application></title>
24
25<para><application>Heimdal</application> is a free implementation of Kerberos
265, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
27compatible with krb4. Kerberos is a network authentication protocol. Basically
28it preserves the integrity of passwords in any untrusted network (like the
29Internet). Kerberized applications work hand-in-hand with sites that support
30Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
31will make changes to the authentication mechanisms on your network and will
32overwrite several programs and daemons from the
33<application>Coreutils</application>, <application>Inetutils</application>,
34<application>Qpopper</application> and <application>Shadow</application>
35packages.</para>
36
37<sect3><title>Package information</title>
38<itemizedlist spacing='compact'>
39<listitem><para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para></listitem>
40<listitem><para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para></listitem>
41<listitem><para>Download size: &heimdal-size;</para></listitem>
42<listitem><para>Estimated disk space required: &heimdal-buildsize;</para></listitem>
43<listitem><para>Estimated build time: &heimdal-time;</para></listitem></itemizedlist>
44</sect3>
45
46<sect3><title>Additional downloads</title>
47<itemizedlist spacing='compact'>
48<listitem><para>Required Patch: <ulink
49url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
50</listitem>
51<listitem><para>Required patch for cracklib: <ulink
52url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
53</listitem>
54</itemizedlist>
55
56</sect3>
57
58<sect3><title><application>Heimdal</application> dependencies</title>
59<sect4><title>Required</title>
60<para>
61<xref linkend="openssl-package"/> and
62<xref linkend="db"/>
63</para></sect4>
64<sect4><title>Optional</title>
65<para>
66<xref linkend="Linux_PAM"/>,
67<xref linkend="openldap"/>,
68X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
69<xref linkend="cracklib"/> and
70<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
71</para>
72
73<note><para>
74Some sort of time synchronization facility on your system (like <xref
75linkend="ntp"/>) is required since Kerberos won't authenticate if the
76time differential between a kerberized client and the
77<acronym>KDC</acronym> server is more than 5 minutes.</para></note>
78</sect4>
79
80</sect3>
81
82</sect2>
83
84<sect2>
85<title>Installation of <application>Heimdal</application></title>
86
87<para>
88Before installing the package, you may want to preserve the
89<command>ftp</command> program from the <application>Inetutils</application>
90package. This is because using the <application>Heimdal</application>
91<command>ftp</command> program to connect to non-kerberized ftp servers may
92not work properly. It will allow you to connect (letting you know that
93transmission of the password is clear text) but will have problems doing puts
94and gets.
95</para>
96
97<screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
98
99<para>
100If you wish the <application>Heimdal</application> package to link against the
101<application>cracklib</application> library, you must apply a patch:
102</para>
103
104<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
105
106<para>Install <application>Heimdal</application> by running the following commands:</para>
107
108<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
109./configure --prefix=/usr --sysconfdir=/etc/heimdal \
110 --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \
111 --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \
112 --enable-shared --with-openssl=/usr &amp;&amp;
113make &amp;&amp;
114make install &amp;&amp;
115mv /bin/login /bin/login.shadow &amp;&amp;
116mv /bin/su /bin/su.coreutils &amp;&amp;
117mv /usr/bin/{login,su} /bin &amp;&amp;
118ln -sf ../../bin/login /usr/bin &amp;&amp;
119mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &amp;&amp;
120mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &amp;&amp;
121mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &amp;&amp;
122mv /usr/lib/libdb-4.1.so /lib &amp;&amp;
123ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib &amp;&amp;
124ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib &amp;&amp;
125ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib &amp;&amp;
126ln -sf ../../lib/libdb-4.1.so /usr/lib &amp;&amp;
127ldconfig</command></userinput></screen>
128
129</sect2>
130
131<sect2>
132<title>Command explanations</title>
133
134<para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the
135daemon programs into <filename class="directory">/usr/sbin</filename>.
136</para>
137
138<note><para>
139If you want to preserve all your existing <application>Inetutils</application>
140package daemons, install the <application>Heimdal</application> daemons into
141<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you want).
142Since these programs will be called from <command>(x)inetd</command> or
143<filename>rc</filename> scripts, it really doesn't matter where they are
144installed, as long as they are correctly specified in the
145<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
146scripts. If you choose something other than
147<filename class="directory">/usr/sbin</filename>, you may want to move some of
148the user programs (such as <command>kadmin</command>) to
149<filename class="directory">/usr/sbin</filename> manually so they'll be in the
150privileged user's default path.</para></note>
151
152<para>
153<screen><command>mv /bin/login /bin/login.shadow
154mv /bin/su /bin/su.coreutils
155mv /usr/bin/{login,su} /bin
156ln -sf ../../bin/login /usr/bin</command></screen>
157
158The <command>login</command> and <command>su</command> programs installed by
159<application>Heimdal</application> belong in the
160<filename class="directory">/bin</filename> directory. The
161<command>login</command> program is symlinked because
162<application>Heimdal</application> is expecting to find it in
163<filename class="directory">/usr/bin</filename>. The old executables are
164preserved before the move to keep things sane should breaks occur.
