1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 |
|
---|
7 | <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
|
---|
8 | <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
|
---|
9 | <!ENTITY heimdal-size "3.3 MB">
|
---|
10 | <!ENTITY heimdal-buildsize "70 MB">
|
---|
11 | <!ENTITY heimdal-time "2.18 SBU">
|
---|
12 | ]>
|
---|
13 |
|
---|
14 | <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
|
---|
15 | <sect1info>
|
---|
16 | <othername>$LastChangedBy$</othername>
|
---|
17 | <date>$Date$</date>
|
---|
18 | </sect1info>
|
---|
19 | <?dbhtml filename="heimdal.html"?>
|
---|
20 | <title>Heimdal-&heimdal-version;</title>
|
---|
21 | <indexterm zone="heimdal">
|
---|
22 | <primary sortas="a-Heimdal">Heimdal</primary>
|
---|
23 | </indexterm>
|
---|
24 |
|
---|
25 | <sect2>
|
---|
26 | <title>Introduction to <application>Heimdal</application></title>
|
---|
27 |
|
---|
28 | <para><application>Heimdal</application> is a free implementation of Kerberos
|
---|
29 | 5, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
|
---|
30 | compatible with krb4. Kerberos is a network authentication protocol. Basically
|
---|
31 | it preserves the integrity of passwords in any untrusted network (like the
|
---|
32 | Internet). Kerberized applications work hand-in-hand with sites that support
|
---|
33 | Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
|
---|
34 | will make changes to the authentication mechanisms on your network and will
|
---|
35 | overwrite several programs and daemons from the
|
---|
36 | <application>Coreutils</application>, <application>Inetutils</application>,
|
---|
37 | <application>Qpopper</application> and <application>Shadow</application>
|
---|
38 | packages.</para>
|
---|
39 |
|
---|
40 | <sect3><title>Package information</title>
|
---|
41 | <itemizedlist spacing='compact'>
|
---|
42 | <listitem><para>Download (HTTP):
|
---|
43 | <ulink url="&heimdal-download-http;"/></para></listitem>
|
---|
44 | <listitem><para>Download (FTP):
|
---|
45 | <ulink url="&heimdal-download-ftp;"/></para></listitem>
|
---|
46 | <listitem><para>Download size: &heimdal-size;</para></listitem>
|
---|
47 | <listitem><para>Estimated disk space required:
|
---|
48 | &heimdal-buildsize;</para></listitem>
|
---|
49 | <listitem><para>Estimated build time:
|
---|
50 | &heimdal-time;</para></listitem></itemizedlist>
|
---|
51 | </sect3>
|
---|
52 |
|
---|
53 | <sect3><title>Additional downloads</title>
|
---|
54 | <itemizedlist spacing='compact'>
|
---|
55 | <listitem><para>Required Patch: <ulink
|
---|
56 | url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
|
---|
57 | </listitem>
|
---|
58 | <listitem><para>Required patch for cracklib: <ulink
|
---|
59 | url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
|
---|
60 | </listitem>
|
---|
61 | </itemizedlist>
|
---|
62 |
|
---|
63 | </sect3>
|
---|
64 |
|
---|
65 | <sect3><title><application>Heimdal</application> dependencies</title>
|
---|
66 | <sect4><title>Required</title>
|
---|
67 | <para><xref linkend="openssl"/> and
|
---|
68 | <xref linkend="db"/></para>
|
---|
69 | </sect4>
|
---|
70 |
|
---|
71 | <sect4><title>Optional</title>
|
---|
72 | <para><xref linkend="Linux_PAM"/>,
|
---|
73 | <xref linkend="openldap"/>,
|
---|
74 | X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
|
---|
75 | <xref linkend="cracklib"/> and
|
---|
76 | <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
|
---|
77 |
|
---|
78 | <note><para>Some sort of time synchronization facility on your system (like
|
---|
79 | <xref linkend="ntp"/>) is required since Kerberos won't authenticate if the
|
---|
80 | time differential between a kerberized client and the
|
---|
81 | <acronym>KDC</acronym> server is more than 5 minutes.</para></note>
|
---|
82 | </sect4>
|
---|
83 |
|
---|
84 | </sect3>
|
---|
85 |
|
---|
86 | </sect2>
|
---|
87 |
|
---|
88 | <sect2>
|
---|
89 | <title>Installation of <application>Heimdal</application></title>
|
---|
90 |
|
---|
91 | <para>Before installing the package, you may want to preserve the
|
---|
92 | <command>ftp</command> program from the <application>Inetutils</application>
|
---|
93 | package. This is because using the <application>Heimdal</application>
|
---|
94 | <command>ftp</command> program to connect to non-kerberized ftp servers may
|
---|
95 | not work properly. It will allow you to connect (letting you know that
|
---|
96 | transmission of the password is clear text) but will have problems doing puts
|
---|
97 | and gets. Issue the following command as the root user.</para>
|
---|
98 |
|
---|
99 | <screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
|
---|
100 |
|
---|
101 | <para>If you wish the <application>Heimdal</application> package to link
|
---|
102 | against the <application>cracklib</application> library, you must apply a
|
---|
103 | patch:</para>
|
---|
104 |
|
---|
105 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
|
---|
106 |
|
---|
107 | <para>Install <application>Heimdal</application> by running the following
|
---|
108 | commands:</para>
|
---|
109 |
|
---|
110 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
|
---|
111 | ./configure --prefix=/usr --sysconfdir=/etc/heimdal \
|
---|
112 | --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
|
---|
113 | --libexecdir=/usr/sbin --enable-shared \
|
---|
114 | --with-openssl=/usr --with-readline=/usr &&
|
---|
115 | make</command></userinput></screen>
|
---|
116 |
|
---|
117 | <para>Now, as the root user:</para>
|
---|
118 |
|
---|
119 | <screen><userinput role='root'><command>make install &&
|
---|
120 | mv /bin/login /bin/login.shadow &&
|
---|
121 | mv /bin/su /bin/su.shadow &&
|
---|
122 | mv /usr/bin/{login,su} /bin &&
|
---|
123 | ln -sf ../../bin/login /usr/bin &&
|
---|
124 | mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
|
---|
125 | /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &&
|
---|
126 | ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
|
---|
127 | /usr/lib &&
|
---|
128 | ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
|
---|
129 | /usr/lib &&
|
---|
130 | ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
|
---|
131 | /usr/lib &&
|
---|
132 | ldconfig</command></userinput></screen>
|
---|
133 |
|
---|
134 | </sect2>
|
---|
135 |
|
---|
136 | <sect2>
|
---|
137 | <title>Command explanations</title>
|
---|
138 |
|
---|
139 | <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the
|
---|
140 | daemon programs into <filename class="directory">/usr/sbin</filename>.
|
---|
141 | </para>
|
---|
142 |
|
---|
143 | <note><para>
|
---|
144 | If you want to preserve all your existing <application>Inetutils</application>
|
---|
145 | package daemons, install the <application>Heimdal</application> daemons into
|
---|
146 | <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you
|
---|
147 | want). Since these programs will be called from <command>(x)inetd</command> or
|
---|
148 | <filename>rc</filename> scripts, it really doesn't matter where they are
|
---|
149 | installed, as long as they are correctly specified in the
|
---|
150 | <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
|
---|
151 | scripts. If you choose something other than
|
---|
152 | <filename class="directory">/usr/sbin</filename>, you may want to move some of
|
---|
153 | the user programs (such as <command>kadmin</command>) to
|
---|
154 | <filename class="directory">/usr/sbin</filename> manually so they'll be in the
|
---|
155 | privileged user's default path.</para></note>
|
---|
156 |
|
---|
157 | <para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The
|
---|
158 | <command>login</command> and <command>su</command> programs installed by
|
---|
159 | <application>Heimdal</application> belong in the
|
---|
160 | <filename class="directory">/bin</filename> directory. The
|
---|
161 | <command>login</command> program is symlinked because
|
---|
162 | <application>Heimdal</application> is expecting to find it in
|
---|
163 | <filename class="directory">/usr/bin</filename>. The old executables are
|
---|
164 | preserved before the move to keep things sane should breaks occur.</para>
|
---|
165 |
|
---|
166 | <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The
|
---|
167 | <command>login</command> and <command>su</command> programs installed by
|
---|
168 | <application>Heimdal</application> link against
|
---|
169 | <application>Heimdal</application> libraries as well as libraries provided by
|
---|
170 | the <application>Open<acronym>SSL</acronym></application> and
|
---|
171 | <application>Berkeley <acronym>DB</acronym></application> packages. These
|
---|
172 | libraries are moved to <filename class="directory">/lib</filename> to be
|
---|
173 | <acronym>FHS</acronym> compliant and also in case
|
---|
174 | <filename class="directory">/usr</filename> is located on a separate partition
|
---|
175 | which may not always be mounted.</para>
|
---|
176 |
|
---|
177 | </sect2>
|
---|
178 |
|
---|
179 | <sect2>
|
---|
180 | <title>Configuring <application>Heimdal</application></title>
|
---|
181 |
|
---|
182 | <sect3 id="heimdal-config"><title>Config files</title>
|
---|
183 | <para><filename>/etc/heimdal/*</filename></para>
|
---|
184 | <indexterm zone="heimdal heimdal-config">
|
---|
185 | <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
|
---|
186 | </indexterm>
|
---|
187 | </sect3>
|
---|
188 |
|
---|
189 | <sect3><title>Configuration Information</title>
|
---|
190 |
|
---|
191 | <sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
|
---|
192 |
|
---|
193 | <para>Create the Kerberos configuration file with the following
|
---|
194 | commands:</para>
|
---|
195 |
|
---|
196 | <screen><userinput role='root'><command>install -d /etc/heimdal &&
|
---|
197 | cat > /etc/heimdal/krb5.conf << "EOF"</command>
|
---|
198 | # Begin /etc/heimdal/krb5.conf
|
---|
199 |
|
---|
200 | [libdefaults]
|
---|
201 | default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
|
---|
202 | encrypt = true
|
---|
203 |
|
---|
204 | [realms]
|
---|
205 | <replaceable>[EXAMPLE.COM]</replaceable> = {
|
---|
206 | kdc = <replaceable>[hostname.example.com]</replaceable>
|
---|
207 | admin_server = <replaceable>[hostname.example.com]</replaceable>
|
---|
208 | kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
|
---|
209 | }
|
---|
210 |
|
---|
211 | [domain_realm]
|
---|
212 | .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
|
---|
213 |
|
---|
214 | [logging]
|
---|
215 | kdc = FILE:/var/log/kdc.log
|
---|
216 | admin_server = FILE:/var/log/kadmin.log
|
---|
217 | default = FILE:/var/log/krb.log
|
---|
218 |
|
---|
219 | # End /etc/heimdal/krb5.conf
|
---|
220 | <command>EOF</command></userinput></screen>
|
---|
221 |
|
---|
222 | <para>You will need to substitute your domain and proper hostname for the
|
---|
223 | occurrences of the <replaceable>[hostname]</replaceable> and
|
---|
224 | <replaceable>[EXAMPLE.COM]</replaceable> names.</para>
|
---|
225 |
|
---|
226 | <para><userinput>default_realm</userinput> should be the name of your domain
|
---|
227 | changed to ALL CAPS. This isn't required, but both
|
---|
228 | <application>Heimdal</application> and <application><acronym>MIT</acronym>
|
---|
229 | krb5</application> recommend it.</para>
|
---|
230 |
|
---|
231 | <para><userinput>encrypt = true</userinput> provides encryption of all traffic
|
---|
232 | between kerberized clients and servers. It's not necessary and can be left
|
---|
233 | off. If you leave it off, you can encrypt all traffic from the client to the
|
---|
234 | server using a switch on the client program instead.</para>
|
---|
235 |
|
---|
236 | <para>The <userinput>[realms]</userinput> parameters tell the client programs
|
---|
237 | where to look for the <acronym>KDC</acronym> authentication services.</para>
|
---|
238 |
|
---|
239 | <para>The <userinput>[domain_realm]</userinput> section maps a domain to a
|
---|
240 | realm.</para>
|
---|
241 |
|
---|
242 | <para>Store the master password in a key file using the following
|
---|
243 | commands:</para>
|
---|
244 |
|
---|
245 | <screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal &&
|
---|
246 | kstash</command></userinput></screen>
|
---|
247 |
|
---|
248 | <para>Create the <acronym>KDC</acronym> database:</para>
|
---|
249 |
|
---|
250 | <screen><userinput role='root'><command>kadmin -l</command></userinput></screen>
|
---|
251 |
|
---|
252 | <para>Choose the defaults for now. You can go in later and change the
|
---|
253 | defaults, should you feel the need. At the
|
---|
254 | <userinput>kadmin></userinput> prompt, issue the following statement:</para>
|
---|
255 |
|
---|
256 | <screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
|
---|
257 |
|
---|
258 | <para>The database must now be populated with at least one principle (user).
|
---|
259 | For now, just use your regular login name or root. You may create as few, or
|
---|
260 | as many principles as you wish using the following statement:</para>
|
---|
261 |
|
---|
262 | <screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
263 |
|
---|
264 | <para>The <acronym>KDC</acronym> server and any machine running kerberized
|
---|
265 | server daemons must have a host key installed:</para>
|
---|
266 |
|
---|
267 | <screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
268 |
|
---|
269 | <para>After choosing the defaults when prompted, you will have to export the
|
---|
270 | data to a keytab file:</para>
|
---|
271 |
|
---|
272 | <screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
273 |
|
---|
274 | <para>This should have created two files in
|
---|
275 | <filename class="directory">/etc/heimdal</filename>:
|
---|
276 | <filename>krb5.keytab</filename> (Kerberos 5) and
|
---|
277 | <filename>srvtab</filename> (Kerberos 4). Both files should have 600
|
---|
278 | (root rw only) permissions. Keeping the keytab files from public access
|
---|
279 | is crucial to the overall security of the Kerberos installation.</para>
|
---|
280 |
|
---|
281 | <para>Eventually, you'll want to add server daemon principles to the database
|
---|
282 | and extract them to the keytab file. You do this in the same way you created
|
---|
283 | the host principles. Below is an example:</para>
|
---|
284 |
|
---|
285 | <screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
286 |
|
---|
287 | <para>(choose the defaults)</para>
|
---|
288 |
|
---|
289 | <screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
|
---|
290 |
|
---|
291 | <para>Exit the <command>kadmin</command> program (use <command>quit</command>
|
---|
292 | or <command>exit</command>) and return back to the shell prompt. Start
|
---|
293 | the <acronym>KDC</acronym> daemon manually, just to test out the
|
---|
294 | installation:</para>
|
---|
295 |
|
---|
296 | <screen><userinput role='root'><command>/usr/sbin/kdc &</command></userinput></screen>
|
---|
297 |
|
---|
298 | <para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with
|
---|
299 | the following command:</para>
|
---|
300 |
|
---|
301 | <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
302 |
|
---|
303 | <para>You will be prompted for the password you created. After you get your
|
---|
304 | ticket, you should list it with the following command:</para>
|
---|
305 |
|
---|
306 | <screen><userinput><command>klist</command></userinput></screen>
|
---|
307 |
|
---|
308 | <para>Information about the ticket should be displayed on the screen.</para>
|
---|
309 |
|
---|
310 | <para>To test the functionality of the keytab file, issue the following
|
---|
311 | command:</para>
|
---|
312 |
|
---|
313 | <screen><userinput><command>ktutil list</command></userinput></screen>
|
---|
314 |
|
---|
315 | <para>This should dump a list of the host principals, along with the encryption
|
---|
316 | methods used to access the principals.</para>
|
---|
317 |
|
---|
318 | <para>At this point, if everything has been successful so far, you can feel
|
---|
319 | fairly confident in the installation and configuration of the package.</para>
|
---|
320 |
|
---|
321 | <para id="heimdal-init">Install the
|
---|
322 | <filename>/etc/rc.d/init.d/heimdal</filename> init script included in the
|
---|
323 | <xref linkend="intro-important-bootscripts"/> package:</para>
|
---|
324 | <indexterm zone="heimdal heimdal-init">
|
---|
325 | <primary sortas="f-heimdal">heimdal</primary>
|
---|
326 | </indexterm>
|
---|
327 |
|
---|
328 | <screen><userinput role='root'><command>make install-heimdal</command></userinput></screen>
|
---|
329 | </sect4>
|
---|
330 |
|
---|
331 | <sect4><title>Using Kerberized Client Programs</title>
|
---|
332 |
|
---|
333 | <para>To use the kerberized client programs (<command>telnet</command>,
|
---|
334 | <command>ftp</command>, <command>rsh</command>,
|
---|
335 | <command>rxterm</command>, <command>rxtelnet</command>,
|
---|
336 | <command>rcp</command>, <command>xnlock</command>), you first must get
|
---|
337 | a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
|
---|
338 | get the ticket. After you've acquired the ticket, you can use the
|
---|
339 | kerberized programs to connect to any kerberized server on the network.
|
---|
340 | You will not be prompted for authentication until your ticket expires
|
---|
341 | (default is one day), unless you specify a different user as a command
|
---|
342 | line argument to the program.</para>
|
---|
343 |
|
---|
344 | <para>The kerberized programs will connect to non-kerberized daemons, warning
|
---|
345 | you that authentication is not encrypted. As mentioned earlier, only the
|
---|
346 | <command>ftp</command> program gives any trouble connecting to
|
---|
347 | non-kerberized daemons.</para>
|
---|
348 |
|
---|
349 | <para>In order to use the <application>Heimdal</application>
|
---|
350 | <application>X</application> programs, you'll need to add a service port
|
---|
351 | entry to the <filename>/etc/services</filename> file for the
|
---|
352 | <command>kxd</command> server. There is no 'standardized port number' for
|
---|
353 | the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to
|
---|
354 | pick an unused port number. Add an entry to the <filename>services</filename>
|
---|
355 | file similar to the entry below (substitute your chosen port number for
|
---|
356 | <replaceable>[49150]</replaceable>):</para>
|
---|
357 |
|
---|
358 | <screen><userinput role='root'>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
|
---|
359 | kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen>
|
---|
360 |
|
---|
361 | <para>For additional information consult <ulink
|
---|
362 | url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
|
---|
363 | Heimdal hint</ulink> on which the above instructions are based.</para>
|
---|
364 | </sect4>
|
---|
365 | </sect3>
|
---|
366 |
|
---|
367 | </sect2>
|
---|
368 |
|
---|
369 | <sect2>
|
---|
370 | <title>Contents</title>
|
---|
371 |
|
---|
372 | <segmentedlist>
|
---|
373 | <segtitle>Installed Programs</segtitle>
|
---|
374 | <segtitle>Installed Libraries</segtitle>
|
---|
375 | <segtitle>Installed Directories</segtitle>
|
---|
376 |
|
---|
377 | <seglistitem>
|
---|
378 | <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave,
|
---|
379 | kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist,
|
---|
380 | kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp,
|
---|
381 | otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet,
|
---|
382 | rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log,
|
---|
383 | verify_krb5_conf and xnlock</seg>
|
---|
384 | <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
|
---|
385 | libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
|
---|
386 | libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg>
|
---|
387 | <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and
|
---|
388 | /var/lib/heimdal</seg>
|
---|
389 | </seglistitem>
|
---|
390 | </segmentedlist>
|
---|
391 |
|
---|
392 | <variablelist>
|
---|
393 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
394 | <?dbfo list-presentation="list"?>
|
---|
395 |
|
---|
396 | <varlistentry id="afslog">
|
---|
397 | <term><command>afslog</command></term>
|
---|
398 | <listitem><para>obtains <acronym>AFS</acronym> tokens for a number of
|
---|
399 | cells.</para>
|
---|
400 | <indexterm zone="heimdal afslog">
|
---|
401 | <primary sortas="b-afslog">afslog</primary>
|
---|
402 | </indexterm></listitem>
|
---|
403 | </varlistentry>
|
---|
404 |
|
---|
405 | <varlistentry id="ftp">
|
---|
406 | <term><command>ftp</command></term>
|
---|
407 | <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
|
---|
408 | <indexterm zone="heimdal ftp">
|
---|
409 | <primary sortas="b-ftp">ftp</primary>
|
---|
410 | </indexterm></listitem>
|
---|
411 | </varlistentry>
|
---|
412 |
|
---|
413 | <varlistentry id="ftpd">
|
---|
414 | <term><command>ftpd</command></term>
|
---|
415 | <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
|
---|
416 | <indexterm zone="heimdal ftpd">
|
---|
417 | <primary sortas="b-ftpd">ftpd</primary>
|
---|
418 | </indexterm></listitem>
|
---|
419 | </varlistentry>
|
---|
420 |
|
---|
421 | <varlistentry id="hprop">
|
---|
422 | <term><command>hprop</command></term>
|
---|
423 | <listitem><para> takes a principal database in a specified format and converts
|
---|
424 | it into a stream of <application>Heimdal</application> database records.</para>
|
---|
425 | <indexterm zone="heimdal hprop">
|
---|
426 | <primary sortas="b-hprop">hprop</primary>
|
---|
427 | </indexterm></listitem>
|
---|
428 | </varlistentry>
|
---|
429 |
|
---|
430 | <varlistentry id="hpropd">
|
---|
431 | <term><command>hpropd</command></term>
|
---|
432 | <listitem><para>is a server that receives a database sent by
|
---|
433 | <command>hprop</command> and writes it as a local database.</para>
|
---|
434 | <indexterm zone="heimdal hpropd">
|
---|
435 | <primary sortas="b-hpropd">hpropd</primary>
|
---|
436 | </indexterm></listitem>
|
---|
437 | </varlistentry>
|
---|
438 |
|
---|
439 | <varlistentry id="ipropd-master">
|
---|
440 | <term><command>ipropd-master</command></term>
|
---|
441 | <listitem><para>is a daemon which runs on the master <acronym>KDC</acronym>
|
---|
442 | server which incrementally propogates changes to the <acronym>KDC</acronym>
|
---|
443 | database to the slave <acronym>KDC</acronym> servers.</para>
|
---|
444 | <indexterm zone="heimdal ipropd-master">
|
---|
445 | <primary sortas="b-ipropd-master">ipropd-master</primary>
|
---|
446 | </indexterm></listitem>
|
---|
447 | </varlistentry>
|
---|
448 |
|
---|
449 | <varlistentry id="ipropd-slave">
|
---|
450 | <term><command>ipropd-slave</command></term>
|
---|
451 | <listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym>
|
---|
452 | servers which incrementally propogates changes to the <acronym>KDC</acronym>
|
---|
453 | database from the master <acronym>KDC</acronym> server.</para>
|
---|
454 | <indexterm zone="heimdal ipropd-slave">
|
---|
455 | <primary sortas="b-ipropd-slave">ipropd-slave</primary>
|
---|
456 | </indexterm></listitem>
|
---|
457 | </varlistentry>
|
---|
458 |
|
---|
459 | <varlistentry id="kadmin">
|
---|
460 | <term><command>kadmin</command></term>
|
---|
461 | <listitem><para>is a utility used to make modifications to the Kerberos
|
---|
462 | database.</para>
|
---|
463 | <indexterm zone="heimdal kadmin">
|
---|
464 | <primary sortas="b-kadmin">kadmin</primary>
|
---|
465 | </indexterm></listitem>
|
---|
466 | </varlistentry>
|
---|
467 |
|
---|
468 | <varlistentry id="kadmind">
|
---|
469 | <term><command>kadmind</command></term>
|
---|
470 | <listitem><para>is a server for administrative access to the Kerberos
|
---|
471 | database.</para>
|
---|
472 | <indexterm zone="heimdal kadmind">
|
---|
473 | <primary sortas="b-kadmind">kadmind</primary>
|
---|
474 | </indexterm></listitem>
|
---|
475 | </varlistentry>
|
---|
476 |
|
---|
477 | <varlistentry id="kauth">
|
---|
478 | <term><command>kauth</command></term>
|
---|
479 | <listitem><para>is a symbolic link to the <command>kinit</command>
|
---|
480 | program.</para>
|
---|
481 | <indexterm zone="heimdal kauth">
|
---|
482 | <primary sortas="g-kauth">kauth</primary>
|
---|
483 | </indexterm></listitem>
|
---|
484 | </varlistentry>
|
---|
485 |
|
---|
486 | <varlistentry id="kdc">
|
---|
487 | <term><command>kdc</command></term>
|
---|
488 | <listitem><para>is a Kerberos 5 server.</para>
|
---|
489 | <indexterm zone="heimdal kdc">
|
---|
490 | <primary sortas="b-kdc">kdc</primary>
|
---|
491 | </indexterm></listitem>
|
---|
492 | </varlistentry>
|
---|
493 |
|
---|
494 | <varlistentry id="kdestroy">
|
---|
495 | <term><command>kdestroy</command></term>
|
---|
496 | <listitem><para>removes a principle's current set of tickets.</para>
|
---|
497 | <indexterm zone="heimdal kdestroy">
|
---|
498 | <primary sortas="b-kdestroy">kdestroy</primary>
|
---|
499 | </indexterm></listitem>
|
---|
500 | </varlistentry>
|
---|
501 |
|
---|
502 | <varlistentry id="kf">
|
---|
503 | <term><command>kf</command></term>
|
---|
504 | <listitem><para>is a program which forwards tickets to a remote host through
|
---|
505 | an authenticated and encrypted stream.</para>
|
---|
506 | <indexterm zone="heimdal kf">
|
---|
507 | <primary sortas="b-kf">kf</primary>
|
---|
508 | </indexterm></listitem>
|
---|
509 | </varlistentry>
|
---|
510 |
|
---|
511 | <varlistentry id="kfd">
|
---|
512 | <term><command>kfd</command></term>
|
---|
513 | <listitem><para>is a server used to receive forwarded tickets.</para>
|
---|
514 | <indexterm zone="heimdal kfd">
|
---|
515 | <primary sortas="b-kfd">kfd</primary>
|
---|
516 | </indexterm></listitem>
|
---|
517 | </varlistentry>
|
---|
518 |
|
---|
519 | <varlistentry id="kgetcred">
|
---|
520 | <term><command>kgetcred</command></term>
|
---|
521 | <listitem><para>obtains a ticket for a service.</para>
|
---|
522 | <indexterm zone="heimdal kgetcred">
|
---|
523 | <primary sortas="b-kgetcred">kgetcred</primary>
|
---|
524 | </indexterm></listitem>
|
---|
525 | </varlistentry>
|
---|
526 |
|
---|
527 | <varlistentry id="kinit">
|
---|
528 | <term><command>kinit</command></term>
|
---|
529 | <listitem><para>is used to authenticate to the Kerberos server as a principal
|
---|
530 | and acquire a ticket granting ticket that can later be used to obtain tickets
|
---|
531 | for other services.</para>
|
---|
532 | <indexterm zone="heimdal kinit">
|
---|
533 | <primary sortas="b-kinit">kinit</primary>
|
---|
534 | </indexterm></listitem>
|
---|
535 | </varlistentry>
|
---|
536 |
|
---|
537 | <varlistentry id="klist">
|
---|
538 | <term><command>klist</command></term>
|
---|
539 | <listitem><para>reads and displays the current tickets in the credential
|
---|
540 | cache.</para>
|
---|
541 | <indexterm zone="heimdal klist">
|
---|
542 | <primary sortas="b-klist">klist</primary>
|
---|
543 | </indexterm></listitem>
|
---|
544 | </varlistentry>
|
---|
545 |
|
---|
546 | <varlistentry id="kpasswd">
|
---|
547 | <term><command>kpasswd</command></term>
|
---|
548 | <listitem><para>is a program for changing Kerberos 5 passwords.</para>
|
---|
549 | <indexterm zone="heimdal kpasswd">
|
---|
550 | <primary sortas="b-kpasswd">kpasswd</primary>
|
---|
551 | </indexterm></listitem>
|
---|
552 | </varlistentry>
|
---|
553 |
|
---|
554 | <varlistentry id="kpasswdd">
|
---|
555 | <term><command>kpasswdd</command></term>
|
---|
556 | <listitem><para>is a Kerberos 5 password changing server.</para>
|
---|
557 | <indexterm zone="heimdal kpasswdd">
|
---|
558 | <primary sortas="b-kpasswdd">kpasswdd</primary>
|
---|
559 | </indexterm></listitem>
|
---|
560 | </varlistentry>
|
---|
561 |
|
---|
562 | <varlistentry id="krb5-config-prog">
|
---|
563 | <term><command>krb5-config</command></term>
|
---|
564 | <listitem><para>gives information on how to link programs against
|
---|
565 | <application>Heimdal</application> libraries.</para>
|
---|
566 | <indexterm zone="heimdal krb5-config-prog">
|
---|
567 | <primary sortas="b-krb5-config">krb5-config</primary>
|
---|
568 | </indexterm></listitem>
|
---|
569 | </varlistentry>
|
---|
570 |
|
---|
571 | <varlistentry id="kstash">
|
---|
572 | <term><command>kstash</command></term>
|
---|
573 | <listitem><para>stores the <acronym>KDC</acronym> master password in a
|
---|
574 | file.</para>
|
---|
575 | <indexterm zone="heimdal kstash">
|
---|
576 | <primary sortas="b-kstash">kstash</primary>
|
---|
577 | </indexterm></listitem>
|
---|
578 | </varlistentry>
|
---|
579 |
|
---|
580 | <varlistentry id="ktutil">
|
---|
581 | <term><command>ktutil</command></term>
|
---|
582 | <listitem><para>is a program for managing Kerberos keytabs.</para>
|
---|
583 | <indexterm zone="heimdal ktutil">
|
---|
584 | <primary sortas="b-ktutil">ktutil</primary>
|
---|
585 | </indexterm></listitem>
|
---|
586 | </varlistentry>
|
---|
587 |
|
---|
588 | <varlistentry id="kx">
|
---|
589 | <term><command>kx</command></term>
|
---|
590 | <listitem><para>is a program which securely forwards
|
---|
591 | <application>X</application> connections.</para>
|
---|
592 | <indexterm zone="heimdal kx">
|
---|
593 | <primary sortas="b-kx">kx</primary>
|
---|
594 | </indexterm></listitem>
|
---|
595 | </varlistentry>
|
---|
596 |
|
---|
597 | <varlistentry id="kxd">
|
---|
598 | <term><command>kxd</command></term>
|
---|
599 | <listitem><para>is the daemon for <command>kx</command>.</para>
|
---|
600 | <indexterm zone="heimdal kxd">
|
---|
601 | <primary sortas="b-kxd">kxd</primary>
|
---|
602 | </indexterm></listitem>
|
---|
603 | </varlistentry>
|
---|
604 |
|
---|
605 | <varlistentry id="login">
|
---|
606 | <term><command>login</command></term>
|
---|
607 | <listitem><para>is a kerberized login program.</para>
|
---|
608 | <indexterm zone="heimdal login">
|
---|
609 | <primary sortas="b-login">login</primary>
|
---|
610 | </indexterm></listitem>
|
---|
611 | </varlistentry>
|
---|
612 |
|
---|
613 | <varlistentry id="otp">
|
---|
614 | <term><command>otp</command></term>
|
---|
615 | <listitem><para>manages one-time passwords.</para>
|
---|
616 | <indexterm zone="heimdal otp">
|
---|
617 | <primary sortas="b-otp">otp</primary>
|
---|
618 | </indexterm></listitem>
|
---|
619 | </varlistentry>
|
---|
620 |
|
---|
621 | <varlistentry id="otpprint">
|
---|
622 | <term><command>otpprint</command></term>
|
---|
623 | <listitem><para>prints lists of one-time passwords.</para>
|
---|
624 | <indexterm zone="heimdal otpprint">
|
---|
625 | <primary sortas="b-otpprint">otpprint</primary>
|
---|
626 | </indexterm></listitem>
|
---|
627 | </varlistentry>
|
---|
628 |
|
---|
629 | <varlistentry id="pfrom">
|
---|
630 | <term><command>pfrom</command></term>
|
---|
631 | <listitem><para>is a script that runs <command>push --from</command>.</para>
|
---|
632 | <indexterm zone="heimdal pfrom">
|
---|
633 | <primary sortas="b-pfrom">pfrom</primary>
|
---|
634 | </indexterm></listitem>
|
---|
635 | </varlistentry>
|
---|
636 |
|
---|
637 | <varlistentry id="popper">
|
---|
638 | <term><command>popper</command></term>
|
---|
639 | <listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para>
|
---|
640 | <indexterm zone="heimdal popper">
|
---|
641 | <primary sortas="b-popper">popper</primary>
|
---|
642 | </indexterm></listitem>
|
---|
643 | </varlistentry>
|
---|
644 |
|
---|
645 | <varlistentry id="push">
|
---|
646 | <term><command>push</command></term>
|
---|
647 | <listitem><para>is a kerberized <acronym>POP</acronym> mail retreival
|
---|
648 | client.</para>
|
---|
649 | <indexterm zone="heimdal push">
|
---|
650 | <primary sortas="b-push">push</primary>
|
---|
651 | </indexterm></listitem>
|
---|
652 | </varlistentry>
|
---|
653 |
|
---|
654 | <varlistentry id="rcp">
|
---|
655 | <term><command>rcp</command></term>
|
---|
656 | <listitem><para>is a kerberized rcp client program.</para>
|
---|
657 | <indexterm zone="heimdal rcp">
|
---|
658 | <primary sortas="b-rcp">rcp</primary>
|
---|
659 | </indexterm></listitem>
|
---|
660 | </varlistentry>
|
---|
661 |
|
---|
662 | <varlistentry id="rsh">
|
---|
663 | <term><command>rsh</command></term>
|
---|
664 | <listitem><para>is a kerberized rsh client program.</para>
|
---|
665 | <indexterm zone="heimdal rsh">
|
---|
666 | <primary sortas="b-rsh">rsh</primary>
|
---|
667 | </indexterm></listitem>
|
---|
668 | </varlistentry>
|
---|
669 |
|
---|
670 | <varlistentry id="rshd">
|
---|
671 | <term><command>rshd</command></term>
|
---|
672 | <listitem><para>is a kerberized rsh server.</para>
|
---|
673 | <indexterm zone="heimdal rshd">
|
---|
674 | <primary sortas="b-rshd">rshd</primary>
|
---|
675 | </indexterm></listitem>
|
---|
676 | </varlistentry>
|
---|
677 |
|
---|
678 | <varlistentry id="rxtelnet">
|
---|
679 | <term><command>rxtelnet</command></term>
|
---|
680 | <listitem><para>starts a secure <command>xterm</command> window with a
|
---|
681 | <command>telnet</command> to a given host and forwards
|
---|
682 | <application>X</application> connections.</para>
|
---|
683 | <indexterm zone="heimdal rxtelnet">
|
---|
684 | <primary sortas="b-rxtelnet">rxtelnet</primary>
|
---|
685 | </indexterm></listitem>
|
---|
686 | </varlistentry>
|
---|
687 |
|
---|
688 | <varlistentry id="rxterm">
|
---|
689 | <term><command>rxterm</command></term>
|
---|
690 | <listitem><para>starts a secure remote <command>xterm</command>.</para>
|
---|
691 | <indexterm zone="heimdal rxterm">
|
---|
692 | <primary sortas="b-rxterm">rxterm</primary>
|
---|
693 | </indexterm></listitem>
|
---|
694 | </varlistentry>
|
---|
695 |
|
---|
696 | <varlistentry id="string2key">
|
---|
697 | <term><command>string2key</command></term>
|
---|
698 | <listitem><para>maps a password into a key.</para>
|
---|
699 | <indexterm zone="heimdal string2key">
|
---|
700 | <primary sortas="b-string2key">string2key</primary>
|
---|
701 | </indexterm></listitem>
|
---|
702 | </varlistentry>
|
---|
703 |
|
---|
704 | <varlistentry id="su">
|
---|
705 | <term><command>su</command></term>
|
---|
706 | <listitem><para>is a kerberized su client program.</para>
|
---|
707 | <indexterm zone="heimdal su">
|
---|
708 | <primary sortas="b-su">su</primary>
|
---|
709 | </indexterm></listitem>
|
---|
710 | </varlistentry>
|
---|
711 |
|
---|
712 | <varlistentry id="telnet">
|
---|
713 | <term><command>telnet</command></term>
|
---|
714 | <listitem><para>is a kerberized telnet client program.</para>
|
---|
715 | <indexterm zone="heimdal telnet">
|
---|
716 | <primary sortas="b-telnet">telnet</primary>
|
---|
717 | </indexterm></listitem>
|
---|
718 | </varlistentry>
|
---|
719 |
|
---|
720 | <varlistentry id="telnetd">
|
---|
721 | <term><command>telnetd</command></term>
|
---|
722 | <listitem><para>is a kerberized telnet server.</para>
|
---|
723 | <indexterm zone="heimdal telnetd">
|
---|
724 | <primary sortas="b-telnetd">telnetd</primary>
|
---|
725 | </indexterm></listitem>
|
---|
726 | </varlistentry>
|
---|
727 |
|
---|
728 | <varlistentry id="tenletxr">
|
---|
729 | <term><command>tenletxr</command></term>
|
---|
730 | <listitem><para>forwards <application>X</application> connections
|
---|
731 | backwards.</para>
|
---|
732 | <indexterm zone="heimdal tenletxr">
|
---|
733 | <primary sortas="b-tenletxr">tenletxr</primary>
|
---|
734 | </indexterm></listitem>
|
---|
735 | </varlistentry>
|
---|
736 |
|
---|
737 | <varlistentry id="verify_krb5_conf">
|
---|
738 | <term><command>verify_krb5_conf</command></term>
|
---|
739 | <listitem><para>checks <filename>krb5.conf</filename> file for obvious
|
---|
740 | errors.</para>
|
---|
741 | <indexterm zone="heimdal verify_krb5_conf">
|
---|
742 | <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
|
---|
743 | </indexterm></listitem>
|
---|
744 | </varlistentry>
|
---|
745 |
|
---|
746 | <varlistentry id="xnlock">
|
---|
747 | <term><command>xnlock</command></term>
|
---|
748 | <listitem><para>is a program that acts as a secure screen saver for
|
---|
749 | workstations running <application>X</application>.</para>
|
---|
750 | <indexterm zone="heimdal xnlock">
|
---|
751 | <primary sortas="b-xnlock">xnlock</primary>
|
---|
752 | </indexterm></listitem>
|
---|
753 | </varlistentry>
|
---|
754 |
|
---|
755 | <varlistentry id="libasn1">
|
---|
756 | <term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
|
---|
757 | <listitem><para>provides the ASN.1 and DER functions to encode and decode
|
---|
758 | the Kerberos TGTs.</para>
|
---|
759 | <indexterm zone="heimdal libasn1">
|
---|
760 | <primary sortas="c-libasn1">libasn1.[so,a]</primary>
|
---|
761 | </indexterm></listitem>
|
---|
762 | </varlistentry>
|
---|
763 |
|
---|
764 | <varlistentry id="libeditline">
|
---|
765 | <term><filename class='libraryfile'>libeditline.a</filename></term>
|
---|
766 | <listitem><para>is a command-line editing library with history.</para>
|
---|
767 | <indexterm zone="heimdal libeditline">
|
---|
768 | <primary sortas="c-libeditline">libeditline.a</primary>
|
---|
769 | </indexterm></listitem>
|
---|
770 | </varlistentry>
|
---|
771 |
|
---|
772 | <varlistentry id="libgssapi">
|
---|
773 | <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
|
---|
774 | <listitem><para>contain the Generic Security Service Application Programming
|
---|
775 | Interface (<acronym>GSSAPI</acronym>) functions which provides security
|
---|
776 | services to callers in a generic fashion, supportable with a range of
|
---|
777 | underlying mechanisms and technologies and hence allowing source-level
|
---|
778 | portability of applications to different environments.</para>
|
---|
779 | <indexterm zone="heimdal libgssapi">
|
---|
780 | <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
|
---|
781 | </indexterm></listitem>
|
---|
782 | </varlistentry>
|
---|
783 |
|
---|
784 | <varlistentry id="libhdb">
|
---|
785 | <term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
|
---|
786 | <listitem><para>is a <application>Heimdal</application> Kerberos 5
|
---|
787 | authentication/authorization database access library.</para>
|
---|
788 | <indexterm zone="heimdal libhdb">
|
---|
789 | <primary sortas="c-libhdb">libhdb.[so,a]</primary>
|
---|
790 | </indexterm></listitem>
|
---|
791 | </varlistentry>
|
---|
792 |
|
---|
793 | <varlistentry id="libkadm5clnt">
|
---|
794 | <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
|
---|
795 | <listitem><para>contains the administrative authentication and password
|
---|
796 | checking functions required by Kerberos 5 client-side programs.</para>
|
---|
797 | <indexterm zone="heimdal libkadm5clnt">
|
---|
798 | <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
|
---|
799 | </indexterm></listitem>
|
---|
800 | </varlistentry>
|
---|
801 |
|
---|
802 | <varlistentry id="libkadm5srv">
|
---|
803 | <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
|
---|
804 | <listitem><para>contain the administrative authentication and password
|
---|
805 | checking functions required by Kerberos 5 servers.</para>
|
---|
806 | <indexterm zone="heimdal libkadm5srv">
|
---|
807 | <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
|
---|
808 | </indexterm></listitem>
|
---|
809 | </varlistentry>
|
---|
810 |
|
---|
811 | <varlistentry id="libkafs">
|
---|
812 | <term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
|
---|
813 | <listitem><para>contains the functions required to authenticated to AFS.</para>
|
---|
814 | <indexterm zone="heimdal libkafs">
|
---|
815 | <primary sortas="c-libkafs">libkafs.[so,a]</primary>
|
---|
816 | </indexterm></listitem>
|
---|
817 | </varlistentry>
|
---|
818 |
|
---|
819 | <varlistentry id="libkrb5">
|
---|
820 | <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
|
---|
821 | <listitem><para>is an all-purpose Kerberos 5 library.</para>
|
---|
822 | <indexterm zone="heimdal libkrb5">
|
---|
823 | <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
|
---|
824 | </indexterm></listitem>
|
---|
825 | </varlistentry>
|
---|
826 |
|
---|
827 | <varlistentry id="libotp">
|
---|
828 | <term><filename class='libraryfile'>libotp.[so,a]</filename></term>
|
---|
829 | <listitem><para>contains the functions required to handle authenticating
|
---|
830 | one time passwords.</para>
|
---|
831 | <indexterm zone="heimdal libotp">
|
---|
832 | <primary sortas="c-libotp">libotp.[so,a]</primary>
|
---|
833 | </indexterm></listitem>
|
---|
834 | </varlistentry>
|
---|
835 |
|
---|
836 | <varlistentry id="libroken">
|
---|
837 | <term><filename class='libraryfile'>libroken.[so,a]</filename></term>
|
---|
838 | <listitem><para>is a library containing Kerberos 5 compatibility
|
---|
839 | functions.</para>
|
---|
840 | <indexterm zone="heimdal libroken">
|
---|
841 | <primary sortas="c-libroken">libroken.[so,a]</primary>
|
---|
842 | </indexterm></listitem>
|
---|
843 | </varlistentry>
|
---|
844 |
|
---|
845 | </variablelist>
|
---|
846 |
|
---|
847 | </sect2>
|
---|
848 |
|
---|
849 | </sect1>
|
---|