Context Navigation

mitkrb-systemd.xml@ 617baad

Visit:

systemd-11177

Last change on this file since 617baad was 617baad, checked in by Krejzi <krejzi@…>, 10 years ago

Bump mitkrb to 1.12.2.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@13901 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "357f1312b7720a0a591e22db0f7829fe">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "165 MB (Additional 25 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 4.4 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs75_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),<!--
82	<xref linkend="gnupg2"/> (to authenticate the package),-->
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<!-- Can't recieve the key properly:
115
116	gpg: requesting key 749D7889 from hkp server pgp.mit.edu
117	gpg: Note: signatures using the MD5 algorithm are rejected
118	gpg: key 749D7889: no valid user IDs
119
120	<para>
121	After unpacking the distribution tarball and if you have
122	<xref linkend="gnupg2"/> installed, you can
123	authenticate the package. First, check the contents of the file
124	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
125	</para>
126
127	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
128
129	<para>You will probably see output similar to:</para>
130
131	<screen>Signature made Tue 12 Aug 2014 12:53:10 AM CEST using RSA key ID 749D7889
132	gpg: Can't check signature: public key not found</screen>
133
134	<para>
135	You can import the public key with:
136	</para>
137
138	<screen><userinput>gpg - -keyserver pgp.mit.edu - -recv-keys 0x749D7889</userinput></screen>
139
140	<para>
141	Now re-verify the package with the first command above. You should get a
142	indication of a good signature, but the key will still not be certified
143	with a trusted signature. Trusting the downloaded key is a separate
144	operation but it is up to you to determine the level of trust.
145	</para>
146	-->
147
148	<para>
149	Build <application>MIT Kerberos V5</application> by running the
150	following commands:
151	</para>
152
153	<screen><userinput>cd src &&
154	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
155	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
156	-i configure.in &&<!-- Tests passed fine without this.
157	sed -e 's@\^u}@^u cols 300}@' \
158	-i tests/dejagnu/config/default.exp && -->
159	autoconf &&
160	./configure --prefix=/usr \
161	--sysconfdir=/etc \
162	--localstatedir=/var/lib \
163	--with-system-et \
164	--with-system-ss \
165	--enable-dns-for-realm &&
166	make</userinput></screen>
167
168	<para>
169	To test the build, issue: <command>make check</command>. You need at
170	least <xref linkend="tcl"/>, which is used to drive the testsuite.
171	Furthermore, <xref linkend="dejagnu"/> must be available for some
172	of the tests to run. If you have a former version of MIT Kerberos V5
173	installed, it may happen that the test suite pick up the installed
174	versions of the libraries, rather than the newly built ones. If so,
175	it is better to run the tests after the installation.
176	</para>
177
178	<para>
179	Now, as the <systemitem class="username">root</systemitem> user:
180	</para>
181
182	<screen role="root"><userinput>make install &&
183
184	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
185	kdb5 kdb_ldap krad krb5 krb5support verto ; do
186	[ -e /usr/lib/lib$LIBRARY.so ] && chmod -v 755 /usr/lib/lib$LIBRARY.so
187	done &&
188
189	mv -v /usr/lib/libkrb5.so.* /lib &&
190	mv -v /usr/lib/libk5crypto.so.* /lib &&
191	mv -v /usr/lib/libkrb5support.so.* /lib &&
192
193	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &&
194	ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &&
195	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &&
196
197	mv -v /usr/bin/ksu /bin &&
198	chmod -v 755 /bin/ksu &&
199
200	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
201	cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
202
203	unset LIBRARY</userinput></screen>
204
205
206	</sect2>
207
208	<sect2 role="commands">
209	<title>Command Explanations</title>
210
211	<para>
212	<command>sed -e ...</command>: The first <command>sed</command> fixes
213	<application>Python</application> detection.<!-- The second one increases
214	the width of the virtual terminal used for some tests, to prevent
215	some spurious characters to be echoed, which is taken as a failure. -->
216	</para>
217
218	<para>
219	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
220	used so that the Kerberos variable run-time data is located in
221	<filename class="directory">/var/lib</filename> instead of
222	<filename class="directory">/usr/var</filename>.
223	</para>
224
225	<para>
226	<parameter>--with-system-et</parameter>: This switch causes the build
227	to use the system-installed versions of the error-table support
228	software.