165</para>
166
167<para>
168<screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
169mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
170mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
171mv /usr/lib/libdb-4.1.so /lib
172ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib
173ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib
174ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib
175ln -sf ../../lib/libdb-4.1.so /usr/lib</command></screen>
176
177The <command>login</command> and <command>su</command> programs
178installed by <application>Heimdal</application> link against
179<application>Heimdal</application> libraries as well as libraries provided by
180the <application>OpenSSL</application>, <application>Berkeley DB</application>
181and <application>E2fsprogs</application> packages. These libraries are moved
182to <filename class="directory">/lib</filename> to be <acronym>FHS</acronym>
183compliant and also in case <filename class="directory">/usr</filename> is
184located on a separate partition which may not always be mounted.
185</para>
186
187</sect2>
188
189<sect2>
190<title>Configuring <application>Heimdal</application></title>
191
192<sect3><title>Config files</title>
193<para><filename>/etc/heimdal/*</filename></para>
194</sect3>
195
196<sect3><title>Configuration Information</title>
197
198<sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
199
200<para>
201Create the Kerberos configuration file with the following commands:
202</para>
203
204<screen><userinput><command>install -d /etc/heimdal &amp;&amp;
205cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"</command>
206# Begin /etc/heimdal/krb5.conf
207
208[libdefaults]
209 default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
210 encrypt = true
211
212[realms]
213 <replaceable>[EXAMPLE.COM]</replaceable> = {
214 kdc = <replaceable>[hostname.example.com]</replaceable>
215 admin_server = <replaceable>[hostname.example.com]</replaceable>
216 kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
217 }
218
219[domain_realm]
220 .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
221
222[logging]
223 kdc = FILE:/var/log/kdc.log
224 admin_server = FILE:/var/log/kadmin.log
225 default = FILE:/var/log/krb.log
226
227# End /etc/heimdal/krb5.conf
228<command>EOF</command></userinput></screen>
229
230<para>
231You will need to substitute your domain and proper hostname for the
232occurrences of the <replaceable>[hostname]</replaceable> and
233<replaceable>[EXAMPLE.COM]</replaceable> names.
234</para>
235
236<para>
237<userinput>default_realm</userinput> should be the name of your domain changed
238to ALL CAPS. This isn't required, but both <application>Heimdal</application>
239and <application><acronym>MIT</acronym> krb5</application> recommend it.
240</para>
241
242<para>
243<userinput>encrypt = true</userinput> provides encryption of all traffic
244between kerberized clients and servers. It's not necessary and can be left
245off. If you leave it off, you can encrypt all traffic from the client to the
246server using a switch on the client program instead.
247</para>
248
249<para>
250The <userinput>[realms]</userinput> parameters tell the client programs where
251to look for the <acronym>KDC</acronym> authentication services.
252</para>
253
254<para>
255The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
256</para>
257
258<para>
259Store the master password in a key file using the following commands:
260</para>
261
262<screen><userinput><command>install -d -m 755 /var/lib/heimdal &amp;&amp;
263kstash</command></userinput></screen>
264
265<para>
266Create the <acronym>KDC</acronym> database:
267</para>
268
269<screen><userinput><command>kadmin -l</command></userinput></screen>
270
271<para>
272Choose the defaults for now. You can go in later and change the
273defaults, should you feel the need. At the
274<userinput>kadmin&gt;</userinput> prompt, issue the following statement:
275</para>
276
277<screen><userinput><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
278
279<para>
280The database must now be populated with at least one principle (user). For now,
281just use your regular login name or root. You may create as few, or as many
282principles as you wish using the following statement:
283</para>
284
285<screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
286
287<para>
288The <acronym>KDC</acronym> server and any machine running kerberized
289server daemons must have a host key installed:
290</para>
291
292<screen><userinput><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
293
294<para>
295After choosing the defaults when prompted, you will have to export the
296data to a keytab file:
297</para>
298
299<screen><userinput><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
300
301<para>
302This should have created two files in
303<filename class="directory">/etc/heimdal</filename>:
304<filename>krb5.keytab</filename> (Kerberos 5) and
305<filename>srvtab</filename> (Kerberos 4). Both files should have 600
306(root rw only) permissions. Keeping the keytab files from public access
307is crucial to the overall security of the Kerberos installation.
308</para>
309
310<para>
311Eventually, you'll want to add server daemon principles to the database
312and extract them to the keytab file. You do this in the same way you
313created the host principles. Below is an example:
314</para>
315
316<screen><userinput><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
317
318<para>
319(choose the defaults)
320</para>
321
322<screen><userinput><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
323
324<para>
325Exit the <command>kadmin</command> program (use <command>quit</command>
326or <command>exit</command>) and return back to the shell prompt. Start
327the <acronym>KDC</acronym> daemon manually, just to test out the
328installation:
329</para>
330
331<screen><userinput><command>/usr/sbin/kdc &amp;</command></userinput></screen>
332
333<para>
334Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the
335following command:
336</para>
337
338<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
339
340<para>
341You will be prompted for the password you created. After you get your
342ticket, you should list it with the following command:
343</para>
344
345<screen><userinput><command>klist</command></userinput></screen>
346
347<para>
348Information about the ticket should be displayed on the screen.
349</para>
350
351<para>
352To test the functionality of the keytab file, issue the following command:
353</para>
354
355<screen><userinput><command>ktutil list</command></userinput></screen>
356
357<para>
358This should dump a list of the host principals, along with the encryption
359methods used to access the principals.
360</para>
361
362<para>
363At this point, if everything has been successful so far, you can feel
364fairly confident in the installation and configuration of the package.
365</para>
366
367<para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script
368included in the <xref linkend="intro-important-bootscripts"/>
369package:</para>
370
371<screen><userinput><command>make install-heimdal</command></userinput></screen>
372
373</sect4>
374
375<sect4><title>Using Kerberized Client Programs</title>
376
377<para>
378To use the kerberized client programs (<command>telnet</command>,
379<command>ftp</command>, <command>rsh</command>,
380<command>rxterm</command>, <command>rxtelnet</command>,
381<command>rcp</command>, <command>xnlock</command>), you first must get
382a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
383get the ticket. After you've acquired the ticket, you can use the
384kerberized programs to connect to any kerberized server on the network.
385You will not be prompted for authentication until your ticket expires
386(default is one day), unless you specify a different user as a command
387line argument to the program.
388</para>
389
390<para>
391The kerberized programs will connect to non-kerberized daemons, warning
392you that authentication is not encrypted. As mentioned earlier, only the
393<command>ftp</command> program gives any trouble connecting to
394non-kerberized daemons.
395</para>
396
397<para>In order to use the <application>Heimdal</application>
398<application>X</application> programs, you'll need to add a service port
399entry to the <filename>/etc/services</filename> file for the
400<command>kxd</command> server. There is no 'standardized port number' for
401the 'kx' service in the IANA database, so you'll have to pick an unused port
402number. Add an entry to the <filename>services</filename> file similar to the
403entry below (substitute your chosen port number for
404<replaceable>[49150]</replaceable>):</para>
405
406<screen><userinput>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
407kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen>
408
409<para>
410For additional information consult <ulink
411url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
412Heimdal hint</ulink> on which the above instructions are based.
413</para>
414
415</sect4>
416
417</sect3>
418
419</sect2>
420
421<sect2>
422<title>Contents</title>
423
424<para>The <application>Heimdal</application> package contains
425<command>afslog</command>,
426<command>dump_log</command>,
427<command>ftp</command>,
428<command>ftpd</command>,
429<command>hprop</command>,
430<command>hpropd</command>,
431<command>ipropd-master</command>,
432<command>ipropd-slave</command>,
433<command>kadmin</command>,
434<command>kadmind</command>,
435<command>kauth</command>,
436<command>kdc</command>,
437<command>kdestroy</command>,
438<command>kf</command>,
439<command>kfd</command>,
440<command>kgetcred</command>,
441<command>kinit</command>,
442<command>klist</command>,
443<command>kpasswd</command>,
444<command>kpasswdd</command>,
445<command>krb5-config</command>,
446<command>kstash</command>,
447<command>ktutil</command>,
448<command>kx</command>,
449<command>kxd</command>,
450<command>login</command>,
451<command>mk_cmds</command>,
452<command>otp</command>,
453<command>otpprint</command>,
454<command>pagsh</command>,
455<command>pfrom</command>,
456<command>popper</command>,
457<command>push</command>,
458<command>rcp</command>,
459<command>replay_log</command>,
460<command>rsh</command>,
461<command>rshd</command>,
462<command>rxtelnet</command>,
463<command>rxterm</command>,
464<command>string2key</command>,
465<command>su</command>,
466<command>telnet</command>,
467<command>telnetd</command>,
468<command>tenletxr</command>,
469<command>truncate_log</command>,
470<command>verify_krb5_conf</command>,
471<command>xnlock</command>,
472<filename class="libraryfile">libasn1</filename>,
473<filename class="libraryfile">libeditline</filename>,
474<filename class="libraryfile">libgssapi</filename>,
475<filename class="libraryfile">libhdb</filename>,
476<filename class="libraryfile">libkadm5clnt</filename>,
477<filename class="libraryfile">libkadm5srv</filename>,
478<filename class="libraryfile">libkafs</filename>,
479<filename class="libraryfile">libkrb5</filename>,
480<filename class="libraryfile">libotp</filename>,
481<filename class="libraryfile">libroken</filename>,
482<filename class="libraryfile">libsl</filename> and
483<filename class="libraryfile">libss</filename>.
484</para>
485
486</sect2>
487
488<sect2><title>Description</title>
489
490<sect3><title>afslog</title>
491<para><command>afslog</command> obtains <acronym>AFS</acronym> tokens for a
492number of cells.</para></sect3>
493
494<sect3><title>hprop</title>
495<para><command>hprop</command> takes a principal database in a specified
496format and converts it into a stream of <application>Heimdal</application>
497database records.</para></sect3>
498
499<sect3><title>hpropd</title>
500<para><command>hpropd</command> receives a database sent by
501<command>hprop</command> and writes it as a local database.</para></sect3>
502
503<sect3><title>kadmin</title>
504<para><command>kadmin</command> is a utility used to make modifications
505to the Kerberos database.</para></sect3>
506
507<sect3><title>kadmind</title>
508<para><command>kadmind</command> is a server for administrative access
509to the Kerberos database.</para></sect3>
510
511<sect3><title>kauth, kinit</title>
512<para><command>kauth</command> and <command>kinit</command> are used to
513authenticate to the Kerberos server as a principal and acquire a ticket
514granting ticket that can later be used to obtain tickets for other
515services.</para></sect3>
516
517<sect3><title>kdc</title>
518<para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
519
520<sect3><title>kdestroy</title>
521<para><command>kdestroy</command> removes a principle's current set of
522tickets.</para></sect3>
523
524<sect3><title>kf</title>
525<para><command>kf</command> is a program which forwards tickets to a
526remote host through an authenticated and encrypted
527stream.</para></sect3>
528
529<sect3><title>kfd</title>
530<para><command>kfd</command> receives forwarded tickets.</para></sect3>
531
532<sect3><title>kgetcred</title>
533<para><command>kgetcred</command> obtains a ticket for a
534service.</para></sect3>
535
536<sect3><title>klist</title>
537<para><command>klist</command> reads and displays the current tickets in
538the credential cache.</para></sect3>
539
540<sect3><title>kpasswd</title>
541<para><command>kpasswd</command> is a program for changing Kerberos 5
542passwords.</para></sect3>
543
544<sect3><title>kpasswdd</title>
545<para><command>kpasswdd</command> is a Kerberos 5 password changing
546server.</para></sect3>
547
548<sect3><title>krb5-config</title>
549<para><command>krb5-config</command> gives information on how to link
550programs against <application>Heimdal</application> libraries.</para></sect3>
551
552<sect3><title>kstash</title>
553<para><command>kstash</command> stores the <acronym>KDC</acronym> master
554password in a file.</para></sect3>
555
556<sect3><title>ktutil</title>
557<para><command>ktutil</command> is a program for managing Kerberos
558keytabs.</para></sect3>
559
560<sect3><title>kx</title>
561<para><command>kx</command> is a program which securely forwards
562<application>X</application> connections.</para></sect3>
563
564<sect3><title>kxd</title>
565<para><command>kxd</command> is the daemon for
566<command>kx</command>.</para></sect3>
567
568<sect3><title>otp</title>
569<para><command>otp</command> manages one-time passwords.</para></sect3>
570
571<sect3><title>otpprint</title>
572<para><command>otpprint</command> prints lists of one-time
573passwords.</para></sect3>
574
575<sect3><title>rxtelnet</title>
576<para><command>rxtelnet</command> starts an <command>xterm</command>
577window with a telnet to a given host and forwards
578<application>X</application> connections.</para></sect3>
579
580<sect3><title>rxterm</title>
581<para><command>rxterm</command> starts a secure remote
582<command>xterm</command>.</para></sect3>
583
584<sect3><title>string2key</title>
585<para><command>string2key</command> maps a password into a
586key.</para></sect3>
587
588<sect3><title>tenletxr</title>
589<para><command>tenletxr</command> forwards <application>X</application>
590connections backwards.</para></sect3>
591
592<sect3><title>verify_krb5_conf</title>
593<para><command>verify_krb5_conf</command> checks
594<filename>krb5.conf</filename> file for obvious errors.</para></sect3>
595
596<sect3><title>xnlock</title>
597<para><command>xnlock</command> is a program that acts as a secure screen
598saver for workstations running <application>X</application>.</para></sect3>
599
600</sect2>
601
602</sect1>
Note: See TracBrowser for help on using the repository browser.