source: postlfs/security/heimdal.xml@ bfb7882

10.0 10.1 11.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since bfb7882 was bfb7882, checked in by Tushar Teredesai <tushar@…>, 16 years ago

More typo fixes

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4841 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 38.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "0a8097a8772d5d2de8c5539d3182b82a">
10 <!ENTITY heimdal-size "4.5 MB">
11 <!ENTITY heimdal-buildsize "91 MB">
12 <!ENTITY heimdal-time "2.4 SBU">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16 <?dbhtml filename="heimdal.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Heimdal-&heimdal-version;</title>
24
25 <indexterm zone="heimdal">
26 <primary sortas="a-Heimdal">Heimdal</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Heimdal</title>
31
32 <para><application>Heimdal</application> is a free implementation
33 of Kerberos 5 that aims to be compatible with MIT krb5 and is
34 backward compatible with krb4. Kerberos is a network authentication
35 protocol. Basically it preserves the integrity of passwords in any
36 untrusted network (like the Internet). Kerberized applications work
37 hand-in-hand with sites that support Kerberos to ensure that passwords
38 cannot be stolen or compromised. A Kerberos installation will make changes
39 to the authentication mechanisms on your network and will overwrite several
40 programs and daemons from the <application>Coreutils</application>,
41 <application>Inetutils</application>, <application>Qpopper</application>
42 and <application>Shadow</application> packages.</para>
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &heimdal-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &heimdal-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &heimdal-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &heimdal-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <listitem>
69 <para>Required Patch: <ulink
70 url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
71 </listitem>
72 <listitem>
73 <para>Required patch for <application>CrackLib</application> support: <ulink
74 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Heimdal Dependencies</bridgehead>
79
80 <bridgehead renderas="sect4">Required</bridgehead>
81 <para><xref linkend="openssl"/> and
82 <xref linkend="db"/></para>
83
84 <bridgehead renderas="sect4">Optional</bridgehead>
85 <para><xref linkend="Linux_PAM"/>,
86 <xref linkend="openldap"/>,
87 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
88 <xref linkend="cracklib"/> (compiled with the <filename>heimdal</filename>
89 patch) and
90 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
91
92 <note>
93 <para>Some sort of time synchronization facility on your system
94 (like <xref linkend="ntp"/>) is required since Kerberos won't
95 authenticate if the time differential between a kerberized client
96 and the KDC server is more than 5 minutes.</para>
97 </note>
98
99 </sect2>
100
101 <sect2 role="installation">
102 <title>Installation of Heimdal</title>
103
104 <para>Before installing the package, you may want to preserve the
105 <command>ftp</command> program from the <application>Inetutils</application>
106 package. This is because using the <application>Heimdal</application>
107 <command>ftp</command> program to connect to non-kerberized ftp servers may
108 not work properly. It will allow you to connect (letting you know that
109 transmission of the password is clear text) but will have problems doing
110 puts and gets. Issue the following command as the
111 <systemitem class="username">root</systemitem> user.</para>
112
113<screen role="root"><userinput>mv -v /usr/bin/ftp /usr/bin/ftpn</userinput></screen>
114
115 <para>If you wish the <application>Heimdal</application> package to
116 link against the <application>CrackLib</application> library (requires
117 <xref linkend="cracklib"/> installed with the <filename>heimdal</filename>
118 patch), you must apply a patch:</para>
119
120<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</userinput></screen>
121
122 <para>Install <application>Heimdal</application> by running the following
123 commands:</para>
124
125<screen><userinput>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
126./configure --prefix=/usr \
127 --sysconfdir=/etc/heimdal \
128 --libexecdir=/usr/sbin \
129 --datadir=/var/lib/heimdal \
130 --localstatedir=/var/lib/heimdal \
131 --enable-shared \
132 --with-readline=/usr &amp;&amp;
133make</userinput></screen>
134
135 <para>To test the results, issue: <command>make check</command>.</para>
136
137 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
138
139<screen role="root"><userinput>make install &amp;&amp;
140install -v -m755 -d /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
141install -v -m644 doc/{init-creds,layman.asc} \
142 /usr/share/doc/heimdal-&heimdal-version; &amp;&amp;
143install -v -m644 doc/standardisation/* \
144 /usr/share/doc/heimdal-&heimdal-version;/standardisation &amp;&amp;
145mv -v /bin/login /bin/login.shadow &amp;&amp;
146mv -v /bin/su /bin/su.shadow &amp;&amp;
147mv -v /usr/bin/{login,su} /bin &amp;&amp;
148ln -v -sf ../../bin/login /usr/bin &amp;&amp;
149mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
150 /usr/lib/libdb-4.3.so /lib &amp;&amp;
151ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &amp;&amp;
152ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &amp;&amp;
153for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
154 asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
155do
156 ln -v -sf ../../lib/lib$SYMLINK \
157 /usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
158done
159ldconfig</userinput></screen>
160
161 </sect2>
162
163 <sect2 role="commands">
164 <title>Command Explanations</title>
165
166 <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch
167 puts the daemon programs into
168 <filename class="directory">/usr/sbin</filename>.</para>
169
170 <tip>
171 <para>If you want to preserve all your existing
172 <application>Inetutils</application> package daemons, install the
173 <application>Heimdal</application> daemons into
174 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever
175 you want). Since these programs will be called from
176 <command>(x)inetd</command> or <filename>rc</filename> scripts, it
177 really doesn't matter where they are installed, as long as they are
178 correctly specified in the <filename>/etc/(x)inetd.conf</filename> file
179 and <filename>rc</filename> scripts. If you choose something other than
180 <filename class="directory">/usr/sbin</filename>, you may want to move
181 some of the user programs (such as <command>kadmin</command>) to
182 <filename class="directory">/usr/sbin</filename> manually so they'll be
183 in the privileged user's default <envar>PATH</envar>.</para>
184 </tip>
185
186 <para><command>mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...</command>:
187 The <command>login</command> and <command>su</command> programs installed by
188 <application>Heimdal</application> belong in the
189 <filename class="directory">/bin</filename> directory. The
190 <command>login</command> program is symlinked because
191 <application>Heimdal</application> is expecting to find it in
192 <filename class="directory">/usr/bin</filename>. The old executables are
193 preserved before the move to keep things sane should breaks occur.</para>
194
195 <para><command>mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...</command>:
196 The <command>login</command> and <command>su</command> programs installed
197 by <application>Heimdal</application> link against
198 <application>Heimdal</application> libraries as well as libraries provided
199 by the <application>OpenSSL</application> and
200 <application>Berkeley DB</application> packages. These
201 libraries are moved to <filename class="directory">/lib</filename> to be
202 FHS compliant and also in case
203 <filename class="directory">/usr</filename> is located on a separate
204 partition which may not always be mounted.</para>
205
206 </sect2>
207
208 <sect2 role="configuration">
209 <title>Configuring Heimdal</title>
210
211 <sect3 id="heimdal-config">
212 <title>Config Files</title>
213
214 <para><filename>/etc/heimdal/*</filename></para>
215
216 <indexterm zone="heimdal heimdal-config">
217 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
218 </indexterm>
219
220 </sect3>
221
222 <sect3>
223 <title>Configuration Information</title>
224
225 <note>
226 <para>All the configuration steps shown below must be accomplished
227 by the <systemitem class='username'>root</systemitem> user unless
228 otherwise noted.</para>
229 </note>
230
231 <sect4>
232 <title>Master KDC Server Configuration</title>
233
234 <para>Create the Kerberos configuration file with the
235 following commands:</para>
236
237<screen role="root"><userinput>install -v -m755 -d /etc/heimdal &amp;&amp;
238cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"
239<literal># Begin /etc/heimdal/krb5.conf
240
241[libdefaults]
242 default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
243 encrypt = true
244
245[realms]
246 <replaceable>[EXAMPLE.COM]</replaceable> = {
247 kdc = <replaceable>[hostname.example.com]</replaceable>
248 admin_server = <replaceable>[hostname.example.com]</replaceable>
249 kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
250 }
251
252[domain_realm]
253 .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
254
255[logging]
256 kdc = FILE:/var/log/kdc.log
257 admin_server = FILE:/var/log/kadmin.log
258 default = FILE:/var/log/krb.log
259
260# End /etc/heimdal/krb5.conf</literal>
261EOF
262chmod -v 644 /etc/heimdal/krb5.conf</userinput></screen>
263
264 <para>You will need to substitute your domain and proper hostname
265 for the occurrences of the <replaceable>[hostname]</replaceable>
266 and <replaceable>[EXAMPLE.COM]</replaceable> names.</para>
267
268 <para><option>default_realm</option> should be the name of your
269 domain changed to ALL CAPS. This isn't required, but both
270 <application>Heimdal</application> and <application>MIT
271 krb5</application> recommend it.</para>
272
273 <para><option>encrypt = true</option> provides encryption of all
274 traffic between kerberized clients and servers. It's not necessary
275 and can be left off. If you leave it off, you can encrypt all traffic
276 from the client to the server using a switch on the client program
277 instead.</para>
278
279 <para>The <option>[realms]</option> parameters tell the client
280 programs where to look for the KDC authentication services.</para>
281
282 <para>The <option>[domain_realm]</option> section maps a domain
283 to a realm.</para>
284
285 <para>Store the master password in a key file using the following
286 commands:</para>
287
288<screen role="root"><userinput>install -v -m755 -d /var/lib/heimdal &amp;&amp;
289kstash</userinput></screen>
290
291 <para>Create the KDC database:</para>
292
293<screen role="root"><userinput>kadmin -l</userinput></screen>
294
295 <para>The commands below will prompt you for information about the
296 principles. Choose the defaults for now unless you know what you are
297 doing and need to specify different values. You can go in later and
298 change the defaults, should you feel the need. You may use the up and
299 down arrow keys to use the history feature of <command>kadmin</command>
300 in a similar manner as the <command>bash</command> history
301 feature.</para>
302
303 <para>At the <prompt>kadmin&gt;</prompt> prompt, issue the following
304 statement:</para>
305
306<screen role="root"><userinput>init <replaceable>[EXAMPLE.COM]</replaceable></userinput></screen>
307
308 <para>The database must now be populated with at least one principle
309 (user). For now, just use your regular login name or root. You may
310 create as few, or as many principles as you wish using the following
311 statement:</para>
312
313<screen role="root"><userinput>add <replaceable>[loginname]</replaceable></userinput></screen>
314
315 <para>The KDC server and any machine running kerberized
316 server daemons must have a host key installed:</para>
317
318<screen role="root"><userinput>add --random-key host/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
319
320 <para>After choosing the defaults when prompted, you will have to
321 export the data to a keytab file:</para>
322
323<screen role="root"><userinput>ext host/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
324
325 <para>This should have created two files in
326 <filename class="directory">/etc/heimdal</filename>:
327 <filename>krb5.keytab</filename> (Kerberos 5) and
328 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
329 (root rw only) permissions. Keeping the keytab files from public access
330 is crucial to the overall security of the Kerberos installation.</para>
331
332 <para>Eventually, you'll want to add server daemon principles to the
333 database and extract them to the keytab file. You do this in the same
334 way you created the host principles. Below is an example:</para>
335
336<screen role="root"><userinput>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
337
338 <para>(choose the defaults)</para>
339
340<screen role="root"><userinput>ext ftp/<replaceable>[hostname.example.com]</replaceable></userinput></screen>
341
342 <para>Exit the <command>kadmin</command> program (use
343 <command>quit</command> or <command>exit</command>) and return back
344 to the shell prompt. Start the KDC daemon manually, just to test out
345 the installation:</para>
346
347<screen role="root"><userinput>/usr/sbin/kdc &amp;</userinput></screen>
348
349 <para>Attempt to get a TGT (ticket granting ticket) with
350 the following command:</para>
351
352<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
353
354 <para>You will be prompted for the password you created. After you get
355 your ticket, you should list it with the following command:</para>
356
357<screen><userinput>klist</userinput></screen>
358
359 <para>Information about the ticket should be displayed on
360 the screen.</para>
361
362 <para>To test the functionality of the <filename>keytab</filename> file,
363 issue the following command:</para>
364
365<screen><userinput>ktutil list</userinput></screen>
366
367 <para>This should dump a list of the host principals, along with the
368 encryption methods used to access the principals.</para>
369
370 <para>At this point, if everything has been successful so far, you
371 can feel fairly confident in the installation, setup and configuration
372 of your new <application>Heimdal</application> Kerberos 5
373 installation.</para>
374
375 <para id="heimdal-init">Install the
376 <filename>/etc/rc.d/init.d/heimdal</filename> init script included
377 in the <xref linkend="intro-important-bootscripts"/> package:</para>
378
379 <indexterm zone="heimdal heimdal-init">
380 <primary sortas="f-heimdal">heimdal</primary>
381 </indexterm>
382
383<screen role="root"><userinput>make install-heimdal</userinput></screen>
384
385 </sect4>
386
387 <sect4>
388 <title>Using Kerberized Client Programs</title>
389
390 <para>To use the kerberized client programs (<command>telnet</command>,
391 <command>ftp</command>, <command>rsh</command>,
392 <command>rxterm</command>, <command>rxtelnet</command>,
393 <command>rcp</command>, <command>xnlock</command>), you first must get
394 a TGT. Use the <command>kinit</command> program to get the ticket.
395 After you've acquired the ticket, you can use the kerberized programs
396 to connect to any kerberized server on the network. You will not be
397 prompted for authentication until your ticket expires (default is one
398 day), unless you specify a different user as a command line argument
399 to the program.</para>
400
401 <para>The kerberized programs will connect to non-kerberized daemons,
402 warning you that authentication is not encrypted. As mentioned earlier,
403 only the <command>ftp</command> program gives any trouble connecting to
404 non-kerberized daemons.</para>
405
406 <para>In order to use the <application>Heimdal</application>
407 <application>X</application> programs, you'll need to add a service
408 port entry to the <filename>/etc/services</filename> file for the
409 <command>kxd</command> server. There is no 'standardized port number'
410 for the 'kx' service in the IANA database, so you'll have to pick an
411 unused port number. Add an entry to the <filename>services</filename>
412 file similar to the entry below (substitute your chosen port number
413 for <replaceable>[49150]</replaceable>):</para>
414
415<screen><literal>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
416kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</literal></screen>
417
418 <para>For additional information consult <ulink
419 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
420 Heimdal hint</ulink> on which the above instructions are based.</para>
421
422 </sect4>
423
424 </sect3>
425
426 </sect2>
427
428 <sect2 role="content">
429 <title>Contents</title>
430
431 <segmentedlist>
432 <segtitle>Installed Programs</segtitle>
433 <segtitle>Installed Libraries</segtitle>
434 <segtitle>Installed Directories</segtitle>
435
436 <seglistitem>
437 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master,
438 ipropd-slave, kadmin, kadmind, kauth, kcm, kdc, kdestroy, kf, kfd,
439 kgetcred, kinit, klist, kpasswd, kpasswdd, krb5-config, kstash,
440 ktutil, kx, kxd, login, mk_cmds, otp, otpprint, pagsh, pfrom, popper,
441 push, rcp, replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su,
442 telnet, telnetd, tenletxr, truncate-log, verify_krb5_conf
443 and xnlock</seg>
444 <seg>libasn1.[so,a], libeditline.[so,a], libgssapi.[so,a],
445 libhdb.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a],
446 libkrb5.[so,a], libotp.[so,a], libroken.[so,a], libsl.[so,a]
447 and libss.[so,a]</seg>
448 <seg>/etc/heimdal, /usr/include/kadm5,
449 /usr/share/doc/heimdal-&heimdal-version; and /var/lib/heimdal</seg>
450 </seglistitem>
451 </segmentedlist>
452
453 <variablelist>
454 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
455 <?dbfo list-presentation="list"?>
456 <?dbhtml list-presentation="table"?>
457
458 <varlistentry id="afslog">
459 <term><command>afslog</command></term>
460 <listitem>
461 <para>obtains AFS tokens for a number of cells.</para>
462 <indexterm zone="heimdal afslog">
463 <primary sortas="b-afslog">afslog</primary>
464 </indexterm>
465 </listitem>
466 </varlistentry>
467
468 <varlistentry id="ftp">
469 <term><command>ftp</command></term>
470 <listitem>
471 <para>is a kerberized FTP client.</para>
472 <indexterm zone="heimdal ftp">
473 <primary sortas="b-ftp">ftp</primary>
474 </indexterm>
475 </listitem>
476 </varlistentry>
477
478 <varlistentry id="ftpd">
479 <term><command>ftpd</command></term>
480 <listitem>
481 <para>is a kerberized FTP daemon.</para>
482 <indexterm zone="heimdal ftpd">
483 <primary sortas="b-ftpd">ftpd</primary>
484 </indexterm>
485 </listitem>
486 </varlistentry>
487
488 <varlistentry id="hprop">
489 <term><command>hprop</command></term>
490 <listitem>
491 <para> takes a principal database in a specified format and converts
492 it into a stream of <application>Heimdal</application> database
493 records.</para>
494 <indexterm zone="heimdal hprop">
495 <primary sortas="b-hprop">hprop</primary>
496 </indexterm>
497 </listitem>
498 </varlistentry>
499
500 <varlistentry id="hpropd">
501 <term><command>hpropd</command></term>
502 <listitem>
503 <para>is a server that receives a database sent by
504 <command>hprop</command> and writes it as a local database.</para>
505 <indexterm zone="heimdal hpropd">
506 <primary sortas="b-hpropd">hpropd</primary>
507 </indexterm>
508 </listitem>
509 </varlistentry>
510
511 <varlistentry id="ipropd-master">
512 <term><command>ipropd-master</command></term>
513 <listitem>
514 <para>is a daemon which runs on the master KDC
515 server which incrementally propagates changes to the KDC
516 database to the slave KDC servers.</para>
517 <indexterm zone="heimdal ipropd-master">
518 <primary sortas="b-ipropd-master">ipropd-master</primary>
519 </indexterm>
520 </listitem>
521 </varlistentry>
522
523 <varlistentry id="ipropd-slave">
524 <term><command>ipropd-slave</command></term>
525 <listitem>
526 <para>is a daemon which runs on the slave KDC
527 servers which incrementally propagates changes to the KDC
528 database from the master KDC server.</para>
529 <indexterm zone="heimdal ipropd-slave">
530 <primary sortas="b-ipropd-slave">ipropd-slave</primary>
531 </indexterm>
532 </listitem>
533 </varlistentry>
534
535 <varlistentry id="kadmin">
536 <term><command>kadmin</command></term>
537 <listitem>
538 <para>is a utility used to make modifications to the Kerberos
539 database.</para>
540 <indexterm zone="heimdal kadmin">
541 <primary sortas="b-kadmin">kadmin</primary>
542 </indexterm>
543 </listitem>
544 </varlistentry>
545
546 <varlistentry id="kadmind">
547 <term><command>kadmind</command></term>
548 <listitem>
549 <para>is a server for administrative access to the Kerberos
550 database.</para>
551 <indexterm zone="heimdal kadmind">
552 <primary sortas="b-kadmind">kadmind</primary>
553 </indexterm>
554 </listitem>
555 </varlistentry>
556
557 <varlistentry id="kauth">
558 <term><command>kauth</command></term>
559 <listitem>
560 <para>is a symbolic link to the <command>kinit</command>
561 program.</para>
562 <indexterm zone="heimdal kauth">
563 <primary sortas="g-kauth">kauth</primary>
564 </indexterm>
565 </listitem>
566 </varlistentry>
567
568 <varlistentry id="kcm">
569 <term><command>kcm</command></term>
570 <listitem>
571 <para>is a process based credential cache for Kerberos
572 tickets.</para>
573 <indexterm zone="heimdal kcm">
574 <primary sortas="b-kcm">kcm</primary>
575 </indexterm>
576 </listitem>
577 </varlistentry>
578
579 <varlistentry id="kdc">
580 <term><command>kdc</command></term>
581 <listitem>
582 <para>is a Kerberos 5 server.</para>
583 <indexterm zone="heimdal kdc">
584 <primary sortas="b-kdc">kdc</primary>
585 </indexterm>
586 </listitem>
587 </varlistentry>
588
589 <varlistentry id="kdestroy">
590 <term><command>kdestroy</command></term>
591 <listitem>
592 <para>removes a principle's current set of tickets.</para>
593 <indexterm zone="heimdal kdestroy">
594 <primary sortas="b-kdestroy">kdestroy</primary>
595 </indexterm>
596 </listitem>
597 </varlistentry>
598
599 <varlistentry id="kf">
600 <term><command>kf</command></term>
601 <listitem>
602 <para>is a program which forwards tickets to a remote host through
603 an authenticated and encrypted stream.</para>
604 <indexterm zone="heimdal kf">
605 <primary sortas="b-kf">kf</primary>
606 </indexterm>
607 </listitem>
608 </varlistentry>
609
610 <varlistentry id="kfd">
611 <term><command>kfd</command></term>
612 <listitem>
613 <para>is a server used to receive forwarded tickets.</para>
614 <indexterm zone="heimdal kfd">
615 <primary sortas="b-kfd">kfd</primary>
616 </indexterm>
617 </listitem>
618 </varlistentry>
619
620 <varlistentry id="kgetcred">
621 <term><command>kgetcred</command></term>
622 <listitem>
623 <para>obtains a ticket for a service.</para>
624 <indexterm zone="heimdal kgetcred">
625 <primary sortas="b-kgetcred">kgetcred</primary>
626 </indexterm>
627 </listitem>
628 </varlistentry>
629
630 <varlistentry id="kinit">
631 <term><command>kinit</command></term>
632 <listitem>
633 <para>is used to authenticate to the Kerberos server as a principal
634 and acquire a ticket granting ticket that can later be used to obtain
635 tickets for other services.</para>
636 <indexterm zone="heimdal kinit">
637 <primary sortas="b-kinit">kinit</primary>
638 </indexterm>
639 </listitem>
640 </varlistentry>
641
642 <varlistentry id="klist">
643 <term><command>klist</command></term>
644 <listitem>
645 <para>reads and displays the current tickets in the credential
646 cache.</para>
647 <indexterm zone="heimdal klist">
648 <primary sortas="b-klist">klist</primary>
649 </indexterm>
650 </listitem>
651 </varlistentry>
652
653 <varlistentry id="kpasswd">
654 <term><command>kpasswd</command></term>
655 <listitem>
656 <para>is a program for changing Kerberos 5 passwords.</para>
657 <indexterm zone="heimdal kpasswd">
658 <primary sortas="b-kpasswd">kpasswd</primary>
659 </indexterm>
660 </listitem>
661 </varlistentry>
662
663 <varlistentry id="kpasswdd">
664 <term><command>kpasswdd</command></term>
665 <listitem>
666 <para>is a Kerberos 5 password changing server.</para>
667 <indexterm zone="heimdal kpasswdd">
668 <primary sortas="b-kpasswdd">kpasswdd</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="krb5-config-prog">
674 <term><command>krb5-config</command></term>
675 <listitem>
676 <para>gives information on how to link programs against
677 <application>Heimdal</application> libraries.</para>
678 <indexterm zone="heimdal krb5-config-prog">
679 <primary sortas="b-krb5-config">krb5-config</primary>
680 </indexterm>
681 </listitem>
682 </varlistentry>
683
684 <varlistentry id="kstash">
685 <term><command>kstash</command></term>
686 <listitem>
687 <para>stores the KDC master password in a file.</para>
688 <indexterm zone="heimdal kstash">
689 <primary sortas="b-kstash">kstash</primary>
690 </indexterm>
691 </listitem>
692 </varlistentry>
693
694 <varlistentry id="ktutil">
695 <term><command>ktutil</command></term>
696 <listitem>
697 <para>is a program for managing Kerberos keytabs.</para>
698 <indexterm zone="heimdal ktutil">
699 <primary sortas="b-ktutil">ktutil</primary>
700 </indexterm>
701 </listitem>
702 </varlistentry>
703
704 <varlistentry id="kx">
705 <term><command>kx</command></term>
706 <listitem>
707 <para>is a program which securely forwards
708 <application>X</application> connections.</para>
709 <indexterm zone="heimdal kx">
710 <primary sortas="b-kx">kx</primary>
711 </indexterm>
712 </listitem>
713 </varlistentry>
714
715 <varlistentry id="kxd">
716 <term><command>kxd</command></term>
717 <listitem>
718 <para>is the daemon for <command>kx</command>.</para>
719 <indexterm zone="heimdal kxd">
720 <primary sortas="b-kxd">kxd</primary>
721 </indexterm>
722 </listitem>
723 </varlistentry>
724
725 <varlistentry id="login">
726 <term><command>login</command></term>
727 <listitem>
728 <para>is a kerberized login program.</para>
729 <indexterm zone="heimdal login">
730 <primary sortas="b-login">login</primary>
731 </indexterm>
732 </listitem>
733 </varlistentry>
734
735 <varlistentry id="otp">
736 <term><command>otp</command></term>
737 <listitem>
738 <para>manages one-time passwords.</para>
739 <indexterm zone="heimdal otp">
740 <primary sortas="b-otp">otp</primary>
741 </indexterm>
742 </listitem>
743 </varlistentry>
744
745 <varlistentry id="otpprint">
746 <term><command>otpprint</command></term>
747 <listitem>
748 <para>prints lists of one-time passwords.</para>
749 <indexterm zone="heimdal otpprint">
750 <primary sortas="b-otpprint">otpprint</primary>
751 </indexterm>
752 </listitem>
753 </varlistentry>
754
755 <varlistentry id="pfrom">
756 <term><command>pfrom</command></term>
757 <listitem>
758 <para>is a script that runs <command>push --from</command>.</para>
759 <indexterm zone="heimdal pfrom">
760 <primary sortas="b-pfrom">pfrom</primary>
761 </indexterm>
762 </listitem>
763 </varlistentry>
764
765 <varlistentry id="popper">
766 <term><command>popper</command></term>
767 <listitem>
768 <para>is a kerberized POP-3 server.</para>
769 <indexterm zone="heimdal popper">
770 <primary sortas="b-popper">popper</primary>
771 </indexterm>
772 </listitem>
773 </varlistentry>
774
775 <varlistentry id="push">
776 <term><command>push</command></term>
777 <listitem>
778 <para>is a kerberized POP mail retrieval client.</para>
779 <indexterm zone="heimdal push">
780 <primary sortas="b-push">push</primary>
781 </indexterm>
782 </listitem>
783 </varlistentry>
784
785 <varlistentry id="rcp">
786 <term><command>rcp</command></term>
787 <listitem>
788 <para>is a kerberized rcp client program.</para>
789 <indexterm zone="heimdal rcp">
790 <primary sortas="b-rcp">rcp</primary>
791 </indexterm>
792 </listitem>
793 </varlistentry>
794
795 <varlistentry id="rsh">
796 <term><command>rsh</command></term>
797 <listitem>
798 <para>is a kerberized rsh client program.</para>
799 <indexterm zone="heimdal rsh">
800 <primary sortas="b-rsh">rsh</primary>
801 </indexterm>
802 </listitem>
803 </varlistentry>
804
805 <varlistentry id="rshd">
806 <term><command>rshd</command></term>
807 <listitem>
808 <para>is a kerberized rsh server.</para>
809 <indexterm zone="heimdal rshd">
810 <primary sortas="b-rshd">rshd</primary>
811 </indexterm>
812 </listitem>
813 </varlistentry>
814
815 <varlistentry id="rxtelnet">
816 <term><command>rxtelnet</command></term>
817 <listitem>
818 <para>starts a secure <command>xterm</command> window with a
819 <command>telnet</command> to a given host and forwards
820 <application>X</application> connections.</para>
821 <indexterm zone="heimdal rxtelnet">
822 <primary sortas="b-rxtelnet">rxtelnet</primary>
823 </indexterm>
824 </listitem>
825 </varlistentry>
826
827 <varlistentry id="rxterm">
828 <term><command>rxterm</command></term>
829 <listitem>
830 <para>starts a secure remote <command>xterm</command>.</para>
831 <indexterm zone="heimdal rxterm">
832 <primary sortas="b-rxterm">rxterm</primary>
833 </indexterm>
834 </listitem>
835 </varlistentry>
836
837 <varlistentry id="string2key">
838 <term><command>string2key</command></term>
839 <listitem>
840 <para>maps a password into a key.</para>
841 <indexterm zone="heimdal string2key">
842 <primary sortas="b-string2key">string2key</primary>
843 </indexterm>
844 </listitem>
845 </varlistentry>
846
847 <varlistentry id="su">
848 <term><command>su</command></term>
849 <listitem>
850 <para>is a kerberized su client program.</para>
851 <indexterm zone="heimdal su">
852 <primary sortas="b-su">su</primary>
853 </indexterm>
854 </listitem>
855 </varlistentry>
856
857 <varlistentry id="telnet">
858 <term><command>telnet</command></term>
859 <listitem>
860 <para>is a kerberized telnet client program.</para>
861 <indexterm zone="heimdal telnet">
862 <primary sortas="b-telnet">telnet</primary>
863 </indexterm>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry id="telnetd">
868 <term><command>telnetd</command></term>
869 <listitem>
870 <para>is a kerberized telnet server.</para>
871 <indexterm zone="heimdal telnetd">
872 <primary sortas="b-telnetd">telnetd</primary>
873 </indexterm>
874 </listitem>
875 </varlistentry>
876
877 <varlistentry id="tenletxr">
878 <term><command>tenletxr</command></term>
879 <listitem>
880 <para>forwards <application>X</application> connections
881 backwards.</para>
882 <indexterm zone="heimdal tenletxr">
883 <primary sortas="b-tenletxr">tenletxr</primary>
884 </indexterm>
885 </listitem>
886 </varlistentry>
887
888 <varlistentry id="verify_krb5_conf">
889 <term><command>verify_krb5_conf</command></term>
890 <listitem>
891 <para>checks <filename>krb5.conf</filename> file for obvious
892 errors.</para>
893 <indexterm zone="heimdal verify_krb5_conf">
894 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
895 </indexterm>
896 </listitem>
897 </varlistentry>
898
899 <varlistentry id="xnlock">
900 <term><command>xnlock</command></term>
901 <listitem>
902 <para>is a program that acts as a secure screen saver for
903 workstations running <application>X</application>.</para>
904 <indexterm zone="heimdal xnlock">
905 <primary sortas="b-xnlock">xnlock</primary>
906 </indexterm>
907 </listitem>
908 </varlistentry>
909
910 <varlistentry id="libasn1">
911 <term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
912 <listitem>
913 <para>provides the ASN.1 and DER functions to encode and decode
914 the Kerberos TGTs.</para>
915 <indexterm zone="heimdal libasn1">
916 <primary sortas="c-libasn1">libasn1.[so,a]</primary>
917 </indexterm>
918 </listitem>
919 </varlistentry>
920
921 <varlistentry id="libeditline">
922 <term><filename class='libraryfile'>libeditline.a</filename></term>
923 <listitem>
924 <para>is a command-line editing library with history.</para>
925 <indexterm zone="heimdal libeditline">
926 <primary sortas="c-libeditline">libeditline.a</primary>
927 </indexterm>
928 </listitem>
929 </varlistentry>
930
931 <varlistentry id="libgssapi">
932 <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
933 <listitem>
934 <para>contain the Generic Security Service Application Programming
935 Interface (GSSAPI) functions which provides security
936 services to callers in a generic fashion, supportable with a range of
937 underlying mechanisms and technologies and hence allowing source-level
938 portability of applications to different environments.</para>
939 <indexterm zone="heimdal libgssapi">
940 <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
941 </indexterm>
942 </listitem>
943 </varlistentry>
944
945 <varlistentry id="libhdb">
946 <term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
947 <listitem>
948 <para>is a <application>Heimdal</application> Kerberos 5
949 authentication/authorization database access library.</para>
950 <indexterm zone="heimdal libhdb">
951 <primary sortas="c-libhdb">libhdb.[so,a]</primary>
952 </indexterm>
953 </listitem>
954 </varlistentry>
955
956 <varlistentry id="libkadm5clnt">
957 <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
958 <listitem>
959 <para>contains the administrative authentication and password
960 checking functions required by Kerberos 5 client-side programs.</para>
961 <indexterm zone="heimdal libkadm5clnt">
962 <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
963 </indexterm>
964 </listitem>
965 </varlistentry>
966
967 <varlistentry id="libkadm5srv">
968 <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
969 <listitem>
970 <para>contain the administrative authentication and password
971 checking functions required by Kerberos 5 servers.</para>
972 <indexterm zone="heimdal libkadm5srv">
973 <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
974 </indexterm>
975 </listitem>
976 </varlistentry>
977
978 <varlistentry id="libkafs">
979 <term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
980 <listitem>
981 <para>contains the functions required to authenticated to AFS.</para>
982 <indexterm zone="heimdal libkafs">
983 <primary sortas="c-libkafs">libkafs.[so,a]</primary>
984 </indexterm>
985 </listitem>
986 </varlistentry>
987
988 <varlistentry id="libkrb5">
989 <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
990 <listitem>
991 <para>is an all-purpose Kerberos 5 library.</para>
992 <indexterm zone="heimdal libkrb5">
993 <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
994 </indexterm>
995 </listitem>
996 </varlistentry>
997
998 <varlistentry id="libotp">
999 <term><filename class='libraryfile'>libotp.[so,a]</filename></term>
1000 <listitem>
1001 <para>contains the functions required to handle authenticating
1002 one time passwords.</para>
1003 <indexterm zone="heimdal libotp">
1004 <primary sortas="c-libotp">libotp.[so,a]</primary>
1005 </indexterm>
1006 </listitem>
1007 </varlistentry>
1008
1009 <varlistentry id="libroken">
1010 <term><filename class='libraryfile'>libroken.[so,a]</filename></term>
1011 <listitem>
1012 <para>is a library containing Kerberos 5 compatibility
1013 functions.</para>
1014 <indexterm zone="heimdal libroken">
1015 <primary sortas="c-libroken">libroken.[so,a]</primary>
1016 </indexterm>
1017 </listitem>
1018 </varlistentry>
1019
1020 </variablelist>
1021
1022 </sect2>
1023
1024</sect1>
Note: See TracBrowser for help on using the repository browser.