source: postlfs/security/heimdal.xml@ a1813d08

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since a1813d08 was a1813d08, checked in by Ken Moffat <ken@…>, 13 years ago

Bring forward the openssl-1.0.0 upgrade because of the security fix in 1.0.0b (also in 0.9.8p). This will break the versions of mutt, heimdal, postgresql (probably) and ruby currently in the book if used (it's optional for all of them) - added temporary explanatory para to each of those packages. For openssl itself, bc is no longer required by the testsuite, without it there is a brief whinge hidden in the output, but it still reports that all tests succeedded.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8697 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 46.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "4ce17deae040a3519e542f48fd901f21">
10 <!ENTITY heimdal-size "5.6 MB">
11 <!ENTITY heimdal-buildsize "200 MB">
12 <!ENTITY heimdal-time "4.0 SBU (additional 2.5 SBU to run the test suite)">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <warning>
33 <para>If you are using an LFS-&lfs-version; based system, building
34 <application>Heimdal</application> will overwrite <filename
35 class='libraryfile'>/usr/lib/libcom_err.so</filename> and install an
36 additional <filename class='libraryfile'>libcom_err</filename> library in
37 <filename class='directory'>/usr/lib</filename>. This will directly
38 conflict with the <filename class='libraryfile'>/lib/libcom_err</filename>
39 library installed by the <application>E2fsprogs</application> package in LFS.
40 Both upstream maintainers have taken steps to eliminate this condition.
41 However, the combination that currently exists causes this problem.</para>
42
43 <para>There is a fix for the problem, but it will require you to recompile
44 the LFS-&lfs-version; <application>E2fsprogs</application> package to a
45 newer version than the &lfs-e2fsprogs-version; version used in that book.
46 Any version equal to or greater than the one used in the
47 <ulink url="&lfs-dev;">LFS-Development</ulink> book will do. After
48 recompiling <application>E2fsprogs</application>, you are now ready to
49 install <application>Heimdal</application>.</para>
50 </warning>
51
52 <para><application>Heimdal</application> is a free implementation
53 of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
54 backward compatible with Kerberos 4. Kerberos is a network authentication
55 protocol. Basically it preserves the integrity of passwords in any
56 untrusted network (like the Internet). Kerberized applications work
57 hand-in-hand with sites that support Kerberos to ensure that passwords
58 cannot be stolen or compromised. A Kerberos installation will make changes
59 to the authentication mechanisms on your network and will overwrite several
60 programs and daemons from the <application>Shadow</application>,
61 <application>Inetutils</application> and
62 <application>Qpopper</application> packages. See
63 <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
64 all the files and commands to rename each of them.</para>
65
66 <!-- FIXME -->
67 <para>If you intend to link this application to <xref linkend="openssl"/>
68 you will need to use the heimdal-1.4 series.</para>
69
70 <bridgehead renderas="sect3">Package Information</bridgehead>
71 <itemizedlist spacing="compact">
72 <listitem>
73 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
74 </listitem>
75 <listitem>
76 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
77 </listitem>
78 <listitem>
79 <para>Download MD5 sum: &heimdal-md5sum;</para>
80 </listitem>
81 <listitem>
82 <para>Download size: &heimdal-size;</para>
83 </listitem>
84 <listitem>
85 <para>Estimated disk space required: &heimdal-buildsize;</para>
86 </listitem>
87 <listitem>
88 <para>Estimated build time: &heimdal-time;</para>
89 </listitem>
90 </itemizedlist>
91
92 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
93 <itemizedlist spacing='compact'>
94 <listitem>
95 <para>Required Patch: <ulink
96 url="&patch-root;/heimdal-&heimdal-version;-blfs_docs-1.patch"/></para>
97 </listitem>
98 <!-- <listitem>
99 <para>Required Patch: <ulink
100 url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
101 </listitem> -->
102 </itemizedlist>
103
104 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
105
106 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
107 <para role="required">
108 <xref linkend="db"/> (recommended) or GDBM (GDBM is installed in LFS)</para>
109 <!-- <xref linkend="db"/> is recommended (installed in LFS)
110 or <xref linkend="gdbm"/></para> -->
111
112 <bridgehead renderas="sect4">Recommended</bridgehead>
113 <para role="recommended"><xref linkend="openssl"/></para>
114
115 <bridgehead renderas="sect4">Optional</bridgehead>
116 <para role="optional"><xref linkend="linux-pam"/>,
117 <xref linkend="openldap"/>,
118 <xref linkend="x-window-system"/>, and
119 <ulink url="http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/">libcap2</ulink></para>
120
121 <note>
122 <para>Some sort of time synchronization facility on your system
123 (like <xref linkend="ntp"/>) is required since Kerberos won't
124 authenticate if the time differential between a kerberized client
125 and the KDC server is more than 5 minutes.</para>
126 </note>
127
128 <para condition="html" role="usernotes">User Notes:
129 <ulink url="&blfs-wiki;/heimdal"/></para>
130
131 </sect2>
132
133 <sect2 role="installation">
134 <title>Installation of Heimdal</title>
135
136 <warning>
137 <para>Ensure you really need a Kerberos installation before you decide
138 to install this package. Failure to install and configure the package
139 correctly can alter your system so that users cannot log in.</para>
140 </warning>
141
142 <para>Install <application>Heimdal</application> by running the following
143 commands:</para>
144
145<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-blfs_docs-1.patch &amp;&amp;
146sed -i.bak 's/struct krb5_cccol_cursor/&amp;_data/' \
147 lib/krb5/{krb5.h,cache.c}
148
149./configure --prefix=/usr \
150 --sysconfdir=/etc/heimdal \
151 --libexecdir=/usr/sbin \
152 --localstatedir=/var/lib/heimdal \
153 --datadir=/var/lib/heimdal \
154 --with-hdbdir=/var/lib/heimdal \
155 --with-readline=/usr \
156 --enable-kcm &amp;&amp;
157make</userinput></screen>
158
159 <para>If you have <xref linkend="tetex"/> installed and wish to create
160 alternate forms of the documentation, change into the
161 <filename class='directory'>doc</filename> directory and issue any or all
162 of the following commands (the <command>makeinfo</command> commands do not
163 require a <application>teTex</application> installation:</para>
164
165<screen><userinput>pushd doc &amp;&amp;
166
167make html &amp;&amp;
168
169texi2pdf heimdal.texi &amp;&amp;
170texi2dvi heimdal.texi &amp;&amp;
171dvips -o heimdal.ps heimdal.dvi &amp;&amp;
172makeinfo --plaintext -o heimdal.txt heimdal.texi &amp;&amp;
173
174texi2pdf hx509.texi &amp;&amp;
175texi2dvi hx509.texi &amp;&amp;
176dvips -o hx509.ps hx509.dvi &amp;&amp;
177makeinfo --plaintext -o hx509.txt hx509.texi &amp;&amp;
178
179popd</userinput></screen>
180
181 <para>To test the results, issue: <command>make -k check</command>. The
182 <command>check-ipropd</command> test is known to fail but all others should
183 pass.</para>
184
185 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
186
187<!-- <screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
188mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &amp;&amp;
189mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &amp;&amp;
190mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.e2fsprogs &amp;&amp;
191-->
192
193<screen role="root"><userinput>make install &amp;&amp;
194
195install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
196install -v -m644 doc/{init-creds,layman.asc} \
197 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
198
199ln -sfv mech.5 /usr/share/man/man5/qop.5 &amp;&amp;
200ln -sfv ../man5/mech.5 /usr/share/man/cat5/qop.5 &amp;&amp;
201ln -sfv ../man5/mech.5 /usr/share/man/cat5 &amp;&amp;
202
203mv -v /bin/login /bin/login.SHADOW &amp;&amp;
204mv -v /bin/su /bin/su.SHADOW &amp;&amp;
205mv -v /usr/bin/{login,su} /bin &amp;&amp;
206ln -v -sf ../../bin/login /usr/bin &amp;&amp;
207
208for LINK in \
209 lib{otp,kafs,krb5,hx509,asn1,roken,crypto,heimsqlite,wind}; do
210 mv -v /usr/lib/${LINK}.so.* /lib &amp;&amp;
211 ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
212 /usr/lib/${LINK}.so
213done &amp;&amp;
214
215mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
216 /usr/lib/libdb-?.so \
217 /lib &amp;&amp;
218ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
219 /usr/lib/libdb.so &amp;&amp;
220
221ldconfig</userinput></screen>
222
223<!-- mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.heimdal &amp;&amp;
224mv -v /usr/include/ss/ss.h.e2fsprogs /usr/include/ss/ss.h &amp;&amp;
225mv -v /usr/lib/libss.a /usr/lib/libss.a.heimdal &amp;&amp;
226mv -v /usr/lib/libss.a.e2fsprogs /usr/lib/libss.a &amp;&amp;
227mv -v /usr/lib/libss.so /usr/lib/libss.so.heimdal &amp;&amp;
228mv -v /usr/lib/libss.so.e2fsprogs /usr/lib/libss.so &amp;&amp;
229mv -v /usr/lib/libss.la /usr/lib/libss.la.heimdal &amp;&amp;
230mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.heimdal &amp;&amp;
231mv -v /usr/bin/mk_cmds.e2fsprogs /usr/bin/mk_cmds &amp;&amp; -->
232
233 <para>If you built any of the alternate forms of documentation, install it
234 using the following commands as the
235 <systemitem class="username">root</systemitem> user:</para>
236
237<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf,html,txt} \
238 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
239
240 <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
241 strong passwords in the KDC database, issue the following commands as the
242 <systemitem class="username">root</systemitem> user:</para>
243
244<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
245 -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
246 -e 's|/var/heimdal|/var/lib/heimdal|' \
247 lib/kadm5/check-cracklib.pl \
248 > /bin/krb5-check-cracklib.pl &amp;&amp;
249
250chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
251
252 </sect2>
253
254 <sect2 role="commands">
255 <title>Command Explanations</title>
256
257 <!-- <para><command>mv -v /usr/include/...</command>,
258 <command>mv -v /usr/lib/libss.* ...</command> and
259 <command>mv -v /usr/bin/mk_cmds ...</command>: The
260 <application>Heimdal</application> installation will overwrite an
261 interface header, static library, library symbolic link and a
262 shell script from the
263 <application>E2fsprogs</application> package. These commands rename the
264 original files before the installation, and then restore them (after
265 renaming the new <application>Heimdal</application> files) after the
266 installation.</para> -->
267
268 <para><command>sed -i.bak ... lib/krb5/{krb5.h,cache.c}</command>: This
269 command is an upstream fix for a multiple declaration.</para>
270
271 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
272 the daemon programs to be installed into
273 <filename class="directory">/usr/sbin</filename>.</para>
274
275 <tip>
276 <para>If you want to preserve all your existing
277 <application>Inetutils</application> package daemons, install the
278 <application>Heimdal</application> daemons into
279 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
280 you want). Since these programs will be called from
281 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
282 really doesn't matter where they are installed, as long as they are
283 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
284 and <filename>rc</filename> scripts. If you choose something other than
285 <filename class="directory">/usr/sbin</filename>, you may want to move
286 some of the user programs (such as <command>kadmin</command>) to
287 <filename class="directory">/usr/sbin</filename> manually so they'll be
288 in the privileged user's default <envar>PATH</envar>.</para>
289 </tip>
290
291 <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
292 <parameter>--datadir=/var/lib/heimdal</parameter> and
293 <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
294 are used so that the KDC database and associated files will all reside
295 in <filename class='directory'>/var/lib/heimdal</filename>.</para>
296
297 <para><parameter>--with-readline=/usr</parameter>: This parameter must be
298 used so that the <command>configure</command> script properly locates the
299 installed <application>Readline</application> package.</para>
300
301 <para><parameter>--enable-kcm</parameter>: This parameter enables building
302 the Kerberos Credentials Manager.</para>
303
304 <para><command>ln -sfv .../mech.5 /usr/share/man/...</command>: These
305 commands are used to fix some broken symbolic links.</para>
306
307 <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
308 and <command> ln ... /usr/bin</command>: The <command>login</command>
309 and <command>su</command> programs installed by
310 <application>Heimdal</application> belong in the
311 <filename class="directory">/bin</filename> directory. The
312 <command>login</command> program is symlinked because
313 <application>Heimdal</application> is expecting to find it in
314 <filename class="directory">/usr/bin</filename>. The old executables from
315 the <application>Shadow</application> package are preserved before the move
316 so that they can be restored if you experience problems logging into the
317 system after the <application>Heimdal</application> package is installed
318 and configured.</para>
319
320 <para><command>for LINK in ...; do ...; done</command>,
321 <command>mv ... /lib</command> and
322 <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
323 and <command>su</command> programs previously moved into the
324 <filename class='directory'>/lib</filename> directory link against
325 <application>Heimdal</application> libraries as well as libraries provided
326 by the <application>OpenSSL</application> and
327 <application>Berkeley DB</application> packages. These
328 libraries are also moved to <filename class="directory">/lib</filename>
329 so they are FHS compliant and also in case
330 <filename class="directory">/usr</filename> is located on a separate
331 partition which may not always be mounted.</para>
332
333 </sect2>
334
335 <sect2 role="configuration">
336 <title>Configuring Heimdal</title>
337
338 <sect3 id="heimdal-config">
339 <title>Config Files</title>
340
341 <para><filename>/etc/heimdal/*</filename></para>
342
343 <indexterm zone="heimdal heimdal-config">
344 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
345 </indexterm>
346
347 </sect3>
348
349 <sect3>
350 <title>Configuration Information</title>
351
352 <note>
353 <para>All the configuration steps shown below must be accomplished
354 by the <systemitem class='username'>root</systemitem> user unless
355 otherwise noted.</para>
356 </note>
357
358 <sect4>
359 <title>Master KDC Server Configuration</title>
360
361 <para>Many of the commands below use
362 <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
363 where you need to substitute information specific to your network.
364 Ensure you replace everything in these tags (there will be no angle
365 brackets when you are done) with your site-specific information.</para>
366
367 <para>Create the Kerberos configuration file with the following
368 commands:</para>
369
370<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
371cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
372<literal># Begin /etc/heimdal/krb5.conf
373
374[libdefaults]
375 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
376 encrypt = true
377
378[realms]
379 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
380 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
381 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
382 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
383 }
384
385[domain_realm]
386 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
387
388[logging]
389 kdc = FILE:/var/log/kdc.log
390 admin_server = FILE:/var/log/kadmin.log
391 default = FILE:/var/log/krb.log
392
393# End /etc/heimdal/krb5.conf</literal>
394EOF
395chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
396
397 <para>You will need to substitute your domain and proper hostname
398 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
399 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
400
401 <para><option>default_realm</option> should be the name of your
402 domain changed to ALL CAPS. This isn't required, but both
403 <application>Heimdal</application> and <application>MIT
404 Kerberos</application> recommend it.</para>
405
406 <para><option>encrypt = true</option> provides encryption of all
407 traffic between kerberized clients and servers. It's not necessary
408 and can be left off. If you leave it off, you can encrypt all traffic
409 from the client to the server using a switch on the client program
410 instead. The <option>[realms]</option> parameters tell the client
411 programs where to look for the KDC authentication services. The
412 <option>[domain_realm]</option> section maps a domain
413 to a realm.</para>
414
415 <para>Store the master password in a key file using the following
416 commands:</para>
417
418<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
419kstash</userinput></screen>
420
421 <para>Create the KDC database:</para>
422
423<screen role="root"><userinput>kadmin -l</userinput></screen>
424
425 <para>The commands below will prompt you for information about the
426 principles. Choose the defaults for now unless you know what you are
427 doing and need to specify different values. You can go in later and
428 change the defaults, should you feel the need. You may use the up and
429 down arrow keys to use the history feature of <command>kadmin</command>
430 in a similar manner as the <command>bash</command> history
431 feature.</para>
432
433 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
434 statement:</para>
435
436<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
437
438 <para>The database must now be populated with at least one principle
439 (user). For now, just use your regular login name or root. You may
440 create as few, or as many principles as you wish using the following
441 statement:</para>
442
443<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
444
445 <para>The KDC server and any machine running kerberized
446 server daemons must have a host key installed:</para>
447
448<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
449
450 <para>After choosing the defaults when prompted, you will have to
451 export the data to a keytab file:</para>
452
453<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
454
455 <para>This should have created two files in
456 <filename class="directory">/etc/heimdal</filename>:
457 <filename>krb5.keytab</filename> (Kerberos 5) and
458 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
459 (root rw only) permissions. Keeping the keytab files from public access
460 is crucial to the overall security of the Kerberos installation.</para>
461
462 <para>Eventually, you'll want to add server daemon principles to the
463 database and extract them to the keytab file. You do this in the same
464 way you created the host principles. Below is an example:</para>
465
466<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
467
468 <para>(choose the defaults)</para>
469
470<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
471
472 <para>Exit the <command>kadmin</command> program (use
473 <command>quit</command> or <command>exit</command>) and return back
474 to the shell prompt. Start the KDC daemon manually, just to test out
475 the installation:</para>
476
477<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
478
479 <para>Attempt to get a TGT (ticket granting ticket) with
480 the following command:</para>
481
482<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
483
484 <para>You will be prompted for the password you created. After you get
485 your ticket, you should list it with the following command:</para>
486
487<screen><userinput>klist</userinput></screen>
488
489 <para>Information about the ticket should be displayed on
490 the screen.</para>
491
492 <para>To test the functionality of the <filename>keytab</filename> file,
493 issue the following command:</para>
494
495<screen><userinput>ktutil list</userinput></screen>
496
497 <para>This should dump a list of the host principals, along with the
498 encryption methods used to access the principals.</para>
499
500 <para>At this point, if everything has been successful so far, you
501 can feel fairly confident in the installation, setup and configuration
502 of your new <application>Heimdal</application> Kerberos 5
503 installation.</para>
504
505 <para>If you wish to use the <xref linkend="cracklib"/> library to
506 enforce strong passwords in the KDC database, you must do two things.
507 First, add the following lines to the
508 <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
509
510<screen><literal>[password_quality]
511 policies = builtin:external-check
512 external_program = /bin/krb5-check-cracklib.pl</literal></screen>
513
514 <para>Next you must install the
515 <application>Crypt::Cracklib</application>
516 <application>Perl</application> module. Download it from the CPAN
517 site. The URL at the time of this writing is <ulink
518 url="http://cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.2.tar.gz"/>.
519 After unpacking the tarball and changing into the newly created
520 directory, issue the following command to add the BLFS
521 <application>Cracklib</application> dictionary location to one of the
522 source files:</para>
523
524<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
525
526 <para>Then use the standard <command>perl Makefile.PL</command>;
527 <command>make</command>; <command>make test</command>;
528 <command>make install</command> commands. Note that one test fails
529 due to an unknown reason.</para>
530
531 <para id="heimdal-init">Install the
532 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
533 in the <xref linkend="bootscripts"/> package:</para>
534
535 <indexterm zone="heimdal heimdal-init">
536 <primary sortas="f-heimdal">heimdal</primary>
537 </indexterm>
538
539<screen role="root"><userinput>make install-heimdal</userinput></screen>
540
541 </sect4>
542
543 <sect4>
544 <title>Using Kerberized Client Programs</title>
545
546 <para>To use the kerberized client programs (<command>telnet</command>,
547 <command>ftp</command>, <command>rsh</command>,
548 <command>rxterm</command>, <command>rxtelnet</command>,
549 <command>rcp</command>, <command>xnlock</command>), you first must get
550 a TGT. Use the <command>kinit</command> program to get the ticket.
551 After you've acquired the ticket, you can use the kerberized programs
552 to connect to any kerberized server on the network. You will not be
553 prompted for authentication until your ticket expires (default is one
554 day), unless you specify a different user as a command line argument
555 to the program.</para>
556
557 <para>The kerberized programs will connect to non-kerberized daemons,
558 warning you that authentication is not encrypted.</para>
559
560 <para>In order to use the <application>Heimdal</application>
561 <application>X</application> programs, you'll need to add a service
562 port entry to the <filename>/etc/services</filename> file for the
563 <command>kxd</command> server. There is no 'standardized port number'
564 for the 'kx' service in the IANA database, so you'll have to pick an
565 unused port number. Add an entry to the <filename>services</filename>
566 file similar to the entry below (substitute your chosen port number
567 for <replaceable>&lt;49150&gt;</replaceable>):</para>
568
569<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
570kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
571
572 <para>For additional information consult <ulink
573 url="&hints-root;/downloads/files/heimdal.txt">the
574 Heimdal hint</ulink> on which the above instructions are based.</para>
575
576 </sect4>
577
578 </sect3>
579
580 </sect2>
581
582 <sect2 role="content">
583 <title>Contents</title>
584
585 <segmentedlist>
586 <segtitle>Installed Programs</segtitle>
587 <segtitle>Installed Libraries</segtitle>
588 <segtitle>Installed Directories</segtitle>
589
590 <seglistitem>
591 <seg>afslog, ftp, ftpd, gss, hprop, hpropd, hxtool, iprop-log,
592 ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
593 kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
594 kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
595 ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
596 popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
597 telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
598
599 <seg>hdb_ldap.{so,a}, libasn1.{so,a}, libeditline.{so,a},
600 libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
601 libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
602 libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
603 libsl.{so,a}, libss-krb5.{so,a} and windc.{so,a}</seg>
604
605 <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
606 /usr/include/krb5, /usr/include/roken, /usr/include/ss,
607 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
608 </seglistitem>
609 </segmentedlist>
610
611 <variablelist>
612 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
613 <?dbfo list-presentation="list"?>
614 <?dbhtml list-presentation="table"?>
615
616 <varlistentry id="afslog">
617 <term><command>afslog</command></term>
618 <listitem>
619 <para>obtains AFS tokens for a number of cells.</para>
620 <indexterm zone="heimdal afslog">
621 <primary sortas="b-afslog">afslog</primary>
622 </indexterm>
623 </listitem>
624 </varlistentry>
625
626 <varlistentry id="ftp">
627 <term><command>ftp</command></term>
628 <listitem>
629 <para>is a kerberized FTP client.</para>
630 <indexterm zone="heimdal ftp">
631 <primary sortas="b-ftp">ftp</primary>
632 </indexterm>
633 </listitem>
634 </varlistentry>
635
636 <varlistentry id="ftpd">
637 <term><command>ftpd</command></term>
638 <listitem>
639 <para>is a kerberized FTP daemon.</para>
640 <indexterm zone="heimdal ftpd">
641 <primary sortas="b-ftpd">ftpd</primary>
642 </indexterm>
643 </listitem>
644 </varlistentry>
645
646 <varlistentry id="hprop">
647 <term><command>hprop</command></term>
648 <listitem>
649 <para> takes a principal database in a specified format and converts
650 it into a stream of <application>Heimdal</application> database
651 records.</para>
652 <indexterm zone="heimdal hprop">
653 <primary sortas="b-hprop">hprop</primary>
654 </indexterm>
655 </listitem>
656 </varlistentry>
657
658 <varlistentry id="hpropd">
659 <term><command>hpropd</command></term>
660 <listitem>
661 <para>is a server that receives a database sent by
662 <command>hprop</command> and writes it as a local database.</para>
663 <indexterm zone="heimdal hpropd">
664 <primary sortas="b-hpropd">hpropd</primary>
665 </indexterm>
666 </listitem>
667 </varlistentry>
668
669 <varlistentry id="iprop-log">
670 <term><command>iprop-log</command></term>
671 <listitem>
672 <para>is used to maintain the iprop log file.</para>
673 <indexterm zone="heimdal iprop-log">
674 <primary sortas="b-iprop-log">iprop-log</primary>
675 </indexterm>
676 </listitem>
677 </varlistentry>
678
679 <varlistentry id="ipropd-master">
680 <term><command>ipropd-master</command></term>
681 <listitem>
682 <para>is a daemon which runs on the master KDC
683 server which incrementally propagates changes to the KDC
684 database to the slave KDC servers.</para>
685 <indexterm zone="heimdal ipropd-master">
686 <primary sortas="b-ipropd-master">ipropd-master</primary>
687 </indexterm>
688 </listitem>
689 </varlistentry>
690
691 <varlistentry id="ipropd-slave">
692 <term><command>ipropd-slave</command></term>
693 <listitem>
694 <para>is a daemon which runs on the slave KDC
695 servers which incrementally propagates changes to the KDC
696 database from the master KDC server.</para>
697 <indexterm zone="heimdal ipropd-slave">
698 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
699 </indexterm>
700 </listitem>
701 </varlistentry>
702
703 <varlistentry id="kadmin">
704 <term><command>kadmin</command></term>
705 <listitem>
706 <para>is a utility used to make modifications to the Kerberos
707 database.</para>
708 <indexterm zone="heimdal kadmin">
709 <primary sortas="b-kadmin">kadmin</primary>
710 </indexterm>
711 </listitem>
712 </varlistentry>
713
714 <varlistentry id="kadmind">
715 <term><command>kadmind</command></term>
716 <listitem>
717 <para>is a server for administrative access to the Kerberos
718 database.</para>
719 <indexterm zone="heimdal kadmind">
720 <primary sortas="b-kadmind">kadmind</primary>
721 </indexterm>
722 </listitem>
723 </varlistentry>
724
725 <varlistentry id="kauth">
726 <term><command>kauth</command></term>
727 <listitem>
728 <para>is a symbolic link to the <command>kinit</command>
729 program.</para>
730 <indexterm zone="heimdal kauth">
731 <primary sortas="g-kauth">kauth</primary>
732 </indexterm>
733 </listitem>
734 </varlistentry>
735
736 <varlistentry id="kcm">
737 <term><command>kcm</command></term>
738 <listitem>
739 <para>is a process based credential cache for Kerberos
740 tickets.</para>
741 <indexterm zone="heimdal kcm">
742 <primary sortas="b-kcm">kcm</primary>
743 </indexterm>
744 </listitem>
745 </varlistentry>
746
747 <varlistentry id="kdc">
748 <term><command>kdc</command></term>
749 <listitem>
750 <para>is a Kerberos 5 server.</para>
751 <indexterm zone="heimdal kdc">
752 <primary sortas="b-kdc">kdc</primary>
753 </indexterm>
754 </listitem>
755 </varlistentry>
756
757 <varlistentry id="kdestroy">
758 <term><command>kdestroy</command></term>
759 <listitem>
760 <para>removes a principle's current set of tickets.</para>
761 <indexterm zone="heimdal kdestroy">
762 <primary sortas="b-kdestroy">kdestroy</primary>
763 </indexterm>
764 </listitem>
765 </varlistentry>
766
767 <varlistentry id="kf">
768 <term><command>kf</command></term>
769 <listitem>
770 <para>is a program which forwards tickets to a remote host through
771 an authenticated and encrypted stream.</para>
772 <indexterm zone="heimdal kf">
773 <primary sortas="b-kf">kf</primary>
774 </indexterm>
775 </listitem>
776 </varlistentry>
777
778 <varlistentry id="kfd">
779 <term><command>kfd</command></term>
780 <listitem>
781 <para>is a server used to receive forwarded tickets.</para>
782 <indexterm zone="heimdal kfd">
783 <primary sortas="b-kfd">kfd</primary>
784 </indexterm>
785 </listitem>
786 </varlistentry>
787
788 <varlistentry id="kgetcred">
789 <term><command>kgetcred</command></term>
790 <listitem>
791 <para>obtains a ticket for a service.</para>
792 <indexterm zone="heimdal kgetcred">
793 <primary sortas="b-kgetcred">kgetcred</primary>
794 </indexterm>
795 </listitem>
796 </varlistentry>
797
798 <varlistentry id="kinit">
799 <term><command>kinit</command></term>
800 <listitem>
801 <para>is used to authenticate to the Kerberos server as a principal
802 and acquire a ticket granting ticket that can later be used to obtain
803 tickets for other services.</para>
804 <indexterm zone="heimdal kinit">
805 <primary sortas="b-kinit">kinit</primary>
806 </indexterm>
807 </listitem>
808 </varlistentry>
809
810 <varlistentry id="klist">
811 <term><command>klist</command></term>
812 <listitem>
813 <para>reads and displays the current tickets in the credential
814 cache.</para>
815 <indexterm zone="heimdal klist">
816 <primary sortas="b-klist">klist</primary>
817 </indexterm>
818 </listitem>
819 </varlistentry>
820
821 <varlistentry id="kpasswd">
822 <term><command>kpasswd</command></term>
823 <listitem>
824 <para>is a program for changing Kerberos 5 passwords.</para>
825 <indexterm zone="heimdal kpasswd">
826 <primary sortas="b-kpasswd">kpasswd</primary>
827 </indexterm>
828 </listitem>
829 </varlistentry>
830
831 <varlistentry id="kpasswdd">
832 <term><command>kpasswdd</command></term>
833 <listitem>
834 <para>is a Kerberos 5 password changing server.</para>
835 <indexterm zone="heimdal kpasswdd">
836 <primary sortas="b-kpasswdd">kpasswdd</primary>
837 </indexterm>
838 </listitem>
839 </varlistentry>
840
841 <varlistentry id="krb5-config-prog">
842 <term><command>krb5-config</command></term>
843 <listitem>
844 <para>gives information on how to link programs against
845 <application>Heimdal</application> libraries.</para>
846 <indexterm zone="heimdal krb5-config-prog">
847 <primary sortas="b-krb5-config">krb5-config</primary>
848 </indexterm>
849 </listitem>
850 </varlistentry>
851
852 <varlistentry id="kstash">
853 <term><command>kstash</command></term>
854 <listitem>
855 <para>stores the KDC master password in a file.</para>
856 <indexterm zone="heimdal kstash">
857 <primary sortas="b-kstash">kstash</primary>
858 </indexterm>
859 </listitem>
860 </varlistentry>
861
862 <varlistentry id="ktutil">
863 <term><command>ktutil</command></term>
864 <listitem>
865 <para>is a program for managing Kerberos keytabs.</para>
866 <indexterm zone="heimdal ktutil">
867 <primary sortas="b-ktutil">ktutil</primary>
868 </indexterm>
869 </listitem>
870 </varlistentry>
871
872 <varlistentry id="kx">
873 <term><command>kx</command></term>
874 <listitem>
875 <para>is a program which securely forwards
876 <application>X</application> connections.</para>
877 <indexterm zone="heimdal kx">
878 <primary sortas="b-kx">kx</primary>
879 </indexterm>
880 </listitem>
881 </varlistentry>
882
883 <varlistentry id="kxd">
884 <term><command>kxd</command></term>
885 <listitem>
886 <para>is the daemon for <command>kx</command>.</para>
887 <indexterm zone="heimdal kxd">
888 <primary sortas="b-kxd">kxd</primary>
889 </indexterm>
890 </listitem>
891 </varlistentry>
892
893 <varlistentry id="login">
894 <term><command>login</command></term>
895 <listitem>
896 <para>is a kerberized login program.</para>
897 <indexterm zone="heimdal login">
898 <primary sortas="b-login">login</primary>
899 </indexterm>
900 </listitem>
901 </varlistentry>
902
903 <varlistentry id="otp">
904 <term><command>otp</command></term>
905 <listitem>
906 <para>manages one-time passwords.</para>
907 <indexterm zone="heimdal otp">
908 <primary sortas="b-otp">otp</primary>
909 </indexterm>
910 </listitem>
911 </varlistentry>
912
913 <varlistentry id="otpprint">
914 <term><command>otpprint</command></term>
915 <listitem>
916 <para>prints lists of one-time passwords.</para>
917 <indexterm zone="heimdal otpprint">
918 <primary sortas="b-otpprint">otpprint</primary>
919 </indexterm>
920 </listitem>
921 </varlistentry>
922
923 <varlistentry id="pfrom">
924 <term><command>pfrom</command></term>
925 <listitem>
926 <para>is a script that runs <command>push --from</command>.</para>
927 <indexterm zone="heimdal pfrom">
928 <primary sortas="b-pfrom">pfrom</primary>
929 </indexterm>
930 </listitem>
931 </varlistentry>
932
933 <varlistentry id="popper">
934 <term><command>popper</command></term>
935 <listitem>
936 <para>is a kerberized POP-3 server.</para>
937 <indexterm zone="heimdal popper">
938 <primary sortas="b-popper">popper</primary>
939 </indexterm>
940 </listitem>
941 </varlistentry>
942
943 <varlistentry id="push">
944 <term><command>push</command></term>
945 <listitem>
946 <para>is a kerberized POP mail retrieval client.</para>
947 <indexterm zone="heimdal push">
948 <primary sortas="b-push">push</primary>
949 </indexterm>
950 </listitem>
951 </varlistentry>
952
953 <varlistentry id="rcp">
954 <term><command>rcp</command></term>
955 <listitem>
956 <para>is a kerberized rcp client program.</para>
957 <indexterm zone="heimdal rcp">
958 <primary sortas="b-rcp">rcp</primary>
959 </indexterm>
960 </listitem>
961 </varlistentry>
962
963 <varlistentry id="rsh">
964 <term><command>rsh</command></term>
965 <listitem>
966 <para>is a kerberized rsh client program.</para>
967 <indexterm zone="heimdal rsh">
968 <primary sortas="b-rsh">rsh</primary>
969 </indexterm>
970 </listitem>
971 </varlistentry>
972
973 <varlistentry id="rshd">
974 <term><command>rshd</command></term>
975 <listitem>
976 <para>is a kerberized rsh server.</para>
977 <indexterm zone="heimdal rshd">
978 <primary sortas="b-rshd">rshd</primary>
979 </indexterm>
980 </listitem>
981 </varlistentry>
982
983 <varlistentry id="rxtelnet">
984 <term><command>rxtelnet</command></term>
985 <listitem>
986 <para>starts a secure <command>xterm</command> window with a
987 <command>telnet</command> to a given host and forwards
988 <application>X</application> connections.</para>
989 <indexterm zone="heimdal rxtelnet">
990 <primary sortas="b-rxtelnet">rxtelnet</primary>
991 </indexterm>
992 </listitem>
993 </varlistentry>
994
995 <varlistentry id="rxterm">
996 <term><command>rxterm</command></term>
997 <listitem>
998 <para>starts a secure remote <command>xterm</command>.</para>
999 <indexterm zone="heimdal rxterm">
1000 <primary sortas="b-rxterm">rxterm</primary>
1001 </indexterm>
1002 </listitem>
1003 </varlistentry>
1004
1005 <varlistentry id="string2key">
1006 <term><command>string2key</command></term>
1007 <listitem>
1008 <para>maps a password into a key.</para>
1009 <indexterm zone="heimdal string2key">
1010 <primary sortas="b-string2key">string2key</primary>
1011 </indexterm>
1012 </listitem>
1013 </varlistentry>
1014
1015 <varlistentry id="su">
1016 <term><command>su</command></term>
1017 <listitem>
1018 <para>is a kerberized su client program.</para>
1019 <indexterm zone="heimdal su">
1020 <primary sortas="b-su">su</primary>
1021 </indexterm>
1022 </listitem>
1023 </varlistentry>
1024
1025 <varlistentry id="telnet">
1026 <term><command>telnet</command></term>
1027 <listitem>
1028 <para>is a kerberized telnet client program.</para>
1029 <indexterm zone="heimdal telnet">
1030 <primary sortas="b-telnet">telnet</primary>
1031 </indexterm>
1032 </listitem>
1033 </varlistentry>
1034
1035 <varlistentry id="telnetd">
1036 <term><command>telnetd</command></term>
1037 <listitem>
1038 <para>is a kerberized telnet server.</para>
1039 <indexterm zone="heimdal telnetd">
1040 <primary sortas="b-telnetd">telnetd</primary>
1041 </indexterm>
1042 </listitem>
1043 </varlistentry>
1044
1045 <varlistentry id="tenletxr">
1046 <term><command>tenletxr</command></term>
1047 <listitem>
1048 <para>forwards <application>X</application> connections
1049 backwards.</para>
1050 <indexterm zone="heimdal tenletxr">
1051 <primary sortas="b-tenletxr">tenletxr</primary>
1052 </indexterm>
1053 </listitem>
1054 </varlistentry>
1055
1056 <varlistentry id="verify_krb5_conf">
1057 <term><command>verify_krb5_conf</command></term>
1058 <listitem>
1059 <para>checks <filename>krb5.conf</filename> file for obvious
1060 errors.</para>
1061 <indexterm zone="heimdal verify_krb5_conf">
1062 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
1063 </indexterm>
1064 </listitem>
1065 </varlistentry>
1066
1067 <varlistentry id="xnlock">
1068 <term><command>xnlock</command></term>
1069 <listitem>
1070 <para>is a program that acts as a secure screen saver for
1071 workstations running <application>X</application>.</para>
1072 <indexterm zone="heimdal xnlock">
1073 <primary sortas="b-xnlock">xnlock</primary>
1074 </indexterm>
1075 </listitem>
1076 </varlistentry>
1077
1078 <varlistentry id="libasn1">
1079 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1080 <listitem>
1081 <para>provides the ASN.1 and DER functions to encode and decode
1082 the Kerberos TGTs.</para>
1083 <indexterm zone="heimdal libasn1">
1084 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
1085 </indexterm>
1086 </listitem>
1087 </varlistentry>
1088
1089 <varlistentry id="libeditline">
1090 <term><filename class='libraryfile'>libeditline.a</filename></term>
1091 <listitem>
1092 <para>is a command-line editing library with history.</para>
1093 <indexterm zone="heimdal libeditline">
1094 <primary sortas="c-libeditline">libeditline.a</primary>
1095 </indexterm>
1096 </listitem>
1097 </varlistentry>
1098
1099 <varlistentry id="libgssapi">
1100 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1101 <listitem>
1102 <para>contain the Generic Security Service Application Programming
1103 Interface (GSSAPI) functions which provides security
1104 services to callers in a generic fashion, supportable with a range of
1105 underlying mechanisms and technologies and hence allowing source-level
1106 portability of applications to different environments.</para>
1107 <indexterm zone="heimdal libgssapi">
1108 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1109 </indexterm>
1110 </listitem>
1111 </varlistentry>
1112
1113 <varlistentry id="libhdb">
1114 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1115 <listitem>
1116 <para>is a <application>Heimdal</application> Kerberos 5
1117 authentication/authorization database access library.</para>
1118 <indexterm zone="heimdal libhdb">
1119 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1120 </indexterm>
1121 </listitem>
1122 </varlistentry>
1123
1124 <varlistentry id="libkadm5clnt">
1125 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1126 <listitem>
1127 <para>contains the administrative authentication and password
1128 checking functions required by Kerberos 5 client-side programs.</para>
1129 <indexterm zone="heimdal libkadm5clnt">
1130 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1131 </indexterm>
1132 </listitem>
1133 </varlistentry>
1134
1135 <varlistentry id="libkadm5srv">
1136 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1137 <listitem>
1138 <para>contain the administrative authentication and password
1139 checking functions required by Kerberos 5 servers.</para>
1140 <indexterm zone="heimdal libkadm5srv">
1141 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1142 </indexterm>
1143 </listitem>
1144 </varlistentry>
1145
1146 <varlistentry id="libkafs">
1147 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1148 <listitem>
1149 <para>contains the functions required to authenticated to AFS.</para>
1150 <indexterm zone="heimdal libkafs">
1151 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1152 </indexterm>
1153 </listitem>
1154 </varlistentry>
1155
1156 <varlistentry id="libkrb5">
1157 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1158 <listitem>
1159 <para>is an all-purpose Kerberos 5 library.</para>
1160 <indexterm zone="heimdal libkrb5">
1161 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1162 </indexterm>
1163 </listitem>
1164 </varlistentry>
1165
1166 <varlistentry id="libotp">
1167 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1168 <listitem>
1169 <para>contains the functions required to handle authenticating
1170 one time passwords.</para>
1171 <indexterm zone="heimdal libotp">
1172 <primary sortas="c-libotp">libotp.{so,a}</primary>
1173 </indexterm>
1174 </listitem>
1175 </varlistentry>
1176
1177 <varlistentry id="libroken">
1178 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1179 <listitem>
1180 <para>is a library containing Kerberos 5 compatibility
1181 functions.</para>
1182 <indexterm zone="heimdal libroken">
1183 <primary sortas="c-libroken">libroken.{so,a}</primary>
1184 </indexterm>
1185 </listitem>
1186 </varlistentry>
1187
1188 </variablelist>
1189
1190 </sect2>
1191
1192</sect1>
Note: See TracBrowser for help on using the repository browser.