source: postlfs/security/heimdal.xml@ bc7ba13

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since bc7ba13 was bc7ba13, checked in by Randy McMurchy <randy@…>, 14 years ago

Added a sed command from upstream to the Heimdal instructions to fix a multiple declaration

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8327 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 46.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://www.h5l.org/dist/src/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "4ce17deae040a3519e542f48fd901f21">
10 <!ENTITY heimdal-size "5.6 MB">
11 <!ENTITY heimdal-buildsize "200 MB">
12 <!ENTITY heimdal-time "4.0 SBU (additional 2.5 SBU to run the test suite)">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <warning>
33 <para>In its current condition, building <application>Heimdal</application>
34 will overwrite <filename class='libraryfile'>/usr/lib/libcom_err.so</filename>
35 and install an additional
36 <filename class='libraryfile'>libcom_err</filename> library in
37 <filename class='directory'>/usr/lib</filename>. This will directly
38 conflict with the <filename class='libraryfile'>/lib/libcom_err</filename>
39 library installed by the <application>E2fsprogs</application> package in LFS.
40 Both upstream maintainers are aware of the problem and both have taken action
41 to eliminate this condition. However, the combination that currently exists
42 will cause this problem.</para>
43
44 <para>There is a fix for the problem, but it will require you to recompile
45 the LFS <application>E2fsprogs</application> package with a patch. The patch is
46 located at <ulink url="&patch-root;/e2fsprogs-1.41.8-heimdal_compat-1.patch"/>.
47 Download the patch, and while you are still in the
48 <filename class='directory'>e2fsprogs-&lfs-e2fsprogs-version;</filename>
49 source directory, install it using the command:</para>
50
51 <screen><userinput>patch -Np1 -i ../e2fsprogs-1.41.8-heimdal_compat-1.patch</userinput></screen>
52
53 <para>Then follow the existing instructions to build
54 <application>E2fsprogs</application> located at
55 <ulink url="&lfs-root;/chapter06/e2fsprogs.html"/>. After
56 recompiling <application>E2fsprogs</application>, you are now ready to
57 install <application>Heimdal</application>.</para>
58 </warning>
59
60 <para><application>Heimdal</application> is a free implementation
61 of Kerberos 5 that aims to be compatible with MIT Kerberos 5 and is
62 backward compatible with Kerberos 4. Kerberos is a network authentication
63 protocol. Basically it preserves the integrity of passwords in any
64 untrusted network (like the Internet). Kerberized applications work
65 hand-in-hand with sites that support Kerberos to ensure that passwords
66 cannot be stolen or compromised. A Kerberos installation will make changes
67 to the authentication mechanisms on your network and will overwrite several
68 programs and daemons from the <application>Shadow</application>,
69 <application>Inetutils</application> and
70 <application>Qpopper</application> packages. See
71 <ulink url="&files-anduin;/heimdal-overwrites"/> for a complete list of
72 all the files and commands to rename each of them.</para>
73
74 <bridgehead renderas="sect3">Package Information</bridgehead>
75 <itemizedlist spacing="compact">
76 <listitem>
77 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
78 </listitem>
79 <listitem>
80 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
81 </listitem>
82 <listitem>
83 <para>Download MD5 sum: &heimdal-md5sum;</para>
84 </listitem>
85 <listitem>
86 <para>Download size: &heimdal-size;</para>
87 </listitem>
88 <listitem>
89 <para>Estimated disk space required: &heimdal-buildsize;</para>
90 </listitem>
91 <listitem>
92 <para>Estimated build time: &heimdal-time;</para>
93 </listitem>
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
97 <itemizedlist spacing='compact'>
98 <listitem>
99 <para>Required Patch: <ulink
100 url="&patch-root;/heimdal-&heimdal-version;-blfs_docs-1.patch"/></para>
101 </listitem>
102 <!-- <listitem>
103 <para>Required Patch: <ulink
104 url="&patch-root;/heimdal-&heimdal-version;-libss-1.patch"/></para>
105 </listitem> -->
106 </itemizedlist>
107
108 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
109
110 <bridgehead renderas="sect4">Required to Build the Server-Side Tools</bridgehead>
111 <para role="required">
112 <xref linkend="db"/> (recommended) or GDBM (GDBM is installed in LFS)</para>
113 <!-- <xref linkend="db"/> is recommended (installed in LFS)
114 or <xref linkend="gdbm"/></para> -->
115
116 <bridgehead renderas="sect4">Recommended</bridgehead>
117 <para role="recommended"><xref linkend="openssl"/></para>
118
119 <bridgehead renderas="sect4">Optional</bridgehead>
120 <para role="optional"><xref linkend="linux-pam"/>,
121 <xref linkend="openldap"/>,
122 <xref linkend="x-window-system"/>, and
123 <ulink url="http://packages.debian.org/stable/source/libcap">libcap</ulink></para>
124
125 <note>
126 <para>Some sort of time synchronization facility on your system
127 (like <xref linkend="ntp"/>) is required since Kerberos won't
128 authenticate if the time differential between a kerberized client
129 and the KDC server is more than 5 minutes.</para>
130 </note>
131
132 <para condition="html" role="usernotes">User Notes:
133 <ulink url="&blfs-wiki;/heimdal"/></para>
134
135 </sect2>
136
137 <sect2 role="installation">
138 <title>Installation of Heimdal</title>
139
140 <warning>
141 <para>Ensure you really need a Kerberos installation before you decide
142 to install this package. Failure to install and configure the package
143 correctly can alter your system so that users cannot log in.</para>
144 </warning>
145
146 <para>Install <application>Heimdal</application> by running the following
147 commands:</para>
148
149<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-blfs_docs-1.patch &amp;&amp;
150sed -i.bak 's/struct krb5_cccol_cursor/&amp;_data/' \
151 lib/krb5/{krb5.h,cache.c}
152
153./configure --prefix=/usr \
154 --sysconfdir=/etc/heimdal \
155 --libexecdir=/usr/sbin \
156 --localstatedir=/var/lib/heimdal \
157 --datadir=/var/lib/heimdal \
158 --with-hdbdir=/var/lib/heimdal \
159 --with-readline=/usr \
160 --enable-kcm &amp;&amp;
161make</userinput></screen>
162
163 <para>If you have <xref linkend="tetex"/> installed and wish to create
164 alternate forms of the documentation, change into the
165 <filename class='directory'>doc</filename> directory and issue any or all
166 of the following commands (the <command>makeinfo</command> commands do not
167 require a <application>teTex</application> installation:</para>
168
169<screen><userinput>pushd doc &amp;&amp;
170
171make html &amp;&amp;
172
173texi2pdf heimdal.texi &amp;&amp;
174texi2dvi heimdal.texi &amp;&amp;
175dvips -o heimdal.ps heimdal.dvi &amp;&amp;
176makeinfo --plaintext -o heimdal.txt heimdal.texi &amp;&amp;
177
178texi2pdf hx509.texi &amp;&amp;
179texi2dvi hx509.texi &amp;&amp;
180dvips -o hx509.ps hx509.dvi &amp;&amp;
181makeinfo --plaintext -o hx509.txt hx509.texi &amp;&amp;
182
183popd</userinput></screen>
184
185 <para>To test the results, issue: <command>make -k check</command>. The
186 <command>check-ipropd</command> test is known to fail but all others should
187 pass.</para>
188
189 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
190
191<!-- <screen role="root"><?dbfo keep-together="auto"?><userinput>mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.e2fsprogs &amp;&amp;
192mv -v /usr/lib/libss.a /usr/lib/libss.a.e2fsprogs &amp;&amp;
193mv -v /usr/lib/libss.so /usr/lib/libss.so.e2fsprogs &amp;&amp;
194mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.e2fsprogs &amp;&amp;
195-->
196
197<screen role="root"><userinput>make install &amp;&amp;
198
199install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
200install -v -m644 doc/{init-creds,layman.asc} \
201 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
202
203ln -sfv mech.5 /usr/share/man/man5/qop.5 &amp;&amp;
204ln -sfv ../man5/mech.5 /usr/share/man/cat5/qop.5 &amp;&amp;
205ln -sfv ../man5/mech.5 /usr/share/man/cat5 &amp;&amp;
206
207mv -v /bin/login /bin/login.SHADOW &amp;&amp;
208mv -v /bin/su /bin/su.SHADOW &amp;&amp;
209mv -v /usr/bin/{login,su} /bin &amp;&amp;
210ln -v -sf ../../bin/login /usr/bin &amp;&amp;
211
212for LINK in \
213 lib{otp,kafs,krb5,hx509,asn1,roken,crypto,heimsqlite,wind}; do
214 mv -v /usr/lib/${LINK}.so.* /lib &amp;&amp;
215 ln -v -sf ../../lib/$(readlink /usr/lib/${LINK}.so) \
216 /usr/lib/${LINK}.so
217done &amp;&amp;
218
219mv -v /usr/lib/$(readlink /usr/lib/libdb.so) \
220 /usr/lib/libdb-?.so \
221 /lib &amp;&amp;
222ln -v -sf ../../lib/$(readlink /usr/lib/libdb.so) \
223 /usr/lib/libdb.so &amp;&amp;
224
225ldconfig</userinput></screen>
226
227<!-- mv -v /usr/include/ss/ss.h /usr/include/ss/ss.h.heimdal &amp;&amp;
228mv -v /usr/include/ss/ss.h.e2fsprogs /usr/include/ss/ss.h &amp;&amp;
229mv -v /usr/lib/libss.a /usr/lib/libss.a.heimdal &amp;&amp;
230mv -v /usr/lib/libss.a.e2fsprogs /usr/lib/libss.a &amp;&amp;
231mv -v /usr/lib/libss.so /usr/lib/libss.so.heimdal &amp;&amp;
232mv -v /usr/lib/libss.so.e2fsprogs /usr/lib/libss.so &amp;&amp;
233mv -v /usr/lib/libss.la /usr/lib/libss.la.heimdal &amp;&amp;
234mv -v /usr/bin/mk_cmds /usr/bin/mk_cmds.heimdal &amp;&amp;
235mv -v /usr/bin/mk_cmds.e2fsprogs /usr/bin/mk_cmds &amp;&amp; -->
236
237 <para>If you built any of the alternate forms of documentation, install it
238 using the following commands as the
239 <systemitem class="username">root</systemitem> user:</para>
240
241<screen role="root"><userinput>install -v -m644 doc/{heimdal,hx509}.{dvi,ps,pdf,html,txt} \
242 /usr/share/doc/heimdal-&heimdal-version;</userinput></screen>
243
244 <para>If you wish to use the <xref linkend="cracklib"/> library to enforce
245 strong passwords in the KDC database, issue the following commands as the
246 <systemitem class="username">root</systemitem> user:</para>
247
248<screen role="root"><userinput>sed -e 's|/usr/pkg|/usr|' \
249 -e 's|/usr/lib/cracklib_dict|/lib/cracklib/pw_dict|' \
250 -e 's|/var/heimdal|/var/lib/heimdal|' \
251 lib/kadm5/check-cracklib.pl \
252 > /bin/krb5-check-cracklib.pl &amp;&amp;
253
254chmod -v 755 /bin/krb5-check-cracklib.pl</userinput></screen>
255
256 </sect2>
257
258 <sect2 role="commands">
259 <title>Command Explanations</title>
260
261 <!-- <para><command>mv -v /usr/include/...</command>,
262 <command>mv -v /usr/lib/libss.* ...</command> and
263 <command>mv -v /usr/bin/mk_cmds ...</command>: The
264 <application>Heimdal</application> installation will overwrite an
265 interface header, static library, library symbolic link and a
266 shell script from the
267 <application>E2fsprogs</application> package. These commands rename the
268 original files before the installation, and then restore them (after
269 renaming the new <application>Heimdal</application> files) after the
270 installation.</para> -->
271
272 <para><command>sed -i.bak ... lib/krb5/{krb5.h,cache.c}</command>: This
273 command is an upstream fix for a multiple declaration.</para>
274
275 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch causes
276 the daemon programs to be installed into
277 <filename class="directory">/usr/sbin</filename>.</para>
278
279 <tip>
280 <para>If you want to preserve all your existing
281 <application>Inetutils</application> package daemons, install the
282 <application>Heimdal</application> daemons into
283 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
284 you want). Since these programs will be called from
285 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
286 really doesn't matter where they are installed, as long as they are
287 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
288 and <filename>rc</filename> scripts. If you choose something other than
289 <filename class="directory">/usr/sbin</filename>, you may want to move
290 some of the user programs (such as <command>kadmin</command>) to
291 <filename class="directory">/usr/sbin</filename> manually so they'll be
292 in the privileged user's default <envar>PATH</envar>.</para>
293 </tip>
294
295 <para><parameter>--localstatedir=/var/lib/heimdal</parameter>,
296 <parameter>--datadir=/var/lib/heimdal</parameter> and
297 <parameter>--with-hdbdir=/var/lib/heimdal</parameter>: These parameters
298 are used so that the KDC database and associated files will all reside
299 in <filename class='directory'>/var/lib/heimdal</filename>.</para>
300
301 <para><parameter>--with-readline=/usr</parameter>: This parameter must be
302 used so that the <command>configure</command> script properly locates the
303 installed <application>Readline</application> package.</para>
304
305 <para><parameter>--enable-kcm</parameter>: This parameter enables building
306 the Kerberos Credentials Manager.</para>
307
308 <para><command>ln -sfv .../mech.5 /usr/share/man/...</command>: These
309 commands are used to fix some broken symbolic links.</para>
310
311 <para><command>mv ... ...SHADOW</command>, <command>mv ... /bin</command>
312 and <command> ln ... /usr/bin</command>: The <command>login</command>
313 and <command>su</command> programs installed by
314 <application>Heimdal</application> belong in the
315 <filename class="directory">/bin</filename> directory. The
316 <command>login</command> program is symlinked because
317 <application>Heimdal</application> is expecting to find it in
318 <filename class="directory">/usr/bin</filename>. The old executables from
319 the <application>Shadow</application> package are preserved before the move
320 so that they can be restored if you experience problems logging into the
321 system after the <application>Heimdal</application> package is installed
322 and configured.</para>
323
324 <para><command>for LINK in ...; do ...; done</command>,
325 <command>mv ... /lib</command> and
326 <command>ln ... /usr/lib/libdb.so</command>: The <command>login</command>
327 and <command>su</command> programs previously moved into the
328 <filename class='directory'>/lib</filename> directory link against
329 <application>Heimdal</application> libraries as well as libraries provided
330 by the <application>OpenSSL</application> and
331 <application>Berkeley DB</application> packages. These
332 libraries are also moved to <filename class="directory">/lib</filename>
333 so they are FHS compliant and also in case
334 <filename class="directory">/usr</filename> is located on a separate
335 partition which may not always be mounted.</para>
336
337 </sect2>
338
339 <sect2 role="configuration">
340 <title>Configuring Heimdal</title>
341
342 <sect3 id="heimdal-config">
343 <title>Config Files</title>
344
345 <para><filename>/etc/heimdal/*</filename></para>
346
347 <indexterm zone="heimdal heimdal-config">
348 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
349 </indexterm>
350
351 </sect3>
352
353 <sect3>
354 <title>Configuration Information</title>
355
356 <note>
357 <para>All the configuration steps shown below must be accomplished
358 by the <systemitem class='username'>root</systemitem> user unless
359 otherwise noted.</para>
360 </note>
361
362 <sect4>
363 <title>Master KDC Server Configuration</title>
364
365 <para>Many of the commands below use
366 <replaceable>&lt;replaceable&gt;</replaceable> tags to identify places
367 where you need to substitute information specific to your network.
368 Ensure you replace everything in these tags (there will be no angle
369 brackets when you are done) with your site-specific information.</para>
370
371 <para>Create the Kerberos configuration file with the following
372 commands:</para>
373
374<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
375cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF" &amp;&amp;
376<literal># Begin /etc/heimdal/krb5.conf
377
378[libdefaults]
379 default_realm = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
380 encrypt = true
381
382[realms]
383 <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> = {
384 kdc = <replaceable>&lt;hostname.example.com&gt;</replaceable>
385 admin_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
386 kpasswd_server = <replaceable>&lt;hostname.example.com&gt;</replaceable>
387 }
388
389[domain_realm]
390 .<replaceable>&lt;example.com&gt;</replaceable> = <replaceable>&lt;EXAMPLE.COM&gt;</replaceable>
391
392[logging]
393 kdc = FILE:/var/log/kdc.log
394 admin_server = FILE:/var/log/kadmin.log
395 default = FILE:/var/log/krb.log
396
397# End /etc/heimdal/krb5.conf</literal>
398EOF
399chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
400
401 <para>You will need to substitute your domain and proper hostname
402 for the occurrences of the <replaceable>&lt;hostname&gt;</replaceable>
403 and <replaceable>&lt;EXAMPLE.COM&gt;</replaceable> names.</para>
404
405 <para><option>default_realm</option> should be the name of your
406 domain changed to ALL CAPS. This isn't required, but both
407 <application>Heimdal</application> and <application>MIT
408 Kerberos</application> recommend it.</para>
409
410 <para><option>encrypt = true</option> provides encryption of all
411 traffic between kerberized clients and servers. It's not necessary
412 and can be left off. If you leave it off, you can encrypt all traffic
413 from the client to the server using a switch on the client program
414 instead. The <option>[realms]</option> parameters tell the client
415 programs where to look for the KDC authentication services. The
416 <option>[domain_realm]</option> section maps a domain
417 to a realm.</para>
418
419 <para>Store the master password in a key file using the following
420 commands:</para>
421
422<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
423kstash</userinput></screen>
424
425 <para>Create the KDC database:</para>
426
427<screen role="root"><userinput>kadmin -l</userinput></screen>
428
429 <para>The commands below will prompt you for information about the
430 principles. Choose the defaults for now unless you know what you are
431 doing and need to specify different values. You can go in later and
432 change the defaults, should you feel the need. You may use the up and
433 down arrow keys to use the history feature of <command>kadmin</command>
434 in a similar manner as the <command>bash</command> history
435 feature.</para>
436
437 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
438 statement:</para>
439
440<screen role="root"><userinput>init <replaceable>&lt;EXAMPLE.COM&gt;</replaceable></userinput></screen>
441
442 <para>The database must now be populated with at least one principle
443 (user). For now, just use your regular login name or root. You may
444 create as few, or as many principles as you wish using the following
445 statement:</para>
446
447<screen role="root"><userinput>add <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
448
449 <para>The KDC server and any machine running kerberized
450 server daemons must have a host key installed:</para>
451
452<screen role="root"><userinput>add --random-key host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
453
454 <para>After choosing the defaults when prompted, you will have to
455 export the data to a keytab file:</para>
456
457<screen role="root"><userinput>ext host/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
458
459 <para>This should have created two files in
460 <filename class="directory">/etc/heimdal</filename>:
461 <filename>krb5.keytab</filename> (Kerberos 5) and
462 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
463 (root rw only) permissions. Keeping the keytab files from public access
464 is crucial to the overall security of the Kerberos installation.</para>
465
466 <para>Eventually, you'll want to add server daemon principles to the
467 database and extract them to the keytab file. You do this in the same
468 way you created the host principles. Below is an example:</para>
469
470<screen role="root"><userinput>add --random-key ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
471
472 <para>(choose the defaults)</para>
473
474<screen role="root"><userinput>ext ftp/<replaceable>&lt;hostname.example.com&gt;</replaceable></userinput></screen>
475
476 <para>Exit the <command>kadmin</command> program (use
477 <command>quit</command> or <command>exit</command>) and return back
478 to the shell prompt. Start the KDC daemon manually, just to test out
479 the installation:</para>
480
481<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
482
483 <para>Attempt to get a TGT (ticket granting ticket) with
484 the following command:</para>
485
486<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
487
488 <para>You will be prompted for the password you created. After you get
489 your ticket, you should list it with the following command:</para>
490
491<screen><userinput>klist</userinput></screen>
492
493 <para>Information about the ticket should be displayed on
494 the screen.</para>
495
496 <para>To test the functionality of the <filename>keytab</filename> file,
497 issue the following command:</para>
498
499<screen><userinput>ktutil list</userinput></screen>
500
501 <para>This should dump a list of the host principals, along with the
502 encryption methods used to access the principals.</para>
503
504 <para>At this point, if everything has been successful so far, you
505 can feel fairly confident in the installation, setup and configuration
506 of your new <application>Heimdal</application> Kerberos 5
507 installation.</para>
508
509 <para>If you wish to use the <xref linkend="cracklib"/> library to
510 enforce strong passwords in the KDC database, you must do two things.
511 First, add the following lines to the
512 <filename>/etc/heimdal/krb5.conf</filename> configuration file:</para>
513
514<screen><literal>[password_quality]
515 policies = builtin:external-check
516 external_program = /bin/krb5-check-cracklib.pl</literal></screen>
517
518 <para>Next you must install the
519 <application>Crypt::Cracklib</application>
520 <application>Perl</application> module. Download it from the CPAN
521 site. The URL at the time of this writing is <ulink
522 url="http://cpan.org/authors/id/D/DA/DANIEL/Crypt-Cracklib-1.2.tar.gz"/>.
523 After unpacking the tarball and changing into the newly created
524 directory, issue the following command to add the BLFS
525 <application>Cracklib</application> dictionary location to one of the
526 source files:</para>
527
528<screen><userinput>sed -i 's|pw_dict|&amp;\n\t\t/lib/cracklib/pw_dict|' Cracklib.pm</userinput></screen>
529
530 <para>Then use the standard <command>perl Makefile.PL</command>;
531 <command>make</command>; <command>make test</command>;
532 <command>make install</command> commands. Note that one test fails
533 due to an unknown reason.</para>
534
535 <para id="heimdal-init">Install the
536 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
537 in the <xref linkend="bootscripts"/> package:</para>
538
539 <indexterm zone="heimdal heimdal-init">
540 <primary sortas="f-heimdal">heimdal</primary>
541 </indexterm>
542
543<screen role="root"><userinput>make install-heimdal</userinput></screen>
544
545 </sect4>
546
547 <sect4>
548 <title>Using Kerberized Client Programs</title>
549
550 <para>To use the kerberized client programs (<command>telnet</command>,
551 <command>ftp</command>, <command>rsh</command>,
552 <command>rxterm</command>, <command>rxtelnet</command>,
553 <command>rcp</command>, <command>xnlock</command>), you first must get
554 a TGT. Use the <command>kinit</command> program to get the ticket.
555 After you've acquired the ticket, you can use the kerberized programs
556 to connect to any kerberized server on the network. You will not be
557 prompted for authentication until your ticket expires (default is one
558 day), unless you specify a different user as a command line argument
559 to the program.</para>
560
561 <para>The kerberized programs will connect to non-kerberized daemons,
562 warning you that authentication is not encrypted.</para>
563
564 <para>In order to use the <application>Heimdal</application>
565 <application>X</application> programs, you'll need to add a service
566 port entry to the <filename>/etc/services</filename> file for the
567 <command>kxd</command> server. There is no 'standardized port number'
568 for the 'kx' service in the IANA database, so you'll have to pick an
569 unused port number. Add an entry to the <filename>services</filename>
570 file similar to the entry below (substitute your chosen port number
571 for <replaceable>&lt;49150&gt;</replaceable>):</para>
572
573<screen><literal>kx <replaceable>&lt;49150&gt;</replaceable>/tcp # Heimdal kerberos X
574kx <replaceable>&lt;49150&gt;</replaceable>/udp # Heimdal kerberos X</literal></screen>
575
576 <para>For additional information consult <ulink
577 url="&hints-root;/downloads/files/heimdal.txt">the
578 Heimdal hint</ulink> on which the above instructions are based.</para>
579
580 </sect4>
581
582 </sect3>
583
584 </sect2>
585
586 <sect2 role="content">
587 <title>Contents</title>
588
589 <segmentedlist>
590 <segtitle>Installed Programs</segtitle>
591 <segtitle>Installed Libraries</segtitle>
592 <segtitle>Installed Directories</segtitle>
593
594 <seglistitem>
595 <seg>afslog, ftp, ftpd, gss, hprop, hpropd, hxtool, iprop-log,
596 ipropd-master, ipropd-slave, kadmin, kadmind, kauth, kcm, kdc,
597 kdestroy, kdigest, kf, kfd, kgetcred, kimpersonate, kinit, klist,
598 kpasswd, kpasswdd, krb5-check-cracklib.pl, krb5-config, kstash,
599 ktutil, kx, kxd, login, mk_cmds-krb5, otp, otpprint, pagsh, pfrom,
600 popper, push, rcp, rsh, rshd, rxtelnet, rxterm, string2key, su,
601 telnet, telnetd, tenletxr, verify_krb5_conf and xnlock</seg>
602
603 <seg>hdb_ldap.{so,a}, libasn1.{so,a}, libeditline.{so,a},
604 libgssapi.{so,a}, libhdb.{so,a}, libheimntlm.{so,a}, libhx509.{so,a},
605 libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkafs.{so,a},
606 libkdc.{so,a}, libkrb5.{so,a}, libotp.{so,a}, libroken.{so,a},
607 libsl.{so,a}, libss-krb5.{so,a} and windc.{so,a}</seg>
608
609 <seg>/etc/heimdal, /usr/include/gssapi, /usr/include/kadm5,
610 /usr/include/krb5, /usr/include/roken, /usr/include/ss,
611 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
612 </seglistitem>
613 </segmentedlist>
614
615 <variablelist>
616 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
617 <?dbfo list-presentation="list"?>
618 <?dbhtml list-presentation="table"?>
619
620 <varlistentry id="afslog">
621 <term><command>afslog</command></term>
622 <listitem>
623 <para>obtains AFS tokens for a number of cells.</para>
624 <indexterm zone="heimdal afslog">
625 <primary sortas="b-afslog">afslog</primary>
626 </indexterm>
627 </listitem>
628 </varlistentry>
629
630 <varlistentry id="ftp">
631 <term><command>ftp</command></term>
632 <listitem>
633 <para>is a kerberized FTP client.</para>
634 <indexterm zone="heimdal ftp">
635 <primary sortas="b-ftp">ftp</primary>
636 </indexterm>
637 </listitem>
638 </varlistentry>
639
640 <varlistentry id="ftpd">
641 <term><command>ftpd</command></term>
642 <listitem>
643 <para>is a kerberized FTP daemon.</para>
644 <indexterm zone="heimdal ftpd">
645 <primary sortas="b-ftpd">ftpd</primary>
646 </indexterm>
647 </listitem>
648 </varlistentry>
649
650 <varlistentry id="hprop">
651 <term><command>hprop</command></term>
652 <listitem>
653 <para> takes a principal database in a specified format and converts
654 it into a stream of <application>Heimdal</application> database
655 records.</para>
656 <indexterm zone="heimdal hprop">
657 <primary sortas="b-hprop">hprop</primary>
658 </indexterm>
659 </listitem>
660 </varlistentry>
661
662 <varlistentry id="hpropd">
663 <term><command>hpropd</command></term>
664 <listitem>
665 <para>is a server that receives a database sent by
666 <command>hprop</command> and writes it as a local database.</para>
667 <indexterm zone="heimdal hpropd">
668 <primary sortas="b-hpropd">hpropd</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="iprop-log">
674 <term><command>iprop-log</command></term>
675 <listitem>
676 <para>is used to maintain the iprop log file.</para>
677 <indexterm zone="heimdal iprop-log">
678 <primary sortas="b-iprop-log">iprop-log</primary>
679 </indexterm>
680 </listitem>
681 </varlistentry>
682
683 <varlistentry id="ipropd-master">
684 <term><command>ipropd-master</command></term>
685 <listitem>
686 <para>is a daemon which runs on the master KDC
687 server which incrementally propagates changes to the KDC
688 database to the slave KDC servers.</para>
689 <indexterm zone="heimdal ipropd-master">
690 <primary sortas="b-ipropd-master">ipropd-master</primary>
691 </indexterm>
692 </listitem>
693 </varlistentry>
694
695 <varlistentry id="ipropd-slave">
696 <term><command>ipropd-slave</command></term>
697 <listitem>
698 <para>is a daemon which runs on the slave KDC
699 servers which incrementally propagates changes to the KDC
700 database from the master KDC server.</para>
701 <indexterm zone="heimdal ipropd-slave">
702 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
703 </indexterm>
704 </listitem>
705 </varlistentry>
706
707 <varlistentry id="kadmin">
708 <term><command>kadmin</command></term>
709 <listitem>
710 <para>is a utility used to make modifications to the Kerberos
711 database.</para>
712 <indexterm zone="heimdal kadmin">
713 <primary sortas="b-kadmin">kadmin</primary>
714 </indexterm>
715 </listitem>
716 </varlistentry>
717
718 <varlistentry id="kadmind">
719 <term><command>kadmind</command></term>
720 <listitem>
721 <para>is a server for administrative access to the Kerberos
722 database.</para>
723 <indexterm zone="heimdal kadmind">
724 <primary sortas="b-kadmind">kadmind</primary>
725 </indexterm>
726 </listitem>
727 </varlistentry>
728
729 <varlistentry id="kauth">
730 <term><command>kauth</command></term>
731 <listitem>
732 <para>is a symbolic link to the <command>kinit</command>
733 program.</para>
734 <indexterm zone="heimdal kauth">
735 <primary sortas="g-kauth">kauth</primary>
736 </indexterm>
737 </listitem>
738 </varlistentry>
739
740 <varlistentry id="kcm">
741 <term><command>kcm</command></term>
742 <listitem>
743 <para>is a process based credential cache for Kerberos
744 tickets.</para>
745 <indexterm zone="heimdal kcm">
746 <primary sortas="b-kcm">kcm</primary>
747 </indexterm>
748 </listitem>
749 </varlistentry>
750
751 <varlistentry id="kdc">
752 <term><command>kdc</command></term>
753 <listitem>
754 <para>is a Kerberos 5 server.</para>
755 <indexterm zone="heimdal kdc">
756 <primary sortas="b-kdc">kdc</primary>
757 </indexterm>
758 </listitem>
759 </varlistentry>
760
761 <varlistentry id="kdestroy">
762 <term><command>kdestroy</command></term>
763 <listitem>
764 <para>removes a principle's current set of tickets.</para>
765 <indexterm zone="heimdal kdestroy">
766 <primary sortas="b-kdestroy">kdestroy</primary>
767 </indexterm>
768 </listitem>
769 </varlistentry>
770
771 <varlistentry id="kf">
772 <term><command>kf</command></term>
773 <listitem>
774 <para>is a program which forwards tickets to a remote host through
775 an authenticated and encrypted stream.</para>
776 <indexterm zone="heimdal kf">
777 <primary sortas="b-kf">kf</primary>
778 </indexterm>
779 </listitem>
780 </varlistentry>
781
782 <varlistentry id="kfd">
783 <term><command>kfd</command></term>
784 <listitem>
785 <para>is a server used to receive forwarded tickets.</para>
786 <indexterm zone="heimdal kfd">
787 <primary sortas="b-kfd">kfd</primary>
788 </indexterm>
789 </listitem>
790 </varlistentry>
791
792 <varlistentry id="kgetcred">
793 <term><command>kgetcred</command></term>
794 <listitem>
795 <para>obtains a ticket for a service.</para>
796 <indexterm zone="heimdal kgetcred">
797 <primary sortas="b-kgetcred">kgetcred</primary>
798 </indexterm>
799 </listitem>
800 </varlistentry>
801
802 <varlistentry id="kinit">
803 <term><command>kinit</command></term>
804 <listitem>
805 <para>is used to authenticate to the Kerberos server as a principal
806 and acquire a ticket granting ticket that can later be used to obtain
807 tickets for other services.</para>
808 <indexterm zone="heimdal kinit">
809 <primary sortas="b-kinit">kinit</primary>
810 </indexterm>
811 </listitem>
812 </varlistentry>
813
814 <varlistentry id="klist">
815 <term><command>klist</command></term>
816 <listitem>
817 <para>reads and displays the current tickets in the credential
818 cache.</para>
819 <indexterm zone="heimdal klist">
820 <primary sortas="b-klist">klist</primary>
821 </indexterm>
822 </listitem>
823 </varlistentry>
824
825 <varlistentry id="kpasswd">
826 <term><command>kpasswd</command></term>
827 <listitem>
828 <para>is a program for changing Kerberos 5 passwords.</para>
829 <indexterm zone="heimdal kpasswd">
830 <primary sortas="b-kpasswd">kpasswd</primary>
831 </indexterm>
832 </listitem>
833 </varlistentry>
834
835 <varlistentry id="kpasswdd">
836 <term><command>kpasswdd</command></term>
837 <listitem>
838 <para>is a Kerberos 5 password changing server.</para>
839 <indexterm zone="heimdal kpasswdd">
840 <primary sortas="b-kpasswdd">kpasswdd</primary>
841 </indexterm>
842 </listitem>
843 </varlistentry>
844
845 <varlistentry id="krb5-config-prog">
846 <term><command>krb5-config</command></term>
847 <listitem>
848 <para>gives information on how to link programs against
849 <application>Heimdal</application> libraries.</para>
850 <indexterm zone="heimdal krb5-config-prog">
851 <primary sortas="b-krb5-config">krb5-config</primary>
852 </indexterm>
853 </listitem>
854 </varlistentry>
855
856 <varlistentry id="kstash">
857 <term><command>kstash</command></term>
858 <listitem>
859 <para>stores the KDC master password in a file.</para>
860 <indexterm zone="heimdal kstash">
861 <primary sortas="b-kstash">kstash</primary>
862 </indexterm>
863 </listitem>
864 </varlistentry>
865
866 <varlistentry id="ktutil">
867 <term><command>ktutil</command></term>
868 <listitem>
869 <para>is a program for managing Kerberos keytabs.</para>
870 <indexterm zone="heimdal ktutil">
871 <primary sortas="b-ktutil">ktutil</primary>
872 </indexterm>
873 </listitem>
874 </varlistentry>
875
876 <varlistentry id="kx">
877 <term><command>kx</command></term>
878 <listitem>
879 <para>is a program which securely forwards
880 <application>X</application> connections.</para>
881 <indexterm zone="heimdal kx">
882 <primary sortas="b-kx">kx</primary>
883 </indexterm>
884 </listitem>
885 </varlistentry>
886
887 <varlistentry id="kxd">
888 <term><command>kxd</command></term>
889 <listitem>
890 <para>is the daemon for <command>kx</command>.</para>
891 <indexterm zone="heimdal kxd">
892 <primary sortas="b-kxd">kxd</primary>
893 </indexterm>
894 </listitem>
895 </varlistentry>
896
897 <varlistentry id="login">
898 <term><command>login</command></term>
899 <listitem>
900 <para>is a kerberized login program.</para>
901 <indexterm zone="heimdal login">
902 <primary sortas="b-login">login</primary>
903 </indexterm>
904 </listitem>
905 </varlistentry>
906
907 <varlistentry id="otp">
908 <term><command>otp</command></term>
909 <listitem>
910 <para>manages one-time passwords.</para>
911 <indexterm zone="heimdal otp">
912 <primary sortas="b-otp">otp</primary>
913 </indexterm>
914 </listitem>
915 </varlistentry>
916
917 <varlistentry id="otpprint">
918 <term><command>otpprint</command></term>
919 <listitem>
920 <para>prints lists of one-time passwords.</para>
921 <indexterm zone="heimdal otpprint">
922 <primary sortas="b-otpprint">otpprint</primary>
923 </indexterm>
924 </listitem>
925 </varlistentry>
926
927 <varlistentry id="pfrom">
928 <term><command>pfrom</command></term>
929 <listitem>
930 <para>is a script that runs <command>push --from</command>.</para>
931 <indexterm zone="heimdal pfrom">
932 <primary sortas="b-pfrom">pfrom</primary>
933 </indexterm>
934 </listitem>
935 </varlistentry>
936
937 <varlistentry id="popper">
938 <term><command>popper</command></term>
939 <listitem>
940 <para>is a kerberized POP-3 server.</para>
941 <indexterm zone="heimdal popper">
942 <primary sortas="b-popper">popper</primary>
943 </indexterm>
944 </listitem>
945 </varlistentry>
946
947 <varlistentry id="push">
948 <term><command>push</command></term>
949 <listitem>
950 <para>is a kerberized POP mail retrieval client.</para>
951 <indexterm zone="heimdal push">
952 <primary sortas="b-push">push</primary>
953 </indexterm>
954 </listitem>
955 </varlistentry>
956
957 <varlistentry id="rcp">
958 <term><command>rcp</command></term>
959 <listitem>
960 <para>is a kerberized rcp client program.</para>
961 <indexterm zone="heimdal rcp">
962 <primary sortas="b-rcp">rcp</primary>
963 </indexterm>
964 </listitem>
965 </varlistentry>
966
967 <varlistentry id="rsh">
968 <term><command>rsh</command></term>
969 <listitem>
970 <para>is a kerberized rsh client program.</para>
971 <indexterm zone="heimdal rsh">
972 <primary sortas="b-rsh">rsh</primary>
973 </indexterm>
974 </listitem>
975 </varlistentry>
976
977 <varlistentry id="rshd">
978 <term><command>rshd</command></term>
979 <listitem>
980 <para>is a kerberized rsh server.</para>
981 <indexterm zone="heimdal rshd">
982 <primary sortas="b-rshd">rshd</primary>
983 </indexterm>
984 </listitem>
985 </varlistentry>
986
987 <varlistentry id="rxtelnet">
988 <term><command>rxtelnet</command></term>
989 <listitem>
990 <para>starts a secure <command>xterm</command> window with a
991 <command>telnet</command> to a given host and forwards
992 <application>X</application> connections.</para>
993 <indexterm zone="heimdal rxtelnet">
994 <primary sortas="b-rxtelnet">rxtelnet</primary>
995 </indexterm>
996 </listitem>
997 </varlistentry>
998
999 <varlistentry id="rxterm">
1000 <term><command>rxterm</command></term>
1001 <listitem>
1002 <para>starts a secure remote <command>xterm</command>.</para>
1003 <indexterm zone="heimdal rxterm">
1004 <primary sortas="b-rxterm">rxterm</primary>
1005 </indexterm>
1006 </listitem>
1007 </varlistentry>
1008
1009 <varlistentry id="string2key">
1010 <term><command>string2key</command></term>
1011 <listitem>
1012 <para>maps a password into a key.</para>
1013 <indexterm zone="heimdal string2key">
1014 <primary sortas="b-string2key">string2key</primary>
1015 </indexterm>
1016 </listitem>
1017 </varlistentry>
1018
1019 <varlistentry id="su">
1020 <term><command>su</command></term>
1021 <listitem>
1022 <para>is a kerberized su client program.</para>
1023 <indexterm zone="heimdal su">
1024 <primary sortas="b-su">su</primary>
1025 </indexterm>
1026 </listitem>
1027 </varlistentry>
1028
1029 <varlistentry id="telnet">
1030 <term><command>telnet</command></term>
1031 <listitem>
1032 <para>is a kerberized telnet client program.</para>
1033 <indexterm zone="heimdal telnet">
1034 <primary sortas="b-telnet">telnet</primary>
1035 </indexterm>
1036 </listitem>
1037 </varlistentry>
1038
1039 <varlistentry id="telnetd">
1040 <term><command>telnetd</command></term>
1041 <listitem>
1042 <para>is a kerberized telnet server.</para>
1043 <indexterm zone="heimdal telnetd">
1044 <primary sortas="b-telnetd">telnetd</primary>
1045 </indexterm>
1046 </listitem>
1047 </varlistentry>
1048
1049 <varlistentry id="tenletxr">
1050 <term><command>tenletxr</command></term>
1051 <listitem>
1052 <para>forwards <application>X</application> connections
1053 backwards.</para>
1054 <indexterm zone="heimdal tenletxr">
1055 <primary sortas="b-tenletxr">tenletxr</primary>
1056 </indexterm>
1057 </listitem>
1058 </varlistentry>
1059
1060 <varlistentry id="verify_krb5_conf">
1061 <term><command>verify_krb5_conf</command></term>
1062 <listitem>
1063 <para>checks <filename>krb5.conf</filename> file for obvious
1064 errors.</para>
1065 <indexterm zone="heimdal verify_krb5_conf">
1066 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
1067 </indexterm>
1068 </listitem>
1069 </varlistentry>
1070
1071 <varlistentry id="xnlock">
1072 <term><command>xnlock</command></term>
1073 <listitem>
1074 <para>is a program that acts as a secure screen saver for
1075 workstations running <application>X</application>.</para>
1076 <indexterm zone="heimdal xnlock">
1077 <primary sortas="b-xnlock">xnlock</primary>
1078 </indexterm>
1079 </listitem>
1080 </varlistentry>
1081
1082 <varlistentry id="libasn1">
1083 <term><filename class='libraryfile'>libasn1.{so,a}</filename></term>
1084 <listitem>
1085 <para>provides the ASN.1 and DER functions to encode and decode
1086 the Kerberos TGTs.</para>
1087 <indexterm zone="heimdal libasn1">
1088 <primary sortas="c-libasn1">libasn1.{so,a}</primary>
1089 </indexterm>
1090 </listitem>
1091 </varlistentry>
1092
1093 <varlistentry id="libeditline">
1094 <term><filename class='libraryfile'>libeditline.a</filename></term>
1095 <listitem>
1096 <para>is a command-line editing library with history.</para>
1097 <indexterm zone="heimdal libeditline">
1098 <primary sortas="c-libeditline">libeditline.a</primary>
1099 </indexterm>
1100 </listitem>
1101 </varlistentry>
1102
1103 <varlistentry id="libgssapi">
1104 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
1105 <listitem>
1106 <para>contain the Generic Security Service Application Programming
1107 Interface (GSSAPI) functions which provides security
1108 services to callers in a generic fashion, supportable with a range of
1109 underlying mechanisms and technologies and hence allowing source-level
1110 portability of applications to different environments.</para>
1111 <indexterm zone="heimdal libgssapi">
1112 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
1113 </indexterm>
1114 </listitem>
1115 </varlistentry>
1116
1117 <varlistentry id="libhdb">
1118 <term><filename class='libraryfile'>libhdb.{so,a}</filename></term>
1119 <listitem>
1120 <para>is a <application>Heimdal</application> Kerberos 5
1121 authentication/authorization database access library.</para>
1122 <indexterm zone="heimdal libhdb">
1123 <primary sortas="c-libhdb">libhdb.{so,a}</primary>
1124 </indexterm>
1125 </listitem>
1126 </varlistentry>
1127
1128 <varlistentry id="libkadm5clnt">
1129 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
1130 <listitem>
1131 <para>contains the administrative authentication and password
1132 checking functions required by Kerberos 5 client-side programs.</para>
1133 <indexterm zone="heimdal libkadm5clnt">
1134 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
1135 </indexterm>
1136 </listitem>
1137 </varlistentry>
1138
1139 <varlistentry id="libkadm5srv">
1140 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
1141 <listitem>
1142 <para>contain the administrative authentication and password
1143 checking functions required by Kerberos 5 servers.</para>
1144 <indexterm zone="heimdal libkadm5srv">
1145 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
1146 </indexterm>
1147 </listitem>
1148 </varlistentry>
1149
1150 <varlistentry id="libkafs">
1151 <term><filename class='libraryfile'>libkafs.{so,a}</filename></term>
1152 <listitem>
1153 <para>contains the functions required to authenticated to AFS.</para>
1154 <indexterm zone="heimdal libkafs">
1155 <primary sortas="c-libkafs">libkafs.{so,a}</primary>
1156 </indexterm>
1157 </listitem>
1158 </varlistentry>
1159
1160 <varlistentry id="libkrb5">
1161 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
1162 <listitem>
1163 <para>is an all-purpose Kerberos 5 library.</para>
1164 <indexterm zone="heimdal libkrb5">
1165 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
1166 </indexterm>
1167 </listitem>
1168 </varlistentry>
1169
1170 <varlistentry id="libotp">
1171 <term><filename class='libraryfile'>libotp.{so,a}</filename></term>
1172 <listitem>
1173 <para>contains the functions required to handle authenticating
1174 one time passwords.</para>
1175 <indexterm zone="heimdal libotp">
1176 <primary sortas="c-libotp">libotp.{so,a}</primary>
1177 </indexterm>
1178 </listitem>
1179 </varlistentry>
1180
1181 <varlistentry id="libroken">
1182 <term><filename class='libraryfile'>libroken.{so,a}</filename></term>
1183 <listitem>
1184 <para>is a library containing Kerberos 5 compatibility
1185 functions.</para>
1186 <indexterm zone="heimdal libroken">
1187 <primary sortas="c-libroken">libroken.{so,a}</primary>
1188 </indexterm>
1189 </listitem>
1190 </varlistentry>
1191
1192 </variablelist>
1193
1194 </sect2>
1195
1196</sect1>
Note: See TracBrowser for help on using the repository browser.