Context Navigation

mitkrb-systemd.xml@ 0be2ac2f

Visit:

kde5-14686 systemd-13485

Last change on this file since 0be2ac2f was 607c1e67, checked in by Krejzi <krejzi@…>, 10 years ago

Yet even more checks and fixes.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@14023 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "357f1312b7720a0a591e22db0f7829fe">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "165 MB (Additional 25 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 4.4 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs76_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),
82	<xref linkend="gnupg2"/> (to authenticate the package),
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<para>
115	After unpacking the distribution tarball and if you have
116	<xref linkend="gnupg2"/> installed, you can
117	authenticate the package. First, check the contents of the file
118	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
119	</para>
120
121	<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
122
123	<para>You will probably see output similar to:</para>
124
125	<screen>Signature made Tue 12 Aug 2014 12:53:10 AM CEST using RSA key ID 749D7889
126	gpg: Can't check signature: public key not found</screen>
127
128	<para>
129	You can import the public key with:
130	</para>
131
132	<screen><userinput>gpg --pgp2 --keyserver pgp.mit.edu --recv-keys 0x749D7889</userinput></screen>
133
134	<para>
135	Now re-verify the package with the first command above. You should get a
136	indication of a good signature, but the key will still not be certified
137	with a trusted signature. Trusting the downloaded key is a separate
138	operation but it is up to you to determine the level of trust.
139	</para>
140
141	<para>
142	Build <application>MIT Kerberos V5</application> by running the
143	following commands:
144	</para>
145
146	<screen><userinput>cd src &&
147	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
148	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
149	-i configure.in &&<!-- Tests passed fine without this.
150	sed -e 's@\^u}@^u cols 300}@' \
151	-i tests/dejagnu/config/default.exp && -->
152	autoconf &&
153	./configure --prefix=/usr \
154	--sysconfdir=/etc \
155	--localstatedir=/var/lib \
156	--with-system-et \
157	--with-system-ss \
158	--without-system-verto \
159	--enable-dns-for-realm &&
160	make</userinput></screen>
161
162	<para>
163	To test the build, issue: <command>make check</command>. You need at
164	least <xref linkend="tcl"/>, which is used to drive the testsuite.
165	Furthermore, <xref linkend="dejagnu"/> must be available for some
166	of the tests to run. If you have a former version of MIT Kerberos V5
167	installed, it may happen that the test suite pick up the installed
168	versions of the libraries, rather than the newly built ones. If so,
169	it is better to run the tests after the installation.
170	</para>
171
172	<para>
173	Now, as the <systemitem class="username">root</systemitem> user:
174	</para>
175
176	<screen role="root"><userinput>make install &&
177
178	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
179	kdb5 kdb_ldap krad krb5 krb5support verto ; do
180	[ -e /usr/lib/lib$LIBRARY.so ] && chmod -v 755 /usr/lib/lib$LIBRARY.so
181	done &&
182
183	mv -v /usr/lib/libkrb5.so.* /lib &&
184	mv -v /usr/lib/libk5crypto.so.* /lib &&
185	mv -v /usr/lib/libkrb5support.so.* /lib &&
186
187	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &&
188	ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &&
189	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &&
190
191	mv -v /usr/bin/ksu /bin &&
192	chmod -v 755 /bin/ksu &&
193
194	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
195	cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
196
197	unset LIBRARY</userinput></screen>
198
199
200	</sect2>
201
202	<sect2 role="commands">
203	<title>Command Explanations</title>
204
205	<para>
206	<command>sed -e ...</command>: The first <command>sed</command> fixes
207	<application>Python</application> detection.<!-- The second one increases
208	the width of the virtual terminal used for some tests, to prevent
209	some spurious characters to be echoed, which is taken as a failure. -->
210	</para>
211
212	<para>
213	<parameter>--localstatedir=/var/lib</parameter>: This switch is
214	used so that the Kerberos variable run-time data is located in
215	<filename class="directory">/var/lib</filename> instead of
216	<filename class="directory">/usr/var</filename>.
217	</para>
218
219	<para>
220	<parameter>--with-system-et</parameter>: This switch causes the build
221	to use the system-installed versions of the error-table support
222	software.
223	</para>
224
225	<para>
226	<parameter>--with-system-ss</parameter>: This switch causes the build
227	to use the system-installed versions of the subsystem command-line
228	interface software.
229	</para>
230
231	<para>
232	<parameter>--without-system-verto</parameter>: This switch causes
233	the build to use the internal version of <filename
234	class="libraryfile">libverto</filename> library in case older one
235	is present from previous <application>Kerberos</application>
236	installation.
237	</para>
238
239	<para>
240	<parameter>--enable-dns-for-realm</parameter>: This switch allows
241	realms to be resolved using the DNS server.
242	</para>
243
244	<para>
245	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
246	<command>ksu</command> program to the
247	<filename class="directory">/bin</filename> directory so that it is
248	available when the <filename class="directory">/usr</filename>
249	filesystem is not mounted.
250	</para>
251
252	<para>
253	<option>--with-ldap</option>: Use this switch if you want to compile
254	<application>OpenLDAP</application> database backend module.
255	</para>
256
257	</sect2>
258
259	<sect2 role="configuration">
260	<title>Configuring MIT Kerberos V5</title>
261
262	<sect3 id="krb5-config">
263	<title>Config Files</title>
264
265	<para>
266	<filename>/etc/krb5.conf</filename> and
267	<filename>/var/lib/krb5kdc/kdc.conf</filename>
268	</para>
269
270	<indexterm zone="mitkrb krb5-config">
271	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
272	</indexterm>
273
274	<indexterm zone="mitkrb krb5-config">
275	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
276	</indexterm>
277
278	</sect3>
279
280	<sect3>
281	<title>Configuration Information</title>
282
283	<sect4>
284	<title>Kerberos Configuration</title>
285
286	<tip>
287	<para>
288	You should consider installing some sort of password checking
289	dictionary so that you can configure the installation to only
290	accept strong passwords. A suitable dictionary to use is shown in
291	the <xref linkend="cracklib"/> instructions. Note that only one
292	file can be used, but you can concatenate many files into one. The
293	configuration file shown below assumes you have installed a
294	dictionary to <filename>/usr/share/dict/words</filename>.
295	</para>
296	</tip>
297
298	<para>
299	Create the Kerberos configuration file with the following
300	commands issued by the <systemitem class="username">root</systemitem>
301	user:
302	</para>
303
304	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
305	<literal># Begin /etc/krb5.conf
306
307	[libdefaults]
308	default_realm = <replaceable><LFS.ORG></replaceable>
309	encrypt = true
310
311	[realms]
312	<replaceable><LFS.ORG></replaceable> = {
313	kdc = <replaceable><belgarath.lfs.org></replaceable>
314	admin_server = <replaceable><belgarath.lfs.org></replaceable>
315	dict_file = /usr/share/dict/words
316	}
317
318	[domain_realm]
319	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
320
321	[logging]
322	kdc = SYSLOG[:INFO[:AUTH]]
323	admin_server = SYSLOG[INFO[:AUTH]]
324	default = SYSLOG[[:SYS]]
325
326	# End /etc/krb5.conf</literal>
327	EOF</userinput></screen>
328
329	<para>
330	You will need to substitute your domain and proper hostname for the
331	occurrences of the <replaceable><belgarath></replaceable> and
332	<replaceable><lfs.org></replaceable> names.
333	</para>
334
335	<para>
336	<option>default_realm</option> should be the name of your
337	domain changed to ALL CAPS. This isn't required, but both
338	<application>Heimdal</application> and MIT recommend it.
339	</para>
340
341	<para>
342	<option>encrypt = true</option> provides encryption of all traffic
343	between kerberized clients and servers. It's not necessary and can
344	be left off. If you leave it off, you can encrypt all traffic from
345	the client to the server using a switch on the client program
346	instead.
347	</para>
348
349	<para>
350	The <option>[realms]</option> parameters tell the client programs
351	where to look for the KDC authentication services.
352	</para>
353
354	<para>
355	The <option>[domain_realm]</option> section maps a domain to a realm.
356	</para>
357
358	<para>
359	Create the KDC database:
360	</para>
361
362	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
363
364	<para>
365	Now you should populate the database with principals
366	(users). For now, just use your regular login name or
367	<systemitem class="username">root</systemitem>.
368	</para>
369
370	<screen role="root"><userinput>kadmin.local
371	<prompt>kadmin.local:</prompt> add_policy dict-only
372	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
373
374	<para>
375	The KDC server and any machine running kerberized
376	server daemons must have a host key installed:
377	</para>
378
379	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
380
381	<para>
382	After choosing the defaults when prompted, you will have to
383	export the data to a keytab file:
384	</para>
385
386	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
387
388	<para>
389	This should have created a file in
390	<filename class="directory">/etc</filename> named
391	<filename>krb5.keytab</filename> (Kerberos 5). This file should
392	have 600 (<systemitem class="username">root</systemitem> rw only)
393	permissions. Keeping the keytab files from public access is crucial
394	to the overall security of the Kerberos installation.
395	</para>
396
397	<para>
398	Exit the <command>kadmin</command> program (use
399	<command>quit</command> or <command>exit</command>) and return
400	back to the shell prompt. Start the KDC daemon manually, just to
401	test out the installation:
402	</para>
403
404	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
405
406	<para>
407	Attempt to get a ticket with the following command:
408	</para>
409
410	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
411
412	<para>
413	You will be prompted for the password you created. After you
414	get your ticket, you can list it with the following command:
415	</para>
416
417	<screen><userinput>klist</userinput></screen>
418
419	<para>
420	Information about the ticket should be displayed on the
421	screen.
422	</para>
423
424	<para>
425	To test the functionality of the keytab file, issue the
426	following command:
427	</para>
428
429	<screen><userinput>ktutil
430	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
431	<prompt>ktutil:</prompt> l</userinput></screen>
432
433	<para>
434	This should dump a list of the host principal, along with
435	the encryption methods used to access the principal.
436	</para>
437
438	<para>
439	At this point, if everything has been successful so far, you
440	can feel fairly confident in the installation and configuration of
441	the package.
442	</para>
443
444	</sect4>
445
446	<sect4>
447	<title>Additional Information</title>
448
449	<para>
450	For additional information consult the <ulink
451	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
452	documentation for krb5-&mitkrb-version;</ulink> on which the above
453	instructions are based.
454	</para>
455
456	</sect4>
457
458	</sect3>
459
460	<sect3 id="mitkrb-init">
461	<title>Systemd Units</title>
462
463	<para>
464	To start the Kerberos services at boot,
465	install the systemd units from the <xref linkend="bootscripts"/>
466	package by running the following command as the
467	<systemitem class="username">root</systemitem> user:
468	</para>
469
470	<indexterm zone="mitkrb mitkrb-init">
471	<primary sortas="f-krb5">krb5</primary>
472	</indexterm>
473
474	<screen role="root"><userinput>make install-krb5</userinput></screen>
475
476	</sect3>
477
478	</sect2>
479
480	<sect2 role="content">
481
482	<title>Contents</title>
483	<para></para>
484
485	<segmentedlist>
486	<segtitle>Installed Programs</segtitle>
487	<segtitle>Installed Libraries</segtitle>
488	<segtitle>Installed Directories</segtitle>
489
490	<seglistitem>
491	<seg>
492	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
493	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
494	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
495	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
496	sserver, uuclient and uuserver
497	</seg>
498	<seg>
499	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
500	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so
501	(optional), libkrad.so, libkrb5.so, libkrb5support.so, and
502	libverto.so
503	</seg>
504	<seg>
505	/usr/include/gssapi,
506	/usr/include/gssrpc,
507	/usr/include/kadm5,
508	/usr/include/krb5,
509	/usr/lib/krb5,
510	/usr/share/doc/krb5-&mitkrb-version;,
511	/usr/share/examples/krb5 and
512	/var/lib/krb5kdc
513	</seg>
514	</seglistitem>
515	</segmentedlist>
516
517	<variablelist>
518	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
519	<?dbfo list-presentation="list"?>
520	<?dbhtml list-presentation="table"?>
521
522	<varlistentry id="k5srvutil">
523	<term><command>k5srvutil</command></term>
524	<listitem>
525	<para>
526	is a host keytable manipulation utility.
527	</para>
528	<indexterm zone="mitkrb k5srvutil">
529	<primary sortas="b-k5srvutil">k5srvutil</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="kadmin">
535	<term><command>kadmin</command></term>
536	<listitem>
537	<para>
538	is an utility used to make modifications
539	to the Kerberos database.
540	</para>
541	<indexterm zone="mitkrb kadmin">
542	<primary sortas="b-kadmin">kadmin</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="kadmind">
548	<term><command>kadmind</command></term>
549	<listitem>
550	<para>
551	is a server for administrative access
552	to a Kerberos database.
553	</para>
554	<indexterm zone="mitkrb kadmind">
555	<primary sortas="b-kadmind">kadmind</primary>
556	</indexterm>
557	</listitem>
558	</varlistentry>
559
560	<varlistentry id="kdb5_util">
561	<term><command>kdb5_util</command></term>
562	<listitem>
563	<para>
564	is the KDC database utility.
565	</para>
566	<indexterm zone="mitkrb kdb5_util">
567	<primary sortas="b-kdb5_util">kdb5_util</primary>
568	</indexterm>
569	</listitem>
570	</varlistentry>
571
572	<varlistentry id="kdestroy">
573	<term><command>kdestroy</command></term>
574	<listitem>
575	<para>
576	removes the current set of tickets.
577	</para>
578	<indexterm zone="mitkrb kdestroy">
579	<primary sortas="b-kdestroy">kdestroy</primary>
580	</indexterm>
581	</listitem>
582	</varlistentry>
583
584	<varlistentry id="kinit">
585	<term><command>kinit</command></term>
586	<listitem>
587	<para>
588	is used to authenticate to the Kerberos server as a
589	principal and acquire a ticket granting ticket that can
590	later be used to obtain tickets for other services.
591	</para>
592	<indexterm zone="mitkrb kinit">
593	<primary sortas="b-kinit">kinit</primary>
594	</indexterm>
595	</listitem>
596	</varlistentry>
597
598	<varlistentry id="klist">
599	<term><command>klist</command></term>
600	<listitem>
601	<para>
602	reads and displays the current tickets in
603	the credential cache.
604	</para>
605	<indexterm zone="mitkrb klist">
606	<primary sortas="b-klist">klist</primary>
607	</indexterm>
608	</listitem>
609	</varlistentry>
610
611	<varlistentry id="kpasswd">
612	<term><command>kpasswd</command></term>
613	<listitem>
614	<para>
615	is a program for changing Kerberos 5 passwords.
616	</para>
617	<indexterm zone="mitkrb kpasswd">
618	<primary sortas="b-kpasswd">kpasswd</primary>
619	</indexterm>
620	</listitem>
621	</varlistentry>
622
623	<varlistentry id="kprop">
624	<term><command>kprop</command></term>
625	<listitem>
626	<para>
627	takes a principal database in a specified format and
628	converts it into a stream of database records.
629	</para>
630	<indexterm zone="mitkrb kprop">
631	<primary sortas="b-kprop">kprop</primary>
632	</indexterm>
633	</listitem>
634	</varlistentry>
635
636	<varlistentry id="kpropd">
637	<term><command>kpropd</command></term>
638	<listitem>
639	<para>
640	receives a database sent by <command>kprop</command>
641	and writes it as a local database.
642	</para>
643	<indexterm zone="mitkrb kpropd">
644	<primary sortas="b-kpropd">kpropd</primary>
645	</indexterm>
646	</listitem>
647	</varlistentry>
648
649	<varlistentry id="krb5-config-prog2">
650	<term><command>krb5-config</command></term>
651	<listitem>
652	<para>
653	gives information on how to link programs against
654	libraries.
655	</para>
656	<indexterm zone="mitkrb krb5-config-prog2">
657	<primary sortas="b-krb5-config">krb5-config</primary>
658	</indexterm>
659	</listitem>
660	</varlistentry>
661
662	<varlistentry id="krb5kdc">
663	<term><command>krb5kdc</command></term>
664	<listitem>
665	<para>
666	is the <application>Kerberos 5</application> server.
667	</para>
668	<indexterm zone="mitkrb krb5kdc">
669	<primary sortas="b-krb5kdc">krb5kdc</primary>
670	</indexterm>
671	</listitem>
672	</varlistentry>
673
674	<varlistentry id="ksu">
675	<term><command>ksu</command></term>
676	<listitem>
677	<para>
678	is the super user program using Kerberos protocol.
679	Requires a properly configured
680	<filename>/etc/shells</filename> and
681	<filename>~/.k5login</filename> containing principals
682	authorized to become super users.
683	</para>
684	<indexterm zone="mitkrb ksu">
685	<primary sortas="b-ksu">ksu</primary>
686	</indexterm>
687	</listitem>
688	</varlistentry>
689
690	<varlistentry id="kswitch">
691	<term><command>kswitch</command></term>
692	<listitem>
693	<para>
694	makes the specified credential cache the
695	primary cache for the collection, if a cache
696	collection is available.
697	</para>
698	<indexterm zone="mitkrb kswitch">
699	<primary sortas="b-kswitch">kswitch</primary>
700	</indexterm>
701	</listitem>
702	</varlistentry>
703
704	<varlistentry id="ktutil">
705	<term><command>ktutil</command></term>
706	<listitem>
707	<para>
708	is a program for managing Kerberos keytabs.
709	</para>
710	<indexterm zone="mitkrb ktutil">
711	<primary sortas="b-ktutil">ktutil</primary>
712	</indexterm>
713	</listitem>
714	</varlistentry>
715
716	<varlistentry id="kvno">
717	<term><command>kvno</command></term>
718	<listitem>
719	<para>
720	prints keyversion numbers of Kerberos principals.
721	</para>
722	<indexterm zone="mitkrb kvno">
723	<primary sortas="b-kvno">kvno</primary>
724	</indexterm>
725	</listitem>
726	</varlistentry>
727
728	<varlistentry id="sclient">
729	<term><command>sclient</command></term>
730	<listitem>
731	<para>
732	used to contact a sample server and authenticate to it
733	using Kerberos 5 tickets, then display the server's
734	response.
735	</para>
736	<indexterm zone="mitkrb sclient">
737	<primary sortas="b-sclient">sclient</primary>
738	</indexterm>
739	</listitem>
740	</varlistentry>
741
742	<varlistentry id="sserver">
743	<term><command>sserver</command></term>
744	<listitem>
745	<para>
746	is the sample Kerberos 5 server.
747	</para>
748	<indexterm zone="mitkrb sserver">
749	<primary sortas="b-sserver">sserver</primary>
750	</indexterm>
751	</listitem>
752	</varlistentry>
753
754	<varlistentry id="libgssapi_krb5">
755	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
756	<listitem>
757	<para>
758	contain the Generic Security Service Application Programming
759	Interface (GSSAPI) functions which provides security services
760	to callers in a generic fashion, supportable with a range of
761	underlying mechanisms and technologies and hence allowing
762	source-level portability of applications to different
763	environments.
764	</para>
765	<indexterm zone="mitkrb libgssapi_krb5">
766	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
767	</indexterm>
768	</listitem>
769	</varlistentry>
770
771	<varlistentry id="libkadm5clnt">
772	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
773	<listitem>
774	<para>
775	contains the administrative authentication and password checking
776	functions required by Kerberos 5 client-side programs.
777	</para>
778	<indexterm zone="mitkrb libkadm5clnt">
779	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
780	</indexterm>
781	</listitem>
782	</varlistentry>
783
784	<varlistentry id="libkadm5srv">
785	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
786	<listitem>
787	<para>
788	contain the administrative authentication and password
789	checking functions required by Kerberos 5 servers.
790	</para>
791	<indexterm zone="mitkrb libkadm5srv">
792	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
793	</indexterm>
794	</listitem>
795	</varlistentry>
796
797	<varlistentry id="libkdb5">
798	<term><filename class="libraryfile">libkdb5.so</filename></term>
799	<listitem>
800	<para>
801	is a Kerberos 5 authentication/authorization database
802	access library.
803	</para>
804	<indexterm zone="mitkrb libkdb5">
805	<primary sortas="c-libkdb5">libkdb5.so</primary>
806	</indexterm>
807	</listitem>
808	</varlistentry>
809
810	<varlistentry id="libkrad">
811	<term><filename class="libraryfile">libkrad.so</filename></term>
812	<listitem>
813	<para>
814	contains the internal support library for RADIUS functionality.
815	</para>
816	<indexterm zone="mitkrb libkrad">
817	<primary sortas="c-libkrad">libkrad.so</primary>
818	</indexterm>
819	</listitem>
820	</varlistentry>
821
822	<varlistentry id="libkrb5">
823	<term><filename class="libraryfile">libkrb5.so</filename></term>
824	<listitem>
825	<para>
826	is an all-purpose <application>Kerberos 5</application> library.
827	</para>
828	<indexterm zone="mitkrb libkrb5">
829	<primary sortas="c-libkrb5">libkrb5.so</primary>
830	</indexterm>
831	</listitem>
832	</varlistentry>
833
834	</variablelist>
835
836	</sect2>
837
838	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb-systemd.xml@ 0be2ac2f

Download in other formats: