1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 |
|
---|
7 | <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
|
---|
8 | <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
|
---|
9 | <!ENTITY heimdal-size "3.2 MB">
|
---|
10 | <!ENTITY heimdal-buildsize "142 MB">
|
---|
11 | <!ENTITY heimdal-time "2.55 SBU">
|
---|
12 | ]>
|
---|
13 |
|
---|
14 | <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
|
---|
15 | <?dbhtml filename="heimdal.html"?>
|
---|
16 | <title>Heimdal-&heimdal-version;</title>
|
---|
17 |
|
---|
18 | <sect2>
|
---|
19 | <title>Introduction to <application>Heimdal</application></title>
|
---|
20 |
|
---|
21 | <para> <application>Heimdal</application> is a free implementation of Kerberos
|
---|
22 | 5, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
|
---|
23 | compatible with krb4. Kerberos is a network authentication protocol. Basically
|
---|
24 | it preserves the integrity of passwords in any untrusted network (like the
|
---|
25 | Internet). Kerberized applications work hand-in-hand with sites that support
|
---|
26 | Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
|
---|
27 | will make changes to the authentication mechanisms on your network and will
|
---|
28 | overwrite several programs and daemons from the Coreutils, Inetutils, Qpopper
|
---|
29 | and Shadow packages. </para>
|
---|
30 |
|
---|
31 | <sect3><title>Package information</title>
|
---|
32 | <itemizedlist spacing='compact'>
|
---|
33 | <listitem><para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para></listitem>
|
---|
34 | <listitem><para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para></listitem>
|
---|
35 | <listitem><para>Download size: &heimdal-size;</para></listitem>
|
---|
36 | <listitem><para>Estimated Disk space required: &heimdal-buildsize;</para></listitem>
|
---|
37 | <listitem><para>Estimated build time: &heimdal-time;</para></listitem></itemizedlist>
|
---|
38 | </sect3>
|
---|
39 |
|
---|
40 | <sect3><title>Additional downloads</title>
|
---|
41 | <itemizedlist spacing='compact'>
|
---|
42 | <listitem><para>Required patch: <ulink
|
---|
43 | url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
|
---|
44 | </listitem>
|
---|
45 | <listitem><para>Required patch for cracklib: <ulink
|
---|
46 | url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
|
---|
47 | </listitem>
|
---|
48 | </itemizedlist>
|
---|
49 |
|
---|
50 | </sect3>
|
---|
51 |
|
---|
52 | <sect3><title><application>Heimdal</application> dependencies</title>
|
---|
53 | <sect4><title>Required</title>
|
---|
54 | <para>
|
---|
55 | <xref linkend="openssl"/> and
|
---|
56 | <xref linkend="db"/>
|
---|
57 | </para></sect4>
|
---|
58 | <sect4><title>Optional</title>
|
---|
59 | <para>
|
---|
60 | <xref linkend="readline"/>,
|
---|
61 | <xref linkend="Linux_PAM"/>,
|
---|
62 | <xref linkend="openldap"/>,
|
---|
63 | X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
|
---|
64 | <xref linkend="cracklib"/> and
|
---|
65 | <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
|
---|
66 | </para>
|
---|
67 |
|
---|
68 | <note><para>
|
---|
69 | Some sort of time synchronization facility on your system (like <xref
|
---|
70 | linkend="ntp"/>) is required since Kerberos won't authenticate if the
|
---|
71 | time differential between a kerberized client and the
|
---|
72 | <acronym>KDC</acronym> server is more than 5 minutes.</para></note>
|
---|
73 | </sect4>
|
---|
74 |
|
---|
75 | </sect3>
|
---|
76 |
|
---|
77 | </sect2>
|
---|
78 |
|
---|
79 | <sect2>
|
---|
80 | <title>Installation of <application>Heimdal</application></title>
|
---|
81 |
|
---|
82 | <para>
|
---|
83 | Before installing the package, you may want to preserve the
|
---|
84 | <command>ftp</command> program from the Inetutils package. This is
|
---|
85 | because using the Heimdal <command>ftp</command> program to connect to
|
---|
86 | non kerberized ftp servers may not work properly. It will allow you to
|
---|
87 | connect (letting you know that transmission of the password is clear
|
---|
88 | text) but will have problems doing puts and gets.
|
---|
89 | </para>
|
---|
90 |
|
---|
91 | <screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
|
---|
92 |
|
---|
93 | <para>
|
---|
94 | If you wish the Heimdal package to link against the cracklib library,
|
---|
95 | you must apply a patch:
|
---|
96 | </para>
|
---|
97 |
|
---|
98 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
|
---|
99 |
|
---|
100 | <para>Install <application>Heimdal</application> by running the following commands:</para>
|
---|
101 |
|
---|
102 | <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &&
|
---|
103 | ./configure --prefix=/usr --sysconfdir=/etc/heimdal \
|
---|
104 | --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \
|
---|
105 | --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \
|
---|
106 | --enable-shared --with-openssl=/usr &&
|
---|
107 | make &&
|
---|
108 | make install &&
|
---|
109 | mv /bin/login /bin/login.shadow &&
|
---|
110 | mv /bin/su /bin/su.coreutils &&
|
---|
111 | mv /usr/bin/{login,su} /bin &&
|
---|
112 | ln -sf ../../bin/login /usr/bin &&
|
---|
113 | mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &&
|
---|
114 | mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &&
|
---|
115 | mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &&
|
---|
116 | mv /usr/lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /lib &&
|
---|
117 | ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib &&
|
---|
118 | ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib &&
|
---|
119 | ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib &&
|
---|
120 | ln -sf ../../lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /usr/lib &&
|
---|
121 | ldconfig</command></userinput></screen>
|
---|
122 |
|
---|
123 | </sect2>
|
---|
124 |
|
---|
125 | <sect2>
|
---|
126 | <title>Command explanations</title>
|
---|
127 |
|
---|
128 | <para><parameter>--libexecdir=/usr/sbin</parameter>:
|
---|
129 | This switch puts the daemon programs into <filename
|
---|
130 | class="directory">/usr/sbin</filename>.
|
---|
131 | </para>
|
---|
132 |
|
---|
133 | <note><para>
|
---|
134 | If you want to preserve all your existing Inetutils package daemons,
|
---|
135 | install the Heimdal daemons into <filename
|
---|
136 | class="directory">/usr/sbin/heimdal</filename> (or wherever you want).
|
---|
137 | Since these programs will be called from <command>(x)inetd</command> or
|
---|
138 | <command>rc</command> scripts, it really doesn't matter where they live,
|
---|
139 | as long as they are correctly specified in the
|
---|
140 | <filename>/etc/(x)inetd.conf</filename> file and <command>rc</command>
|
---|
141 | scripts. If you choose something other than <filename
|
---|
142 | class="directory">/usr/sbin</filename>, you may want to move some of the
|
---|
143 | user programs (such as <command>kadmin</command>) to <filename
|
---|
144 | class="directory">/usr/sbin</filename> manually.
|
---|
145 | </para></note>
|
---|
146 |
|
---|
147 | <para>
|
---|
148 | <screen><command>mv /bin/login /bin/login.shadow
|
---|
149 | mv /bin/su /bin/su.coreutils
|
---|
150 | mv /usr/bin/{login,su} /bin
|
---|
151 | ln -sf ../../bin/login /usr/bin</command></screen>
|
---|
152 | The <command>login</command> and <command>su</command> programs
|
---|
153 | installed by Heimdal belong in the <filename
|
---|
154 | class="directory">/bin</filename> directory. The
|
---|
155 | <command>login</command> program is symlinked because Heimdal is expecting
|
---|
156 | to find it in <filename class="directory">/usr/bin</filename>. We
|
---|
157 | preserve the old executables before the move to keep things sane should
|
---|
158 | breaks occur.
|
---|
159 | </para>
|
---|
160 |
|
---|
161 | <para>
|
---|
162 | <screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
|
---|
163 | mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
|
---|
164 | mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
|
---|
165 | mv /usr/lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /lib
|
---|
166 | ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib
|
---|
167 | ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib
|
---|
168 | ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib
|
---|
169 | ln -sf ../../lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /usr/lib</command></screen>
|
---|
170 | The <command>login</command> and <command>su</command> programs
|
---|
171 | installed by Heimdal link against Heimdal libraries as well as crypto
|
---|
172 | and db libraries. We move these libraries to <filename
|
---|
173 | class="directory">/lib</filename> to be <acronym>FHS</acronym>
|
---|
174 | compliant and in case when <filename
|
---|
175 | class="directory">/usr</filename> is located on a separate partition which
|
---|
176 | may not always be mounted.
|
---|
177 | </para>
|
---|
178 |
|
---|
179 | </sect2>
|
---|
180 |
|
---|
181 | <sect2>
|
---|
182 | <title>Configuring Heimdal</title>
|
---|
183 |
|
---|
184 | <sect3><title>Config files</title>
|
---|
185 | <para><filename>/etc/heimdal/*</filename></para>
|
---|
186 | </sect3>
|
---|
187 |
|
---|
188 | <sect3><title>Configuration Information</title>
|
---|
189 |
|
---|
190 | <sect4><title>Master KDC Server Configuration</title>
|
---|
191 |
|
---|
192 | <para>
|
---|
193 | Create the Kerberos configuration file with the following command:
|
---|
194 | </para>
|
---|
195 |
|
---|
196 | <screen><userinput><command>install -d /etc/heimdal &&
|
---|
197 | cat > /etc/heimdal/krb5.conf << "EOF"</command>
|
---|
198 | # Begin /etc/heimdal/krb5.conf
|
---|
199 |
|
---|
200 | [libdefaults]
|
---|
201 | default_realm = <replaceable>[LFS.ORG]</replaceable>
|
---|
202 | encrypt = true
|
---|
203 |
|
---|
204 | [realms]
|
---|
205 | <replaceable>[LFS.ORG]</replaceable> = {
|
---|
206 | kdc = <replaceable>[belgarath.lfs.org]</replaceable>
|
---|
207 | admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
|
---|
208 | kpasswd_server = <replaceable>[belgarath.lfs.org]</replaceable>
|
---|
209 | }
|
---|
210 |
|
---|
211 | [domain_realm]
|
---|
212 | .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
|
---|
213 |
|
---|
214 | [logging]
|
---|
215 | kdc = FILE:/var/log/kdc.log
|
---|
216 | admin_server = FILE:/var/log/kadmin.log
|
---|
217 | default = FILE:/var/log/krb.log
|
---|
218 |
|
---|
219 | # End /etc/heimdal/krb5.conf
|
---|
220 | <command>EOF</command></userinput></screen>
|
---|
221 |
|
---|
222 | <para>
|
---|
223 | You will need to substitute your domain and proper hostname for the
|
---|
224 | occurances of the belgarath and lfs.org names.
|
---|
225 | </para>
|
---|
226 |
|
---|
227 | <para>
|
---|
228 | <userinput>default_realm</userinput> should be the name of your domain changed to ALL CAPS.
|
---|
229 | This isn't required, but both Heimdal and <acronym>MIT</acronym>
|
---|
230 | recommend it.
|
---|
231 | </para>
|
---|
232 |
|
---|
233 | <para>
|
---|
234 | <userinput>encrypt = true</userinput> provides encryption of all traffic between kerberized
|
---|
235 | clients and servers. It's not necessary and can be left off. If you
|
---|
236 | leave it off, you can encrypt all traffic from the client to the server
|
---|
237 | using a switch on the client program instead.
|
---|
238 | </para>
|
---|
239 |
|
---|
240 | <para>
|
---|
241 | The <userinput>[realms]</userinput> parameters tell the client programs where to look for the
|
---|
242 | <acronym>KDC</acronym> authentication services.
|
---|
243 | </para>
|
---|
244 |
|
---|
245 | <para>
|
---|
246 | The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
|
---|
247 | </para>
|
---|
248 |
|
---|
249 | <para>
|
---|
250 | Store the master password in a key file using the following commands:
|
---|
251 | </para>
|
---|
252 |
|
---|
253 | <screen><userinput><command>install -d -m 755 /var/lib/heimdal &&
|
---|
254 | kstash</command></userinput></screen>
|
---|
255 |
|
---|
256 | <para>
|
---|
257 | Create the <acronym>KDC</acronym> database:
|
---|
258 | </para>
|
---|
259 |
|
---|
260 | <screen><userinput><command>kadmin -l</command></userinput></screen>
|
---|
261 |
|
---|
262 | <para>
|
---|
263 | Choose the defaults for now. You can go in later and change the
|
---|
264 | defaults, should you feel the need. At the
|
---|
265 | <userinput>kadmin></userinput> prompt, issue the following statement:
|
---|
266 | </para>
|
---|
267 |
|
---|
268 | <screen><userinput><command>init <replaceable>[LFS.ORG]</replaceable></command></userinput></screen>
|
---|
269 |
|
---|
270 | <para>
|
---|
271 | Now we need to populate the database with principles (users). For now,
|
---|
272 | just use your regular login name or root.
|
---|
273 | </para>
|
---|
274 |
|
---|
275 | <screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
276 |
|
---|
277 | <para>
|
---|
278 | The <acronym>KDC</acronym> server and any machine running kerberized
|
---|
279 | server daemons must have a host key installed:
|
---|
280 | </para>
|
---|
281 |
|
---|
282 | <screen><userinput><command>add --random-key host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
283 |
|
---|
284 | <para>
|
---|
285 | After choosing the defaults when prompted, you will have to export the
|
---|
286 | data to a keytab file:
|
---|
287 | </para>
|
---|
288 |
|
---|
289 | <screen><userinput><command>ext host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
290 |
|
---|
291 | <para>
|
---|
292 | This should have created two files in
|
---|
293 | <filename class="directory">/etc/heimdal</filename>;
|
---|
294 | <filename>krb5.keytab</filename> (Kerberos 5) and
|
---|
295 | <filename>srvtab</filename> (Kerberos 4). Both files should have 600
|
---|
296 | (root rw only) permissions. Keeping the keytab files from public access
|
---|
297 | is crucial to the overall security of the Kerberos installation.
|
---|
298 | </para>
|
---|
299 |
|
---|
300 | <para>
|
---|
301 | Eventually, you'll want to add server daemon principles to the database
|
---|
302 | and extract them to the keytab file. You do this in the same way you
|
---|
303 | created the host principles. Below is an example:
|
---|
304 | </para>
|
---|
305 |
|
---|
306 | <screen><userinput><command>add --random-key ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
307 |
|
---|
308 | <para>
|
---|
309 | (choose the defaults)
|
---|
310 | </para>
|
---|
311 |
|
---|
312 | <screen><userinput><command>ext ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
313 |
|
---|
314 | <para>
|
---|
315 | Exit the <command>kadmin</command> program (use <command>quit</command>
|
---|
316 | or <command>exit</command>) and return back to the shell prompt. Start
|
---|
317 | the <acronym>KDC</acronym> daemon manually, just to test out the
|
---|
318 | installation:
|
---|
319 | </para>
|
---|
320 |
|
---|
321 | <screen><userinput><command>/usr/sbin/kdc &</command></userinput></screen>
|
---|
322 |
|
---|
323 | <para>
|
---|
324 | Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the
|
---|
325 | following command:
|
---|
326 | </para>
|
---|
327 |
|
---|
328 | <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
329 |
|
---|
330 | <para>
|
---|
331 | You will be prompted for the password you created. After you get your
|
---|
332 | ticket, you should list it with the following command:
|
---|
333 | </para>
|
---|
334 |
|
---|
335 | <screen><userinput><command>klist</command></userinput></screen>
|
---|
336 |
|
---|
337 | <para>
|
---|
338 | Information about the ticket should be displayed on the screen.
|
---|
339 | </para>
|
---|
340 |
|
---|
341 | <para>
|
---|
342 | To test the functionality of the keytab file, issue the following
|
---|
343 | command:
|
---|
344 | </para>
|
---|
345 |
|
---|
346 | <screen><userinput><command>ktutil list</command></userinput></screen>
|
---|
347 |
|
---|
348 | <para>
|
---|
349 | This should dump a list of the host principals, along with the encryption
|
---|
350 | methods used to access the principals.
|
---|
351 | </para>
|
---|
352 |
|
---|
353 | <para>
|
---|
354 | At this point, if everything has been successful so far, you can feel
|
---|
355 | fairly confident in the installation and configuration of the package.
|
---|
356 | </para>
|
---|
357 |
|
---|
358 | <para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script
|
---|
359 | included in the <xref linkend="intro-important-bootscripts"/>
|
---|
360 | package.</para>
|
---|
361 |
|
---|
362 | <screen><userinput><command>make install-heimdal</command></userinput></screen>
|
---|
363 |
|
---|
364 | </sect4>
|
---|
365 |
|
---|
366 | <sect4><title>Using Kerberized Client Programs</title>
|
---|
367 |
|
---|
368 | <para>
|
---|
369 | To use the kerberized client programs (<command>telnet</command>,
|
---|
370 | <command>ftp</command>, <command>rsh</command>,
|
---|
371 | <command>rxterm</command>, <command>rxtelnet</command>,
|
---|
372 | <command>rcp</command>, <command>xnlock</command>), you first must get
|
---|
373 | a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
|
---|
374 | get the ticket. After you've acquired the ticket, you can use the
|
---|
375 | kerberized programs to connect to any kerberized server on the network.
|
---|
376 | You will not be prompted for authentication until your ticket expires
|
---|
377 | (default is one day), unless you specify a different user as a command
|
---|
378 | line argument to the program.
|
---|
379 | </para>
|
---|
380 |
|
---|
381 | <para>
|
---|
382 | The kerberized programs will connect to non kerberized daemons, warning
|
---|
383 | you that authentication is not encrypted. As mentioned earlier, only the
|
---|
384 | <command>ftp</command> program gives any trouble connecting to non
|
---|
385 | kerberized daemons.
|
---|
386 | </para>
|
---|
387 |
|
---|
388 | <para>
|
---|
389 | For additional information consult <ulink
|
---|
390 | url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
|
---|
391 | Heimdal hint</ulink> on which the above instructions are based.
|
---|
392 | </para>
|
---|
393 |
|
---|
394 | </sect4>
|
---|
395 |
|
---|
396 | </sect3>
|
---|
397 |
|
---|
398 | </sect2>
|
---|
399 |
|
---|
400 | <sect2>
|
---|
401 | <title>Contents</title>
|
---|
402 |
|
---|
403 | <para>The <application>Heimdal</application> package contains
|
---|
404 | <command>afslog</command>,
|
---|
405 | <command>dump_log</command>,
|
---|
406 | <command>ftp</command>,
|
---|
407 | <command>ftpd</command>,
|
---|
408 | <command>hprop</command>,
|
---|
409 | <command>hpropd</command>,
|
---|
410 | <command>ipropd-master</command>,
|
---|
411 | <command>ipropd-slave</command>,
|
---|
412 | <command>kadmin</command>,
|
---|
413 | <command>kadmind</command>,
|
---|
414 | <command>kauth</command>,
|
---|
415 | <command>kdc</command>,
|
---|
416 | <command>kdestroy</command>,
|
---|
417 | <command>kf</command>,
|
---|
418 | <command>kfd</command>,
|
---|
419 | <command>kgetcred</command>,
|
---|
420 | <command>kinit</command>,
|
---|
421 | <command>klist</command>,
|
---|
422 | <command>kpasswd</command>,
|
---|
423 | <command>kpasswdd</command>,
|
---|
424 | <command>krb5-config</command>,
|
---|
425 | <command>kstash</command>,
|
---|
426 | <command>ktutil</command>,
|
---|
427 | <command>kx</command>,
|
---|
428 | <command>kxd</command>,
|
---|
429 | <command>login</command>,
|
---|
430 | <command>mk_cmds</command>,
|
---|
431 | <command>otp</command>,
|
---|
432 | <command>otpprint</command>,
|
---|
433 | <command>pagsh</command>,
|
---|
434 | <command>pfrom</command>,
|
---|
435 | <command>popper</command>,
|
---|
436 | <command>push</command>,
|
---|
437 | <command>rcp</command>,
|
---|
438 | <command>replay_log</command>,
|
---|
439 | <command>rsh</command>,
|
---|
440 | <command>rshd</command>,
|
---|
441 | <command>rxtelnet</command>,
|
---|
442 | <command>rxterm</command>,
|
---|
443 | <command>string2key</command>,
|
---|
444 | <command>su</command>,
|
---|
445 | <command>telnet</command>,
|
---|
446 | <command>telnetd</command>,
|
---|
447 | <command>tenletxr</command>,
|
---|
448 | <command>truncate_log</command>,
|
---|
449 | <command>verify_krb5_conf</command>,
|
---|
450 | <command>xnlock</command>,
|
---|
451 | <filename class="libraryfile">libasn1</filename>,
|
---|
452 | <filename class="libraryfile">libeditline</filename>,
|
---|
453 | <filename class="libraryfile">libgssapi</filename>,
|
---|
454 | <filename class="libraryfile">libhdb</filename>,
|
---|
455 | <filename class="libraryfile">libkadm5clnt</filename>,
|
---|
456 | <filename class="libraryfile">libkadm5srv</filename>,
|
---|
457 | <filename class="libraryfile">libkafs</filename>,
|
---|
458 | <filename class="libraryfile">libkrb5</filename>,
|
---|
459 | <filename class="libraryfile">libotp</filename>,
|
---|
460 | <filename class="libraryfile">libroken</filename>,
|
---|
461 | <filename class="libraryfile">libsl</filename> and
|
---|
462 | <filename class="libraryfile">libss</filename>.
|
---|
463 |
|
---|
464 | </para>
|
---|
465 |
|
---|
466 | </sect2>
|
---|
467 |
|
---|
468 | <sect2><title>Description</title>
|
---|
469 |
|
---|
470 | <sect3><title>afslog</title>
|
---|
471 | <para><command>afslog</command> obtains AFS tokens for a number of
|
---|
472 | cells.</para></sect3>
|
---|
473 |
|
---|
474 | <sect3><title>hprop</title>
|
---|
475 | <para><command>hprop</command> takes a principal database in a specified
|
---|
476 | format and converts it into a stream of Heimdal database
|
---|
477 | records.</para></sect3>
|
---|
478 |
|
---|
479 | <sect3><title>hpropd</title>
|
---|
480 | <para><command>hpropd</command> receives a database sent by
|
---|
481 | <command>hprop</command> and writes it as a local
|
---|
482 | database.</para></sect3>
|
---|
483 |
|
---|
484 | <sect3><title>kadmin</title>
|
---|
485 | <para><command>kadmin</command> is an utility used to make modifications
|
---|
486 | to the Kerberos database.</para></sect3>
|
---|
487 |
|
---|
488 | <sect3><title>kadmind</title>
|
---|
489 | <para><command>kadmind</command> is a server for administrative access
|
---|
490 | to Kerberos database.</para></sect3>
|
---|
491 |
|
---|
492 | <sect3><title>kauth, kinit</title>
|
---|
493 | <para><command>kauth</command> and <command>kinit</command> are used to
|
---|
494 | authenticate to the Kerberos server as principal and acquire a ticket
|
---|
495 | granting ticket that can later be used to obtain tickets for other
|
---|
496 | services.</para></sect3>
|
---|
497 |
|
---|
498 | <sect3><title>kdc</title>
|
---|
499 | <para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
|
---|
500 |
|
---|
501 | <sect3><title>kdestroy</title>
|
---|
502 | <para><command>kdestroy</command> removes the current set of
|
---|
503 | tickets.</para></sect3>
|
---|
504 |
|
---|
505 | <sect3><title>kf</title>
|
---|
506 | <para><command>kf</command> is a program which forwards tickets to a
|
---|
507 | remote host through an authenticated and encrypted
|
---|
508 | stream.</para></sect3>
|
---|
509 |
|
---|
510 | <sect3><title>kfd</title>
|
---|
511 | <para><command>kfd</command> receives forwarded tickets.</para></sect3>
|
---|
512 |
|
---|
513 | <sect3><title>kgetcred</title>
|
---|
514 | <para><command>kgetcred</command> obtains a ticket for a
|
---|
515 | service.</para></sect3>
|
---|
516 |
|
---|
517 | <sect3><title>klist</title>
|
---|
518 | <para><command>klist</command> reads and displays the current tickets in
|
---|
519 | the credential cache.</para></sect3>
|
---|
520 |
|
---|
521 | <sect3><title>kpasswd</title>
|
---|
522 | <para><command>kpasswd</command> is a program for changing Kerberos 5
|
---|
523 | passwords.</para></sect3>
|
---|
524 |
|
---|
525 | <sect3><title>kpasswdd</title>
|
---|
526 | <para><command>kpasswdd</command> is a Kerberos 5 password changing
|
---|
527 | server.</para></sect3>
|
---|
528 |
|
---|
529 | <sect3><title>krb5-config</title>
|
---|
530 | <para><command>krb5-config</command> gives information on how to link
|
---|
531 | programs against Heimdal libraries.</para></sect3>
|
---|
532 |
|
---|
533 | <sect3><title>kstash</title>
|
---|
534 | <para><command>kstash</command> stores the <acronym>KDC</acronym> master
|
---|
535 | password in a file.</para></sect3>
|
---|
536 |
|
---|
537 | <sect3><title>ktutil</title>
|
---|
538 | <para><command>ktutil</command> is a program for managing Kerberos
|
---|
539 | keytabs.</para></sect3>
|
---|
540 |
|
---|
541 | <sect3><title>kx</title>
|
---|
542 | <para><command>kx</command> is a program which securely forwards X
|
---|
543 | connections.</para></sect3>
|
---|
544 |
|
---|
545 | <sect3><title>kxd</title>
|
---|
546 | <para><command>kxd</command> is the daemon for
|
---|
547 | <command>kx</command>.</para></sect3>
|
---|
548 |
|
---|
549 | <sect3><title>otp</title>
|
---|
550 | <para><command>otp</command> manages one-time passwords.</para></sect3>
|
---|
551 |
|
---|
552 | <sect3><title>otpprint</title>
|
---|
553 | <para><command>otpprint</command> prints lists of one-time
|
---|
554 | passwords.</para></sect3>
|
---|
555 |
|
---|
556 | <sect3><title>rxtelnet</title>
|
---|
557 | <para><command>rxtelnet</command> program starts an
|
---|
558 | <command>xterm</command> window with a telnet to given host and forwards
|
---|
559 | X connections.</para></sect3>
|
---|
560 |
|
---|
561 | <sect3><title>rxterm</title>
|
---|
562 | <para><command>rxterm</command> starts a secure remote
|
---|
563 | <command>xterm</command>.</para></sect3>
|
---|
564 |
|
---|
565 | <sect3><title>string2key</title>
|
---|
566 | <para><command>string2key</command> maps a password into a
|
---|
567 | key.</para></sect3>
|
---|
568 |
|
---|
569 | <sect3><title>tenletxr</title>
|
---|
570 | <para><command>tenletxr</command> forwards X connections
|
---|
571 | backwards.</para></sect3>
|
---|
572 |
|
---|
573 | <sect3><title>verify_krb5_conf</title>
|
---|
574 | <para><command>verify_krb5_conf</command> checks
|
---|
575 | <filename>krb5.conf</filename> file for obvious errors.</para></sect3>
|
---|
576 |
|
---|
577 | <sect3><title>xnlock</title>
|
---|
578 | <para><command>xnlock</command> is a program that acts as a secure screen
|
---|
579 | saver for workstations running X.</para></sect3>
|
---|
580 |
|
---|
581 | </sect2>
|
---|
582 |
|
---|
583 | </sect1>
|
---|