229	</para>
230
231	<para>
232	<parameter>--with-system-ss</parameter>: This switch causes the build
233	to use the system-installed versions of the subsystem command-line
234	interface software.
235	</para>
236
237	<para>
238	<parameter>--enable-dns-for-realm</parameter>: This switch allows
239	realms to be resolved using the DNS server.
240	</para>
241
242	<para>
243	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
244	<command>ksu</command> program to the
245	<filename class="directory">/bin</filename> directory so that it is
246	available when the <filename class="directory">/usr</filename>
247	filesystem is not mounted.
248	</para>
249
250	<para>
251	<option>--with-ldap</option>: Use this switch if you want to compile
252	<application>OpenLDAP</application> database backend module.
253	</para>
254
255	</sect2>
256
257	<sect2 role="configuration">
258	<title>Configuring MIT Kerberos V5</title>
259
260	<sect3 id="krb5-config">
261	<title>Config Files</title>
262
263	<para>
264	<filename>/etc/krb5.conf</filename> and
265	<filename>/var/lib/krb5kdc/kdc.conf</filename>
266	</para>
267
268	<indexterm zone="mitkrb krb5-config">
269	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
270	</indexterm>
271
272	<indexterm zone="mitkrb krb5-config">
273	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
274	</indexterm>
275
276	</sect3>
277
278	<sect3>
279	<title>Configuration Information</title>
280
281	<sect4>
282	<title>Kerberos Configuration</title>
283
284	<tip>
285	<para>
286	You should consider installing some sort of password checking
287	dictionary so that you can configure the installation to only
288	accept strong passwords. A suitable dictionary to use is shown in
289	the <xref linkend="cracklib"/> instructions. Note that only one
290	file can be used, but you can concatenate many files into one. The
291	configuration file shown below assumes you have installed a
292	dictionary to <filename>/usr/share/dict/words</filename>.
293	</para>
294	</tip>
295
296	<para>
297	Create the Kerberos configuration file with the following
298	commands issued by the <systemitem class="username">root</systemitem>
299	user:
300	</para>
301
302	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
303	<literal># Begin /etc/krb5.conf
304
305	[libdefaults]
306	default_realm = <replaceable><LFS.ORG></replaceable>
307	encrypt = true
308
309	[realms]
310	<replaceable><LFS.ORG></replaceable> = {
311	kdc = <replaceable><belgarath.lfs.org></replaceable>
312	admin_server = <replaceable><belgarath.lfs.org></replaceable>
313	dict_file = /usr/share/dict/words
314	}
315
316	[domain_realm]
317	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
318
319	[logging]
320	kdc = SYSLOG[:INFO[:AUTH]]
321	admin_server = SYSLOG[INFO[:AUTH]]
322	default = SYSLOG[[:SYS]]
323
324	# End /etc/krb5.conf</literal>
325	EOF</userinput></screen>
326
327	<para>
328	You will need to substitute your domain and proper hostname for the
329	occurrences of the <replaceable><belgarath></replaceable> and
330	<replaceable><lfs.org></replaceable> names.
331	</para>
332
333	<para>
334	<option>default_realm</option> should be the name of your
335	domain changed to ALL CAPS. This isn't required, but both
336	<application>Heimdal</application> and MIT recommend it.
337	</para>
338
339	<para>
340	<option>encrypt = true</option> provides encryption of all traffic
341	between kerberized clients and servers. It's not necessary and can
342	be left off. If you leave it off, you can encrypt all traffic from
343	the client to the server using a switch on the client program
344	instead.
345	</para>
346
347	<para>
348	The <option>[realms]</option> parameters tell the client programs
349	where to look for the KDC authentication services.
350	</para>
351
352	<para>
353	The <option>[domain_realm]</option> section maps a domain to a realm.
354	</para>
355
356	<para>
357	Create the KDC database:
358	</para>
359
360	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
361
362	<para>
363	Now you should populate the database with principals
364	(users). For now, just use your regular login name or
365	<systemitem class="username">root</systemitem>.
366	</para>
367
368	<screen role="root"><userinput>kadmin.local
369	<prompt>kadmin.local:</prompt> add_policy dict-only
370	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
371
372	<para>
373	The KDC server and any machine running kerberized
374	server daemons must have a host key installed:
375	</para>
376
377	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
378
379	<para>
380	After choosing the defaults when prompted, you will have to
381	export the data to a keytab file:
382	</para>
383
384	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
385
386	<para>
387	This should have created a file in
388	<filename class="directory">/etc</filename> named
389	<filename>krb5.keytab</filename> (Kerberos 5). This file should
390	have 600 (<systemitem class="username">root</systemitem> rw only)
391	permissions. Keeping the keytab files from public access is crucial
392	to the overall security of the Kerberos installation.
393	</para>
394
395	<para>
396	Exit the <command>kadmin</command> program (use
397	<command>quit</command> or <command>exit</command>) and return
398	back to the shell prompt. Start the KDC daemon manually, just to
399	test out the installation:
400	</para>
401
402	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
403
404	<para>
405	Attempt to get a ticket with the following command:
406	</para>
407
408	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
409
410	<para>
411	You will be prompted for the password you created. After you
412	get your ticket, you can list it with the following command:
413	</para>
414
415	<screen><userinput>klist</userinput></screen>
416
417	<para>
418	Information about the ticket should be displayed on the
419	screen.
420	</para>
421
422	<para>
423	To test the functionality of the keytab file, issue the
424	following command:
425	</para>
426
427	<screen><userinput>ktutil
428	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
429	<prompt>ktutil:</prompt> l</userinput></screen>
430
431	<para>
432	This should dump a list of the host principal, along with
433	the encryption methods used to access the principal.
434	</para>
435
436	<para>
437	At this point, if everything has been successful so far, you
438	can feel fairly confident in the installation and configuration of
439	the package.
440	</para>
441
442	</sect4>
443
444	<sect4>
445	<title>Additional Information</title>
446
447	<para>
448	For additional information consult the <ulink
449	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
450	documentation for krb5-&mitkrb-version;</ulink> on which the above
451	instructions are based.
452	</para>
453
454	</sect4>
455
456	</sect3>
457
458	<sect3 id="mitkrb-init">
459	<title>Systemd Units</title>
460
461	<para>
462	To start the Kerberos services at boot,
463	install the systemd units from the <xref linkend="bootscripts"/>
464	package by running the following command as the
465	<systemitem class="username">root</systemitem> user:
466	</para>
467
468	<indexterm zone="mitkrb mitkrb-init">
469	<primary sortas="f-krb5">krb5</primary>
470	</indexterm>
471
472	<screen role="root"><userinput>make install-krb5</userinput></screen>
473
474	</sect3>
475
476	</sect2>
477
478	<sect2 role="content">
479
480	<title>Contents</title>
481	<para></para>
482
483	<segmentedlist>
484	<segtitle>Installed Programs</segtitle>
485	<segtitle>Installed Libraries</segtitle>
486	<segtitle>Installed Directories</segtitle>
487
488	<seglistitem>
489	<seg>
490	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
491	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
492	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
493	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
494	sserver, uuclient and uuserver
495	</seg>
496	<seg>
497	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
498	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so
499	(optional), libkrad.so, libkrb5.so, libkrb5support.so, and
500	libverto.so
501	</seg>
502	<seg>
503	/usr/include/gssapi,
504	/usr/include/gssrpc,
505	/usr/include/kadm5,
506	/usr/include/krb5,
507	/usr/lib/krb5,
508	/usr/share/doc/krb5-&mitkrb-version;,
509	/usr/share/examples/krb5 and
510	/var/lib/krb5kdc
511	</seg>
512	</seglistitem>
513	</segmentedlist>
514
515	<variablelist>
516	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
517	<?dbfo list-presentation="list"?>
518	<?dbhtml list-presentation="table"?>
519
520	<varlistentry id="k5srvutil">
521	<term><command>k5srvutil</command></term>
522	<listitem>
523	<para>
524	is a host keytable manipulation utility.
525	</para>
526	<indexterm zone="mitkrb k5srvutil">
527	<primary sortas="b-k5srvutil">k5srvutil</primary>
528	</indexterm>
529	</listitem>
530	</varlistentry>
531
532	<varlistentry id="kadmin">
533	<term><command>kadmin</command></term>
534	<listitem>
535	<para>
536	is an utility used to make modifications
537	to the Kerberos database.
538	</para>
539	<indexterm zone="mitkrb kadmin">
540	<primary sortas="b-kadmin">kadmin</primary>
541	</indexterm>
542	</listitem>
543	</varlistentry>
544
545	<varlistentry id="kadmind">
546	<term><command>kadmind</command></term>
547	<listitem>
548	<para>
549	is a server for administrative access
550	to a Kerberos database.
551	</para>
552	<indexterm zone="mitkrb kadmind">
553	<primary sortas="b-kadmind">kadmind</primary>
554	</indexterm>
555	</listitem>
556	</varlistentry>
557
558	<varlistentry id="kdb5_util">
559	<term><command>kdb5_util</command></term>
560	<listitem>
561	<para>
562	is the KDC database utility.
563	</para>
564	<indexterm zone="mitkrb kdb5_util">
565	<primary sortas="b-kdb5_util">kdb5_util</primary>
566	</indexterm>
567	</listitem>
568	</varlistentry>
569
570	<varlistentry id="kdestroy">
571	<term><command>kdestroy</command></term>
572	<listitem>
573	<para>
574	removes the current set of tickets.
575	</para>
576	<indexterm zone="mitkrb kdestroy">
577	<primary sortas="b-kdestroy">kdestroy</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	<varlistentry id="kinit">
583	<term><command>kinit</command></term>
584	<listitem>
585	<para>
586	is used to authenticate to the Kerberos server as a
587	principal and acquire a ticket granting ticket that can
588	later be used to obtain tickets for other services.
589	</para>
590	<indexterm zone="mitkrb kinit">
591	<primary sortas="b-kinit">kinit</primary>
592	</indexterm>
593	</listitem>
594	</varlistentry>
595
596	<varlistentry id="klist">
597	<term><command>klist</command></term>
598	<listitem>
599	<para>
600	reads and displays the current tickets in
601	the credential cache.
602	</para>
603	<indexterm zone="mitkrb klist">
604	<primary sortas="b-klist">klist</primary>
605	</indexterm>
606	</listitem>
607	</varlistentry>
608
609	<varlistentry id="kpasswd">
610	<term><command>kpasswd</command></term>
611	<listitem>
612	<para>
613	is a program for changing Kerberos 5 passwords.
614	</para>
615	<indexterm zone="mitkrb kpasswd">
616	<primary sortas="b-kpasswd">kpasswd</primary>
617	</indexterm>
618	</listitem>
619	</varlistentry>
620
621	<varlistentry id="kprop">
622	<term><command>kprop</command></term>
623	<listitem>
624	<para>
625	takes a principal database in a specified format and
626	converts it into a stream of database records.
627	</para>
628	<indexterm zone="mitkrb kprop">
629	<primary sortas="b-kprop">kprop</primary>
630	</indexterm>
631	</listitem>
632	</varlistentry>
633
634	<varlistentry id="kpropd">
635	<term><command>kpropd</command></term>
636	<listitem>
637	<para>
638	receives a database sent by <command>kprop</command>
639	and writes it as a local database.
640	</para>
641	<indexterm zone="mitkrb kpropd">
642	<primary sortas="b-kpropd">kpropd</primary>
643	</indexterm>
644	</listitem>
645	</varlistentry>
646
647	<varlistentry id="krb5-config-prog2">
648	<term><command>krb5-config</command></term>
649	<listitem>
650	<para>
651	gives information on how to link programs against
652	libraries.
653	</para>
654	<indexterm zone="mitkrb krb5-config-prog2">
655	<primary sortas="b-krb5-config">krb5-config</primary>
656	</indexterm>
657	</listitem>
658	</varlistentry>
659
660	<varlistentry id="krb5kdc">
661	<term><command>krb5kdc</command></term>
662	<listitem>
663	<para>
664	is the <application>Kerberos 5</application> server.
665	</para>
666	<indexterm zone="mitkrb krb5kdc">
667	<primary sortas="b-krb5kdc">krb5kdc</primary>
668	</indexterm>
669	</listitem>
670	</varlistentry>
671
672	<varlistentry id="ksu">
673	<term><command>ksu</command></term>
674	<listitem>
675	<para>
676	is the super user program using Kerberos protocol.
677	Requires a properly configured
678	<filename>/etc/shells</filename> and
679	<filename>~/.k5login</filename> containing principals
680	authorized to become super users.
681	</para>
682	<indexterm zone="mitkrb ksu">
683	<primary sortas="b-ksu">ksu</primary>
684	</indexterm>
685	</listitem>
686	</varlistentry>
687
688	<varlistentry id="kswitch">
689	<term><command>kswitch</command></term>
690	<listitem>
691	<para>
692	makes the specified credential cache the
693	primary cache for the collection, if a cache
694	collection is available.
695	</para>
696	<indexterm zone="mitkrb kswitch">
697	<primary sortas="b-kswitch">kswitch</primary>
698	</indexterm>
699	</listitem>
700	</varlistentry>
701
702	<varlistentry id="ktutil">
703	<term><command>ktutil</command></term>
704	<listitem>
705	<para>
706	is a program for managing Kerberos keytabs.
707	</para>
708	<indexterm zone="mitkrb ktutil">
709	<primary sortas="b-ktutil">ktutil</primary>
710	</indexterm>
711	</listitem>
712	</varlistentry>
713
714	<varlistentry id="kvno">
715	<term><command>kvno</command></term>
716	<listitem>
717	<para>
718	prints keyversion numbers of Kerberos principals.
719	</para>
720	<indexterm zone="mitkrb kvno">
721	<primary sortas="b-kvno">kvno</primary>
722	</indexterm>
723	</listitem>
724	</varlistentry>
725
726	<varlistentry id="sclient">
727	<term><command>sclient</command></term>
728	<listitem>
729	<para>
730	used to contact a sample server and authenticate to it
731	using Kerberos 5 tickets, then display the server's
732	response.
733	</para>
734	<indexterm zone="mitkrb sclient">
735	<primary sortas="b-sclient">sclient</primary>
736	</indexterm>
737	</listitem>
738	</varlistentry>
739
740	<varlistentry id="sserver">
741	<term><command>sserver</command></term>
742	<listitem>
743	<para>
744	is the sample Kerberos 5 server.
745	</para>
746	<indexterm zone="mitkrb sserver">
747	<primary sortas="b-sserver">sserver</primary>
748	</indexterm>
749	</listitem>
750	</varlistentry>
751
752	<varlistentry id="libgssapi_krb5">
753	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
754	<listitem>
755	<para>
756	contain the Generic Security Service Application Programming
757	Interface (GSSAPI) functions which provides security services
758	to callers in a generic fashion, supportable with a range of
759	underlying mechanisms and technologies and hence allowing
760	source-level portability of applications to different
761	environments.
762	</para>
763	<indexterm zone="mitkrb libgssapi_krb5">
764	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
765	</indexterm>
766	</listitem>
767	</varlistentry>
768
769	<varlistentry id="libkadm5clnt">
770	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
771	<listitem>
772	<para>
773	contains the administrative authentication and password checking
774	functions required by Kerberos 5 client-side programs.
775	</para>
776	<indexterm zone="mitkrb libkadm5clnt">
777	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
778	</indexterm>
779	</listitem>
780	</varlistentry>
781
782	<varlistentry id="libkadm5srv">
783	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
784	<listitem>
785	<para>
786	contain the administrative authentication and password
787	checking functions required by Kerberos 5 servers.
788	</para>
789	<indexterm zone="mitkrb libkadm5srv">
790	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
791	</indexterm>
792	</listitem>
793	</varlistentry>
794
795	<varlistentry id="libkdb5">
796	<term><filename class="libraryfile">libkdb5.so</filename></term>
797	<listitem>
798	<para>
799	is a Kerberos 5 authentication/authorization database
800	access library.
801	</para>
802	<indexterm zone="mitkrb libkdb5">
803	<primary sortas="c-libkdb5">libkdb5.so</primary>
804	</indexterm>
805	</listitem>
806	</varlistentry>
807
808	<varlistentry id="libkrad">
809	<term><filename class="libraryfile">libkrad.so</filename></term>
810	<listitem>
811	<para>
812	contains the internal support library for RADIUS functionality.
813	</para>
814	<indexterm zone="mitkrb libkrad">
815	<primary sortas="c-libkrad">libkrad.so</primary>
816	</indexterm>
817	</listitem>
818	</varlistentry>
819
820	<varlistentry id="libkrb5">
821	<term><filename class="libraryfile">libkrb5.so</filename></term>
822	<listitem>
823	<para>
824	is an all-purpose <application>Kerberos 5</application> library.
825	</para>
826	<indexterm zone="mitkrb libkrb5">
827	<primary sortas="c-libkrb5">libkrb5.so</primary>
828	</indexterm>
829	</listitem>
830	</varlistentry>
831
832	</variablelist>
833
834	</sect2>
835
836	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb-systemd.xml@ 617baad

Download in other formats: