source: postlfs/security/heimdal.xml@ e921ae99

10.0 10.1 11.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since e921ae99 was e921ae99, checked in by Randy McMurchy <randy@…>, 17 years ago

Updated build entities in Heimdal and GDBM instructions; added indexing tags to GDBM instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3610 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 31.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
9 <!ENTITY heimdal-md5sum "2265fd2d4573dd3a8da45ce62519e48b">
10 <!ENTITY heimdal-size "3.3 MB">
11 <!ENTITY heimdal-buildsize "71 MB">
12 <!ENTITY heimdal-time "2.06 SBU">
13]>
14
15<sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="heimdal.html"?>
21<title>Heimdal-&heimdal-version;</title>
22<indexterm zone="heimdal">
23<primary sortas="a-Heimdal">Heimdal</primary>
24</indexterm>
25
26<sect2>
27<title>Introduction to <application>Heimdal</application></title>
28
29<para><application>Heimdal</application> is a free implementation of Kerberos
305, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards
31compatible with krb4. Kerberos is a network authentication protocol. Basically
32it preserves the integrity of passwords in any untrusted network (like the
33Internet). Kerberized applications work hand-in-hand with sites that support
34Kerberos to ensure that passwords cannot be stolen. A Kerberos installation
35will make changes to the authentication mechanisms on your network and will
36overwrite several programs and daemons from the
37<application>Coreutils</application>, <application>Inetutils</application>,
38<application>Qpopper</application> and <application>Shadow</application>
39packages.</para>
40
41<sect3><title>Package information</title>
42<itemizedlist spacing='compact'>
43<listitem><para>Download (HTTP):
44<ulink url="&heimdal-download-http;"/></para></listitem>
45<listitem><para>Download (FTP):
46<ulink url="&heimdal-download-ftp;"/></para></listitem>
47<listitem><para>Download MD5 sum: &heimdal-md5sum;</para></listitem>
48<listitem><para>Download size: &heimdal-size;</para></listitem>
49<listitem><para>Estimated disk space required:
50&heimdal-buildsize;</para></listitem>
51<listitem><para>Estimated build time:
52&heimdal-time;</para></listitem></itemizedlist>
53</sect3>
54
55<sect3><title>Additional downloads</title>
56<itemizedlist spacing='compact'>
57<listitem><para>Required Patch: <ulink
58url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para>
59</listitem>
60<listitem><para>Required patch for cracklib: <ulink
61url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para>
62</listitem>
63</itemizedlist>
64
65</sect3>
66
67<sect3><title><application>Heimdal</application> dependencies</title>
68<sect4><title>Required</title>
69<para><xref linkend="openssl"/> and
70<xref linkend="db"/></para>
71</sect4>
72
73<sect4><title>Optional</title>
74<para><xref linkend="Linux_PAM"/>,
75<xref linkend="openldap"/>,
76X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
77<xref linkend="cracklib"/> and
78<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
79
80<note><para>Some sort of time synchronization facility on your system (like
81<xref linkend="ntp"/>) is required since Kerberos won't authenticate if the
82time differential between a kerberized client and the
83<acronym>KDC</acronym> server is more than 5 minutes.</para></note>
84</sect4>
85
86</sect3>
87
88</sect2>
89
90<sect2>
91<title>Installation of <application>Heimdal</application></title>
92
93<para>Before installing the package, you may want to preserve the
94<command>ftp</command> program from the <application>Inetutils</application>
95package. This is because using the <application>Heimdal</application>
96<command>ftp</command> program to connect to non-kerberized ftp servers may
97not work properly. It will allow you to connect (letting you know that
98transmission of the password is clear text) but will have problems doing puts
99and gets. Issue the following command as the root user.</para>
100
101<screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
102
103<para>If you wish the <application>Heimdal</application> package to link
104against the <application>cracklib</application> library, you must apply a
105patch:</para>
106
107<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
108
109<para>Install <application>Heimdal</application> by running the following
110commands:</para>
111
112<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
113./configure --prefix=/usr --sysconfdir=/etc/heimdal \
114 --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
115 --libexecdir=/usr/sbin --enable-shared \
116 --with-openssl=/usr --with-readline=/usr &amp;&amp;
117make</command></userinput></screen>
118
119<para>Now, as the root user:</para>
120
121<screen><userinput role='root'><command>make install &amp;&amp;
122mv /bin/login /bin/login.shadow &amp;&amp;
123mv /bin/su /bin/su.shadow &amp;&amp;
124mv /usr/bin/{login,su} /bin &amp;&amp;
125ln -sf ../../bin/login /usr/bin &amp;&amp;
126mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
127 /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &amp;&amp;
128ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
129 /usr/lib &amp;&amp;
130ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
131 /usr/lib &amp;&amp;
132ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
133 /usr/lib &amp;&amp;
134ldconfig</command></userinput></screen>
135
136</sect2>
137
138<sect2>
139<title>Command explanations</title>
140
141<para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the
142daemon programs into <filename class="directory">/usr/sbin</filename>.
143</para>
144
145<note><para>
146If you want to preserve all your existing <application>Inetutils</application>
147package daemons, install the <application>Heimdal</application> daemons into
148<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you
149want). Since these programs will be called from <command>(x)inetd</command> or
150<filename>rc</filename> scripts, it really doesn't matter where they are
151installed, as long as they are correctly specified in the
152<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
153scripts. If you choose something other than
154<filename class="directory">/usr/sbin</filename>, you may want to move some of
155the user programs (such as <command>kadmin</command>) to
156<filename class="directory">/usr/sbin</filename> manually so they'll be in the
157privileged user's default path.</para></note>
158
159<para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The
160<command>login</command> and <command>su</command> programs installed by
161<application>Heimdal</application> belong in the
162<filename class="directory">/bin</filename> directory. The
163<command>login</command> program is symlinked because
164<application>Heimdal</application> is expecting to find it in
165<filename class="directory">/usr/bin</filename>. The old executables are
166preserved before the move to keep things sane should breaks occur.</para>
167
168<para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The
169<command>login</command> and <command>su</command> programs installed by
170<application>Heimdal</application> link against
171<application>Heimdal</application> libraries as well as libraries provided by
172the <application>Open<acronym>SSL</acronym></application> and
173<application>Berkeley <acronym>DB</acronym></application> packages. These
174libraries are moved to <filename class="directory">/lib</filename> to be
175<acronym>FHS</acronym> compliant and also in case
176<filename class="directory">/usr</filename> is located on a separate partition
177which may not always be mounted.</para>
178
179</sect2>
180
181<sect2>
182<title>Configuring <application>Heimdal</application></title>
183
184<sect3 id="heimdal-config"><title>Config files</title>
185<para><filename>/etc/heimdal/*</filename></para>
186<indexterm zone="heimdal heimdal-config">
187<primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
188</indexterm>
189</sect3>
190
191<sect3><title>Configuration Information</title>
192
193<sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
194
195<para>Create the Kerberos configuration file with the following
196commands:</para>
197
198<screen><userinput role='root'><command>install -d /etc/heimdal &amp;&amp;
199cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"</command>
200# Begin /etc/heimdal/krb5.conf
201
202[libdefaults]
203 default_realm = <replaceable>[EXAMPLE.COM]</replaceable>
204 encrypt = true
205
206[realms]
207 <replaceable>[EXAMPLE.COM]</replaceable> = {
208 kdc = <replaceable>[hostname.example.com]</replaceable>
209 admin_server = <replaceable>[hostname.example.com]</replaceable>
210 kpasswd_server = <replaceable>[hostname.example.com]</replaceable>
211 }
212
213[domain_realm]
214 .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable>
215
216[logging]
217 kdc = FILE:/var/log/kdc.log
218 admin_server = FILE:/var/log/kadmin.log
219 default = FILE:/var/log/krb.log
220
221# End /etc/heimdal/krb5.conf
222<command>EOF</command></userinput></screen>
223
224<para>You will need to substitute your domain and proper hostname for the
225occurrences of the <replaceable>[hostname]</replaceable> and
226<replaceable>[EXAMPLE.COM]</replaceable> names.</para>
227
228<para><userinput>default_realm</userinput> should be the name of your domain
229changed to ALL CAPS. This isn't required, but both
230<application>Heimdal</application> and <application><acronym>MIT</acronym>
231krb5</application> recommend it.</para>
232
233<para><userinput>encrypt = true</userinput> provides encryption of all traffic
234between kerberized clients and servers. It's not necessary and can be left
235off. If you leave it off, you can encrypt all traffic from the client to the
236server using a switch on the client program instead.</para>
237
238<para>The <userinput>[realms]</userinput> parameters tell the client programs
239where to look for the <acronym>KDC</acronym> authentication services.</para>
240
241<para>The <userinput>[domain_realm]</userinput> section maps a domain to a
242realm.</para>
243
244<para>Store the master password in a key file using the following
245commands:</para>
246
247<screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal &amp;&amp;
248kstash</command></userinput></screen>
249
250<para>Create the <acronym>KDC</acronym> database:</para>
251
252<screen><userinput role='root'><command>kadmin -l</command></userinput></screen>
253
254<para>Choose the defaults for now. You can go in later and change the
255defaults, should you feel the need. At the
256<userinput>kadmin&gt;</userinput> prompt, issue the following statement:</para>
257
258<screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
259
260<para>The database must now be populated with at least one principle (user).
261For now, just use your regular login name or root. You may create as few, or
262as many principles as you wish using the following statement:</para>
263
264<screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
265
266<para>The <acronym>KDC</acronym> server and any machine running kerberized
267server daemons must have a host key installed:</para>
268
269<screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
270
271<para>After choosing the defaults when prompted, you will have to export the
272data to a keytab file:</para>
273
274<screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
275
276<para>This should have created two files in
277<filename class="directory">/etc/heimdal</filename>:
278<filename>krb5.keytab</filename> (Kerberos 5) and
279<filename>srvtab</filename> (Kerberos 4). Both files should have 600
280(root rw only) permissions. Keeping the keytab files from public access
281is crucial to the overall security of the Kerberos installation.</para>
282
283<para>Eventually, you'll want to add server daemon principles to the database
284and extract them to the keytab file. You do this in the same way you created
285the host principles. Below is an example:</para>
286
287<screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
288
289<para>(choose the defaults)</para>
290
291<screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
292
293<para>Exit the <command>kadmin</command> program (use <command>quit</command>
294or <command>exit</command>) and return back to the shell prompt. Start
295the <acronym>KDC</acronym> daemon manually, just to test out the
296installation:</para>
297
298<screen><userinput role='root'><command>/usr/sbin/kdc &amp;</command></userinput></screen>
299
300<para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with
301the following command:</para>
302
303<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
304
305<para>You will be prompted for the password you created. After you get your
306ticket, you should list it with the following command:</para>
307
308<screen><userinput><command>klist</command></userinput></screen>
309
310<para>Information about the ticket should be displayed on the screen.</para>
311
312<para>To test the functionality of the keytab file, issue the following
313command:</para>
314
315<screen><userinput><command>ktutil list</command></userinput></screen>
316
317<para>This should dump a list of the host principals, along with the encryption
318methods used to access the principals.</para>
319
320<para>At this point, if everything has been successful so far, you can feel
321fairly confident in the installation and configuration of the package.</para>
322
323<para id="heimdal-init">Install the
324<filename>/etc/rc.d/init.d/heimdal</filename> init script included in the
325<xref linkend="intro-important-bootscripts"/> package:</para>
326<indexterm zone="heimdal heimdal-init">
327<primary sortas="f-heimdal">heimdal</primary>
328</indexterm>
329
330<screen><userinput role='root'><command>make install-heimdal</command></userinput></screen>
331</sect4>
332
333<sect4><title>Using Kerberized Client Programs</title>
334
335<para>To use the kerberized client programs (<command>telnet</command>,
336<command>ftp</command>, <command>rsh</command>,
337<command>rxterm</command>, <command>rxtelnet</command>,
338<command>rcp</command>, <command>xnlock</command>), you first must get
339a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
340get the ticket. After you've acquired the ticket, you can use the
341kerberized programs to connect to any kerberized server on the network.
342You will not be prompted for authentication until your ticket expires
343(default is one day), unless you specify a different user as a command
344line argument to the program.</para>
345
346<para>The kerberized programs will connect to non-kerberized daemons, warning
347you that authentication is not encrypted. As mentioned earlier, only the
348<command>ftp</command> program gives any trouble connecting to
349non-kerberized daemons.</para>
350
351<para>In order to use the <application>Heimdal</application>
352<application>X</application> programs, you'll need to add a service port
353entry to the <filename>/etc/services</filename> file for the
354<command>kxd</command> server. There is no 'standardized port number' for
355the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to
356pick an unused port number. Add an entry to the <filename>services</filename>
357file similar to the entry below (substitute your chosen port number for
358<replaceable>[49150]</replaceable>):</para>
359
360<screen><userinput role='root'>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X
361kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen>
362
363<para>For additional information consult <ulink
364url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
365Heimdal hint</ulink> on which the above instructions are based.</para>
366</sect4>
367</sect3>
368
369</sect2>
370
371<sect2>
372<title>Contents</title>
373
374<segmentedlist>
375<segtitle>Installed Programs</segtitle>
376<segtitle>Installed Libraries</segtitle>
377<segtitle>Installed Directories</segtitle>
378
379<seglistitem>
380<seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave,
381kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist,
382kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp,
383otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet,
384rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log,
385verify_krb5_conf and xnlock</seg>
386<seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
387libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
388libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg>
389<seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and
390/var/lib/heimdal</seg>
391</seglistitem>
392</segmentedlist>
393
394<variablelist>
395<bridgehead renderas="sect3">Short Descriptions</bridgehead>
396<?dbfo list-presentation="list"?>
397
398<varlistentry id="afslog">
399<term><command>afslog</command></term>
400<listitem><para>obtains <acronym>AFS</acronym> tokens for a number of
401cells.</para>
402<indexterm zone="heimdal afslog">
403<primary sortas="b-afslog">afslog</primary>
404</indexterm></listitem>
405</varlistentry>
406
407<varlistentry id="ftp">
408<term><command>ftp</command></term>
409<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
410<indexterm zone="heimdal ftp">
411<primary sortas="b-ftp">ftp</primary>
412</indexterm></listitem>
413</varlistentry>
414
415<varlistentry id="ftpd">
416<term><command>ftpd</command></term>
417<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
418<indexterm zone="heimdal ftpd">
419<primary sortas="b-ftpd">ftpd</primary>
420</indexterm></listitem>
421</varlistentry>
422
423<varlistentry id="hprop">
424<term><command>hprop</command></term>
425<listitem><para> takes a principal database in a specified format and converts
426it into a stream of <application>Heimdal</application> database records.</para>
427<indexterm zone="heimdal hprop">
428<primary sortas="b-hprop">hprop</primary>
429</indexterm></listitem>
430</varlistentry>
431
432<varlistentry id="hpropd">
433<term><command>hpropd</command></term>
434<listitem><para>is a server that receives a database sent by
435<command>hprop</command> and writes it as a local database.</para>
436<indexterm zone="heimdal hpropd">
437<primary sortas="b-hpropd">hpropd</primary>
438</indexterm></listitem>
439</varlistentry>
440
441<varlistentry id="ipropd-master">
442<term><command>ipropd-master</command></term>
443<listitem><para>is a daemon which runs on the master <acronym>KDC</acronym>
444server which incrementally propogates changes to the <acronym>KDC</acronym>
445database to the slave <acronym>KDC</acronym> servers.</para>
446<indexterm zone="heimdal ipropd-master">
447<primary sortas="b-ipropd-master">ipropd-master</primary>
448</indexterm></listitem>
449</varlistentry>
450
451<varlistentry id="ipropd-slave">
452<term><command>ipropd-slave</command></term>
453<listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym>
454servers which incrementally propogates changes to the <acronym>KDC</acronym>
455database from the master <acronym>KDC</acronym> server.</para>
456<indexterm zone="heimdal ipropd-slave">
457<primary sortas="b-ipropd-slave">ipropd-slave</primary>
458</indexterm></listitem>
459</varlistentry>
460
461<varlistentry id="kadmin">
462<term><command>kadmin</command></term>
463<listitem><para>is a utility used to make modifications to the Kerberos
464database.</para>
465<indexterm zone="heimdal kadmin">
466<primary sortas="b-kadmin">kadmin</primary>
467</indexterm></listitem>
468</varlistentry>
469
470<varlistentry id="kadmind">
471<term><command>kadmind</command></term>
472<listitem><para>is a server for administrative access to the Kerberos
473database.</para>
474<indexterm zone="heimdal kadmind">
475<primary sortas="b-kadmind">kadmind</primary>
476</indexterm></listitem>
477</varlistentry>
478
479<varlistentry id="kauth">
480<term><command>kauth</command></term>
481<listitem><para>is a symbolic link to the <command>kinit</command>
482program.</para>
483<indexterm zone="heimdal kauth">
484<primary sortas="g-kauth">kauth</primary>
485</indexterm></listitem>
486</varlistentry>
487
488<varlistentry id="kdc">
489<term><command>kdc</command></term>
490<listitem><para>is a Kerberos 5 server.</para>
491<indexterm zone="heimdal kdc">
492<primary sortas="b-kdc">kdc</primary>
493</indexterm></listitem>
494</varlistentry>
495
496<varlistentry id="kdestroy">
497<term><command>kdestroy</command></term>
498<listitem><para>removes a principle's current set of tickets.</para>
499<indexterm zone="heimdal kdestroy">
500<primary sortas="b-kdestroy">kdestroy</primary>
501</indexterm></listitem>
502</varlistentry>
503
504<varlistentry id="kf">
505<term><command>kf</command></term>
506<listitem><para>is a program which forwards tickets to a remote host through
507an authenticated and encrypted stream.</para>
508<indexterm zone="heimdal kf">
509<primary sortas="b-kf">kf</primary>
510</indexterm></listitem>
511</varlistentry>
512
513<varlistentry id="kfd">
514<term><command>kfd</command></term>
515<listitem><para>is a server used to receive forwarded tickets.</para>
516<indexterm zone="heimdal kfd">
517<primary sortas="b-kfd">kfd</primary>
518</indexterm></listitem>
519</varlistentry>
520
521<varlistentry id="kgetcred">
522<term><command>kgetcred</command></term>
523<listitem><para>obtains a ticket for a service.</para>
524<indexterm zone="heimdal kgetcred">
525<primary sortas="b-kgetcred">kgetcred</primary>
526</indexterm></listitem>
527</varlistentry>
528
529<varlistentry id="kinit">
530<term><command>kinit</command></term>
531<listitem><para>is used to authenticate to the Kerberos server as a principal
532and acquire a ticket granting ticket that can later be used to obtain tickets
533for other services.</para>
534<indexterm zone="heimdal kinit">
535<primary sortas="b-kinit">kinit</primary>
536</indexterm></listitem>
537</varlistentry>
538
539<varlistentry id="klist">
540<term><command>klist</command></term>
541<listitem><para>reads and displays the current tickets in the credential
542cache.</para>
543<indexterm zone="heimdal klist">
544<primary sortas="b-klist">klist</primary>
545</indexterm></listitem>
546</varlistentry>
547
548<varlistentry id="kpasswd">
549<term><command>kpasswd</command></term>
550<listitem><para>is a program for changing Kerberos 5 passwords.</para>
551<indexterm zone="heimdal kpasswd">
552<primary sortas="b-kpasswd">kpasswd</primary>
553</indexterm></listitem>
554</varlistentry>
555
556<varlistentry id="kpasswdd">
557<term><command>kpasswdd</command></term>
558<listitem><para>is a Kerberos 5 password changing server.</para>
559<indexterm zone="heimdal kpasswdd">
560<primary sortas="b-kpasswdd">kpasswdd</primary>
561</indexterm></listitem>
562</varlistentry>
563
564<varlistentry id="krb5-config-prog">
565<term><command>krb5-config</command></term>
566<listitem><para>gives information on how to link programs against
567<application>Heimdal</application> libraries.</para>
568<indexterm zone="heimdal krb5-config-prog">
569<primary sortas="b-krb5-config">krb5-config</primary>
570</indexterm></listitem>
571</varlistentry>
572
573<varlistentry id="kstash">
574<term><command>kstash</command></term>
575<listitem><para>stores the <acronym>KDC</acronym> master password in a
576file.</para>
577<indexterm zone="heimdal kstash">
578<primary sortas="b-kstash">kstash</primary>
579</indexterm></listitem>
580</varlistentry>
581
582<varlistentry id="ktutil">
583<term><command>ktutil</command></term>
584<listitem><para>is a program for managing Kerberos keytabs.</para>
585<indexterm zone="heimdal ktutil">
586<primary sortas="b-ktutil">ktutil</primary>
587</indexterm></listitem>
588</varlistentry>
589
590<varlistentry id="kx">
591<term><command>kx</command></term>
592<listitem><para>is a program which securely forwards
593<application>X</application> connections.</para>
594<indexterm zone="heimdal kx">
595<primary sortas="b-kx">kx</primary>
596</indexterm></listitem>
597</varlistentry>
598
599<varlistentry id="kxd">
600<term><command>kxd</command></term>
601<listitem><para>is the daemon for <command>kx</command>.</para>
602<indexterm zone="heimdal kxd">
603<primary sortas="b-kxd">kxd</primary>
604</indexterm></listitem>
605</varlistentry>
606
607<varlistentry id="login">
608<term><command>login</command></term>
609<listitem><para>is a kerberized login program.</para>
610<indexterm zone="heimdal login">
611<primary sortas="b-login">login</primary>
612</indexterm></listitem>
613</varlistentry>
614
615<varlistentry id="otp">
616<term><command>otp</command></term>
617<listitem><para>manages one-time passwords.</para>
618<indexterm zone="heimdal otp">
619<primary sortas="b-otp">otp</primary>
620</indexterm></listitem>
621</varlistentry>
622
623<varlistentry id="otpprint">
624<term><command>otpprint</command></term>
625<listitem><para>prints lists of one-time passwords.</para>
626<indexterm zone="heimdal otpprint">
627<primary sortas="b-otpprint">otpprint</primary>
628</indexterm></listitem>
629</varlistentry>
630
631<varlistentry id="pfrom">
632<term><command>pfrom</command></term>
633<listitem><para>is a script that runs <command>push --from</command>.</para>
634<indexterm zone="heimdal pfrom">
635<primary sortas="b-pfrom">pfrom</primary>
636</indexterm></listitem>
637</varlistentry>
638
639<varlistentry id="popper">
640<term><command>popper</command></term>
641<listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para>
642<indexterm zone="heimdal popper">
643<primary sortas="b-popper">popper</primary>
644</indexterm></listitem>
645</varlistentry>
646
647<varlistentry id="push">
648<term><command>push</command></term>
649<listitem><para>is a kerberized <acronym>POP</acronym> mail retreival
650client.</para>
651<indexterm zone="heimdal push">
652<primary sortas="b-push">push</primary>
653</indexterm></listitem>
654</varlistentry>
655
656<varlistentry id="rcp">
657<term><command>rcp</command></term>
658<listitem><para>is a kerberized rcp client program.</para>
659<indexterm zone="heimdal rcp">
660<primary sortas="b-rcp">rcp</primary>
661</indexterm></listitem>
662</varlistentry>
663
664<varlistentry id="rsh">
665<term><command>rsh</command></term>
666<listitem><para>is a kerberized rsh client program.</para>
667<indexterm zone="heimdal rsh">
668<primary sortas="b-rsh">rsh</primary>
669</indexterm></listitem>
670</varlistentry>
671
672<varlistentry id="rshd">
673<term><command>rshd</command></term>
674<listitem><para>is a kerberized rsh server.</para>
675<indexterm zone="heimdal rshd">
676<primary sortas="b-rshd">rshd</primary>
677</indexterm></listitem>
678</varlistentry>
679
680<varlistentry id="rxtelnet">
681<term><command>rxtelnet</command></term>
682<listitem><para>starts a secure <command>xterm</command> window with a
683<command>telnet</command> to a given host and forwards
684<application>X</application> connections.</para>
685<indexterm zone="heimdal rxtelnet">
686<primary sortas="b-rxtelnet">rxtelnet</primary>
687</indexterm></listitem>
688</varlistentry>
689
690<varlistentry id="rxterm">
691<term><command>rxterm</command></term>
692<listitem><para>starts a secure remote <command>xterm</command>.</para>
693<indexterm zone="heimdal rxterm">
694<primary sortas="b-rxterm">rxterm</primary>
695</indexterm></listitem>
696</varlistentry>
697
698<varlistentry id="string2key">
699<term><command>string2key</command></term>
700<listitem><para>maps a password into a key.</para>
701<indexterm zone="heimdal string2key">
702<primary sortas="b-string2key">string2key</primary>
703</indexterm></listitem>
704</varlistentry>
705
706<varlistentry id="su">
707<term><command>su</command></term>
708<listitem><para>is a kerberized su client program.</para>
709<indexterm zone="heimdal su">
710<primary sortas="b-su">su</primary>
711</indexterm></listitem>
712</varlistentry>
713
714<varlistentry id="telnet">
715<term><command>telnet</command></term>
716<listitem><para>is a kerberized telnet client program.</para>
717<indexterm zone="heimdal telnet">
718<primary sortas="b-telnet">telnet</primary>
719</indexterm></listitem>
720</varlistentry>
721
722<varlistentry id="telnetd">
723<term><command>telnetd</command></term>
724<listitem><para>is a kerberized telnet server.</para>
725<indexterm zone="heimdal telnetd">
726<primary sortas="b-telnetd">telnetd</primary>
727</indexterm></listitem>
728</varlistentry>
729
730<varlistentry id="tenletxr">
731<term><command>tenletxr</command></term>
732<listitem><para>forwards <application>X</application> connections
733backwards.</para>
734<indexterm zone="heimdal tenletxr">
735<primary sortas="b-tenletxr">tenletxr</primary>
736</indexterm></listitem>
737</varlistentry>
738
739<varlistentry id="verify_krb5_conf">
740<term><command>verify_krb5_conf</command></term>
741<listitem><para>checks <filename>krb5.conf</filename> file for obvious
742errors.</para>
743<indexterm zone="heimdal verify_krb5_conf">
744<primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
745</indexterm></listitem>
746</varlistentry>
747
748<varlistentry id="xnlock">
749<term><command>xnlock</command></term>
750<listitem><para>is a program that acts as a secure screen saver for
751workstations running <application>X</application>.</para>
752<indexterm zone="heimdal xnlock">
753<primary sortas="b-xnlock">xnlock</primary>
754</indexterm></listitem>
755</varlistentry>
756
757<varlistentry id="libasn1">
758<term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
759<listitem><para>provides the ASN.1 and DER functions to encode and decode
760the Kerberos TGTs.</para>
761<indexterm zone="heimdal libasn1">
762<primary sortas="c-libasn1">libasn1.[so,a]</primary>
763</indexterm></listitem>
764</varlistentry>
765
766<varlistentry id="libeditline">
767<term><filename class='libraryfile'>libeditline.a</filename></term>
768<listitem><para>is a command-line editing library with history.</para>
769<indexterm zone="heimdal libeditline">
770<primary sortas="c-libeditline">libeditline.a</primary>
771</indexterm></listitem>
772</varlistentry>
773
774<varlistentry id="libgssapi">
775<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
776<listitem><para>contain the Generic Security Service Application Programming
777Interface (<acronym>GSSAPI</acronym>) functions which provides security
778services to callers in a generic fashion, supportable with a range of
779underlying mechanisms and technologies and hence allowing source-level
780portability of applications to different environments.</para>
781<indexterm zone="heimdal libgssapi">
782<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
783</indexterm></listitem>
784</varlistentry>
785
786<varlistentry id="libhdb">
787<term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
788<listitem><para>is a <application>Heimdal</application> Kerberos 5
789authentication/authorization database access library.</para>
790<indexterm zone="heimdal libhdb">
791<primary sortas="c-libhdb">libhdb.[so,a]</primary>
792</indexterm></listitem>
793</varlistentry>
794
795<varlistentry id="libkadm5clnt">
796<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
797<listitem><para>contains the administrative authentication and password
798checking functions required by Kerberos 5 client-side programs.</para>
799<indexterm zone="heimdal libkadm5clnt">
800<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
801</indexterm></listitem>
802</varlistentry>
803
804<varlistentry id="libkadm5srv">
805<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
806<listitem><para>contain the administrative authentication and password
807checking functions required by Kerberos 5 servers.</para>
808<indexterm zone="heimdal libkadm5srv">
809<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
810</indexterm></listitem>
811</varlistentry>
812
813<varlistentry id="libkafs">
814<term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
815<listitem><para>contains the functions required to authenticated to AFS.</para>
816<indexterm zone="heimdal libkafs">
817<primary sortas="c-libkafs">libkafs.[so,a]</primary>
818</indexterm></listitem>
819</varlistentry>
820
821<varlistentry id="libkrb5">
822<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
823<listitem><para>is an all-purpose Kerberos 5 library.</para>
824<indexterm zone="heimdal libkrb5">
825<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
826</indexterm></listitem>
827</varlistentry>
828
829<varlistentry id="libotp">
830<term><filename class='libraryfile'>libotp.[so,a]</filename></term>
831<listitem><para>contains the functions required to handle authenticating
832one time passwords.</para>
833<indexterm zone="heimdal libotp">
834<primary sortas="c-libotp">libotp.[so,a]</primary>
835</indexterm></listitem>
836</varlistentry>
837
838<varlistentry id="libroken">
839<term><filename class='libraryfile'>libroken.[so,a]</filename></term>
840<listitem><para>is a library containing Kerberos 5 compatibility
841functions.</para>
842<indexterm zone="heimdal libroken">
843<primary sortas="c-libroken">libroken.[so,a]</primary>
844</indexterm></listitem>
845</varlistentry>
846
847</variablelist>
848
849</sect2>
850
851</sect1>
Note: See TracBrowser for help on using the repository browser.