Context Navigation

mitkrb-systemd.xml@ 77aeb6b

Visit:

systemd-13485

Last change on this file since 77aeb6b was 77aeb6b, checked in by Douglas R. Reno <renodr@…>, 9 years ago

Added some short descriptions by Denis. Thanks again!
Update to subversion-1.9.0
Update to ModemManager-1.4.10
Update to totem-pl-parser-3.10.5
Update to VTE-0.48.2
Update to yelp-xsl-3.16.1
Update to geocode-glib-3.16.2
Update to gnome-desktop-3.16.2
Update to gnome-online-accounts-3.16.3
Update to webkitgtk+-2.8.5
Update to gtksourceview-3.16.1
Update to libevdev-1.4.4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16366 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 31.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "f7ebfa6c99c10b16979ebf9a98343189">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "142 MB (Additional 28 MB for the testsuite)">
12	<!ENTITY mitkrb-time "0.9 SBU (additional 5.0 SBU for the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs77_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="bind-utils"/> (used during the testsuite),
82	<xref linkend="dejagnu"/> (for full test coverage),
83	<xref linkend="gnupg2"/> (to authenticate the package),
84	<xref linkend="keyutils"/>,
85	<xref linkend="openldap"/>,
86	<xref linkend="openssl"/>,
87	<xref linkend="python2"/> (used during the testsuite),
88	<xref linkend="tcl"/> and
89	<xref linkend="rpcbind"/> (used during the testsuite)
90	</para>
91
92	<note>
93	<para>
94	Some sort of time synchronization facility on your system (like
95	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
96	if there is a time difference between a kerberized client and the
97	KDC server.
98	</para>
99	</note>
100
101	<para condition="html" role="usernotes">User Notes:
102	<ulink url="&blfs-wiki;/mitkrb"/>
103	</para>
104	</sect2>
105
106	<sect2 role="installation">
107	<title>Installation of MIT Kerberos V5</title>
108
109	<para>
110	<application>MIT Kerberos V5</application> is distributed in a
111	TAR file containing a compressed TAR package and a detached PGP
112	<filename class="extension">ASC</filename> file. You'll need to unpack
113	the distribution tar file, then unpack the compressed tar file before
114	starting the build.
115	</para>
116
117	<para>
118	After unpacking the distribution tarball and if you have
119	<xref linkend="gnupg2"/> installed, you can
120	authenticate the package. First, check the contents of the file
121	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
122	</para>
123
124	<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
125
126	<para>You will probably see output similar to:</para>
127
128	<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
129	gpg: Can't check signature: No public key</literal></screen>
130
131	<para>
132	You can import the public key with:
133	</para>
134
135	<screen><userinput>gpg2 --keyserver pgp.mit.edu --recv-keys 0055C305</userinput></screen>
136
137	<para>
138	Now re-verify the package with the first command above. You should get a
139	indication of a good signature, but the key will still not be certified
140	with a trusted signature. Trusting the downloaded key is a separate
141	operation but it is up to you to determine the level of trust.
142	</para>
143
144	<para>
145	Build <application>MIT Kerberos V5</application> by running the
146	following commands:
147	</para>
148
149	<screen><userinput>cd src &&
150	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
151	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
152	-i configure.in &&
153	autoconf &&
154	./configure --prefix=/usr \
155	--sysconfdir=/etc \
156	--localstatedir=/var/lib \
157	--with-system-et \
158	--with-system-ss \
159	--without-system-verto \
160	--enable-dns-for-realm &&
161	make</userinput></screen>
162
163	<para>
164	To test the build, issue: <command>make check</command>. You need at
165	least <xref linkend="tcl"/>, which is used to drive the testsuite.
166	Furthermore, <xref linkend="dejagnu"/> must be available for some
167	of the tests to run. If you have a former version of MIT Kerberos V5
168	installed, it may happen that the test suite pick up the installed
169	versions of the libraries, rather than the newly built ones. If so,
170	it is better to run the tests after the installation.
171	</para>
172
173	<para>
174	Now, as the <systemitem class="username">root</systemitem> user:
175	</para>
176
177	<screen role="root"><userinput>make install &&
178
179	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
180	kdb5 kdb_ldap krad krb5 krb5support verto ; do
181	[ -e /usr/lib/lib$LIBRARY.so ] && chmod -v 755 /usr/lib/lib$LIBRARY.so
182	done &&
183	unset LIBRARY &&
184
185	mv -v /usr/lib/libkrb5.so.* /lib &&
186	mv -v /usr/lib/libk5crypto.so.* /lib &&
187	mv -v /usr/lib/libkrb5support.so.* /lib &&
188
189	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &&
190	ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &&
191	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &&
192
193	mv -v /usr/bin/ksu /bin &&
194	chmod -v 755 /bin/ksu &&
195
196	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
197	cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
198
199
200	</sect2>
201
202	<sect2 role="commands">
203	<title>Command Explanations</title>
204
205	<para>
206	<command>sed -e ...</command>: This <command>sed</command> fixes
207	<application>Python</application> detection.
208	</para>
209
210	<para>
211	<parameter>--localstatedir=/var/lib</parameter>: This switch is
212	used so that the Kerberos variable run-time data is located in
213	<filename class="directory">/var/lib</filename> instead of
214	<filename class="directory">/usr/var</filename>.
215	</para>
216
217	<para>
218	<parameter>--with-system-et</parameter>: This switch causes the build
219	to use the system-installed versions of the error-table support
220	software.
221	</para>
222
223	<para>
224	<parameter>--with-system-ss</parameter>: This switch causes the build
225	to use the system-installed versions of the subsystem command-line
226	interface software.
227	</para>
228
229	<para>
230	<parameter>--without-system-verto</parameter>: This switch causes
231	the build to use the internal version of <filename
232	class="libraryfile">libverto</filename> library in case older one
233	is present from previous <application>Kerberos</application>
234	installation.
235	</para>
236
237	<para>
238	<parameter>--enable-dns-for-realm</parameter>: This switch allows
239	realms to be resolved using the DNS server.
240	</para>
241
242	<para>
243	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
244	<command>ksu</command> program to the
245	<filename class="directory">/bin</filename> directory so that it is
246	available when the <filename class="directory">/usr</filename>
247	filesystem is not mounted.
248	</para>
249
250	<para>
251	<option>--with-ldap</option>: Use this switch if you want to compile
252	<application>OpenLDAP</application> database backend module.
253	</para>
254
255	</sect2>
256
257	<sect2 role="configuration">
258	<title>Configuring MIT Kerberos V5</title>
259
260	<sect3 id="krb5-config">
261	<title>Config Files</title>
262
263	<para>
264	<filename>/etc/krb5.conf</filename> and
265	<filename>/var/lib/krb5kdc/kdc.conf</filename>
266	</para>
267
268	<indexterm zone="mitkrb krb5-config">
269	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
270	</indexterm>
271
272	<indexterm zone="mitkrb krb5-config">
273	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
274	</indexterm>
275
276	</sect3>
277
278	<sect3>
279	<title>Configuration Information</title>
280
281	<sect4>
282	<title>Kerberos Configuration</title>
283
284	<tip>
285	<para>
286	You should consider installing some sort of password checking
287	dictionary so that you can configure the installation to only
288	accept strong passwords. A suitable dictionary to use is shown in
289	the <xref linkend="cracklib"/> instructions. Note that only one
290	file can be used, but you can concatenate many files into one. The
291	configuration file shown below assumes you have installed a
292	dictionary to <filename>/usr/share/dict/words</filename>.
293	</para>
294	</tip>
295
296	<para>
297	Create the Kerberos configuration file with the following
298	commands issued by the <systemitem class="username">root</systemitem>
299	user:
300	</para>
301
302	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
303	<literal># Begin /etc/krb5.conf
304
305	[libdefaults]
306	default_realm = <replaceable><LFS.ORG></replaceable>
307	encrypt = true
308
309	[realms]
310	<replaceable><LFS.ORG></replaceable> = {
311	kdc = <replaceable><belgarath.lfs.org></replaceable>
312	admin_server = <replaceable><belgarath.lfs.org></replaceable>
313	dict_file = /usr/share/dict/words
314	}
315
316	[domain_realm]
317	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
318
319	[logging]
320	kdc = SYSLOG[:INFO[:AUTH]]
321	admin_server = SYSLOG[INFO[:AUTH]]
322	default = SYSLOG[[:SYS]]
323
324	# End /etc/krb5.conf</literal>
325	EOF</userinput></screen>
326
327	<para>
328	You will need to substitute your domain and proper hostname for the
329	occurrences of the <replaceable><belgarath></replaceable> and
330	<replaceable><lfs.org></replaceable> names.
331	</para>
332
333	<para>
334	<option>default_realm</option> should be the name of your
335	domain changed to ALL CAPS. This isn't required, but both
336	<application>Heimdal</application> and MIT recommend it.
337	</para>
338
339	<para>
340	<option>encrypt = true</option> provides encryption of all traffic
341	between kerberized clients and servers. It's not necessary and can
342	be left off. If you leave it off, you can encrypt all traffic from
343	the client to the server using a switch on the client program
344	instead.
345	</para>
346
347	<para>
348	The <option>[realms]</option> parameters tell the client programs
349	where to look for the KDC authentication services.
350	</para>
351
352	<para>
353	The <option>[domain_realm]</option> section maps a domain to a realm.
354	</para>
355
356	<para>
357	Create the KDC database:
358	</para>
359
360	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
361
362	<para>
363	Now you should populate the database with principals
364	(users). For now, just use your regular login name or
365	<systemitem class="username">root</systemitem>.
366	</para>
367
368	<screen role="root"><userinput>kadmin.local
369	<prompt>kadmin.local:</prompt> add_policy dict-only
370	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
371
372	<para>
373	The KDC server and any machine running kerberized
374	server daemons must have a host key installed:
375	</para>
376
377	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
378
379	<para>
380	After choosing the defaults when prompted, you will have to
381	export the data to a keytab file:
382	</para>
383
384	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
385
386	<para>
387	This should have created a file in
388	<filename class="directory">/etc</filename> named
389	<filename>krb5.keytab</filename> (Kerberos 5). This file should
390	have 600 (<systemitem class="username">root</systemitem> rw only)
391	permissions. Keeping the keytab files from public access is crucial
392	to the overall security of the Kerberos installation.
393	</para>
394
395	<para>
396	Exit the <command>kadmin</command> program (use
397	<command>quit</command> or <command>exit</command>) and return
398	back to the shell prompt. Start the KDC daemon manually, just to
399	test out the installation:
400	</para>
401
402	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
403
404	<para>
405	Attempt to get a ticket with the following command:
406	</para>
407
408	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
409
410	<para>
411	You will be prompted for the password you created. After you
412	get your ticket, you can list it with the following command:
413	</para>
414
415	<screen><userinput>klist</userinput></screen>
416
417	<para>
418	Information about the ticket should be displayed on the
419	screen.
420	</para>
421
422	<para>
423	To test the functionality of the keytab file, issue the
424	following command:
425	</para>
426
427	<screen><userinput>ktutil
428	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
429	<prompt>ktutil:</prompt> l</userinput></screen>
430
431	<para>
432	This should dump a list of the host principal, along with
433	the encryption methods used to access the principal.
434	</para>
435
436	<para>
437	At this point, if everything has been successful so far, you
438	can feel fairly confident in the installation and configuration of
439	the package.
440	</para>
441
442	</sect4>
443
444	<sect4>
445	<title>Additional Information</title>
446
447	<para>
448	For additional information consult the <ulink
449	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
450	documentation for krb5-&mitkrb-version;</ulink> on which the above
451	instructions are based.
452	</para>
453
454	</sect4>
455
456	</sect3>
457
458	<sect3 id="mitkrb-init">
459	<title>Systemd Units</title>
460
461	<para>
462	To start the Kerberos services at boot,
463	install the systemd units from the <xref linkend="bootscripts"/>
464	package by running the following command as the
465	<systemitem class="username">root</systemitem> user:
466	</para>
467
468	<indexterm zone="mitkrb mitkrb-init">
469	<primary sortas="f-krb5">krb5</primary>
470	</indexterm>
471
472	<screen role="root"><userinput>make install-krb5</userinput></screen>
473
474	</sect3>
475
476	</sect2>
477
478	<sect2 role="content">
479
480	<title>Contents</title>
481	<para></para>
482
483	<segmentedlist>
484	<segtitle>Installed Programs</segtitle>
485	<segtitle>Installed Libraries</segtitle>
486	<segtitle>Installed Directories</segtitle>
487
488	<seglistitem>
489	<seg>
490	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
491	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
492	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
493	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
494	sserver, uuclient and uuserver
495	</seg>
496	<seg>
497	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
498	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
499	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so, and
500	libverto.so
501	</seg>
502	<seg>
503	/usr/include/gssapi,
504	/usr/include/gssrpc,
505	/usr/include/kadm5,
506	/usr/include/krb5,
507	/usr/lib/krb5,
508	/usr/share/doc/krb5-&mitkrb-version;,
509	/usr/share/examples/krb5 and
510	/var/lib/krb5kdc
511	</seg>
512	</seglistitem>
513	</segmentedlist>
514
515	<variablelist>
516	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
517	<?dbfo list-presentation="list"?>
518	<?dbhtml list-presentation="table"?>
519
520	<varlistentry id="gss-client">
521	<term><command>gss-client</command></term>
522	<listitem>
523	<para>
524	is a GSSAPI test client.
525	</para>
526	<indexterm zone="mitkrb gss-client">
527	<primary sortas="b-gss-client">gss-client</primary>
528	</indexterm>
529	</listitem>
530	</varlistentry>
531
532	<varlistentry id="gss-server">
533	<term><command>gss-server</command></term>
534	<listitem>
535	<para>
536	is a GSSAPI test server.
537	</para>
538	<indexterm zone="mitkrb gss-server">
539	<primary sortas="b-gss-server">gss-server</primary>
540	</indexterm>
541	</listitem>
542	</varlistentry>
543
544	<varlistentry id="k5srvutil">
545	<term><command>k5srvutil</command></term>
546	<listitem>
547	<para>
548	is a host keytable manipulation utility.
549	</para>
550	<indexterm zone="mitkrb k5srvutil">
551	<primary sortas="b-k5srvutil">k5srvutil</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="kadmin">
557	<term><command>kadmin</command></term>
558	<listitem>
559	<para>
560	is a utility used to make modifications
561	to the Kerberos database.
562	</para>
563	<indexterm zone="mitkrb kadmin">
564	<primary sortas="b-kadmin">kadmin</primary>
565	</indexterm>
566	</listitem>
567	</varlistentry>
568
569	<varlistentry id="kadmin.local">
570	<term><command>kadmin.local</command></term>
571	<listitem>
572	<para>
573	is a utility similar at <command>kadmin</command>, but if the
574	database is db2, the local client <command>kadmin.local</command>,
575	is intended to run directly on the master KDC without Kerberos
576	authentication.
577	</para>
578	<indexterm zone="mitkrb kadmin.local">
579	<primary sortas="b-kadmin.local">kadmin.local</primary>
580	</indexterm>
581	</listitem>
582	</varlistentry>
583
584	<varlistentry id="kadmind">
585	<term><command>kadmind</command></term>
586	<listitem>
587	<para>
588	is a server for administrative access
589	to a Kerberos database.
590	</para>
591	<indexterm zone="mitkrb kadmind">
592	<primary sortas="b-kadmind">kadmind</primary>
593	</indexterm>
594	</listitem>
595	</varlistentry>
596
597	<varlistentry id="kdb5_ldap_util">
598	<term><command>kdb5_ldap_util (optional)</command></term>
599	<listitem>
600	<para>
601	allows an administrator to manage realms, Kerberos services
602	and ticket policies.
603	</para>
604	<indexterm zone="mitkrb kdb5_ldap_util">
605	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
606	</indexterm>
607	</listitem>
608	</varlistentry>
609
610	<varlistentry id="kdb5_util">
611	<term><command>kdb5_util</command></term>
612	<listitem>
613	<para>
614	is the KDC database utility.
615	</para>
616	<indexterm zone="mitkrb kdb5_util">
617	<primary sortas="b-kdb5_util">kdb5_util</primary>
618	</indexterm>
619	</listitem>
620	</varlistentry>
621
622	<varlistentry id="kdestroy">
623	<term><command>kdestroy</command></term>
624	<listitem>
625	<para>
626	removes the current set of tickets.
627	</para>
628	<indexterm zone="mitkrb kdestroy">
629	<primary sortas="b-kdestroy">kdestroy</primary>
630	</indexterm>
631	</listitem>
632	</varlistentry>
633
634	<varlistentry id="kinit">
635	<term><command>kinit</command></term>
636	<listitem>
637	<para>
638	is used to authenticate to the Kerberos server as a
639	principal and acquire a ticket granting ticket that can
640	later be used to obtain tickets for other services.
641	</para>
642	<indexterm zone="mitkrb kinit">
643	<primary sortas="b-kinit">kinit</primary>
644	</indexterm>
645	</listitem>
646	</varlistentry>
647
648	<varlistentry id="klist">
649	<term><command>klist</command></term>
650	<listitem>
651	<para>
652	reads and displays the current tickets in
653	the credential cache.
654	</para>
655	<indexterm zone="mitkrb klist">
656	<primary sortas="b-klist">klist</primary>
657	</indexterm>
658	</listitem>
659	</varlistentry>
660
661	<varlistentry id="kpasswd">
662	<term><command>kpasswd</command></term>
663	<listitem>
664	<para>
665	is a program for changing Kerberos 5 passwords.
666	</para>
667	<indexterm zone="mitkrb kpasswd">
668	<primary sortas="b-kpasswd">kpasswd</primary>
669	</indexterm>
670	</listitem>
671	</varlistentry>
672
673	<varlistentry id="kprop">
674	<term><command>kprop</command></term>
675	<listitem>
676	<para>
677	takes a principal database in a specified format and
678	converts it into a stream of database records.
679	</para>
680	<indexterm zone="mitkrb kprop">
681	<primary sortas="b-kprop">kprop</primary>
682	</indexterm>
683	</listitem>
684	</varlistentry>
685
686	<varlistentry id="kpropd">
687	<term><command>kpropd</command></term>
688	<listitem>
689	<para>
690	receives a database sent by <command>kprop</command>
691	and writes it as a local database.
692	</para>
693	<indexterm zone="mitkrb kpropd">
694	<primary sortas="b-kpropd">kpropd</primary>
695	</indexterm>
696	</listitem>
697	</varlistentry>
698
699	<varlistentry id="kproplog">
700	<term><command>kproplog</command></term>
701	<listitem>
702	<para>
703	displays the contents of the KDC database update log to standard
704	output.
705	</para>
706	<indexterm zone="mitkrb kproplog">
707	<primary sortas="b-kproplog">kproplog</primary>
708	</indexterm>
709	</listitem>
710	</varlistentry>
711
712	<varlistentry id="krb5-config-prog2">
713	<term><command>krb5-config</command></term>
714	<listitem>
715	<para>
716	gives information on how to link programs against
717	libraries.
718	</para>
719	<indexterm zone="mitkrb krb5-config-prog2">
720	<primary sortas="b-krb5-config">krb5-config</primary>
721	</indexterm>
722	</listitem>
723	</varlistentry>
724
725	<varlistentry id="krb5kdc">
726	<term><command>krb5kdc</command></term>
727	<listitem>
728	<para>
729	is the <application>Kerberos 5</application> server.
730	</para>
731	<indexterm zone="mitkrb krb5kdc">
732	<primary sortas="b-krb5kdc">krb5kdc</primary>
733	</indexterm>
734	</listitem>
735	</varlistentry>
736
737	<varlistentry id="krb5-send-pr">
738	<term><command>krb5-send-pr</command></term>
739	<listitem>
740	<para>
741	send problem report (PR) to a central support site.
742	</para>
743	<indexterm zone="mitkrb krb5-send-pr">
744	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
745	</indexterm>
746	</listitem>
747	</varlistentry>
748
749	<varlistentry id="ksu">
750	<term><command>ksu</command></term>
751	<listitem>
752	<para>
753	is the super user program using Kerberos protocol.
754	Requires a properly configured
755	<filename>/etc/shells</filename> and
756	<filename>~/.k5login</filename> containing principals
757	authorized to become super users.
758	</para>
759	<indexterm zone="mitkrb ksu">
760	<primary sortas="b-ksu">ksu</primary>
761	</indexterm>
762	</listitem>
763	</varlistentry>
764
765	<varlistentry id="kswitch">
766	<term><command>kswitch</command></term>
767	<listitem>
768	<para>
769	makes the specified credential cache the
770	primary cache for the collection, if a cache
771	collection is available.
772	</para>
773	<indexterm zone="mitkrb kswitch">
774	<primary sortas="b-kswitch">kswitch</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778
779	<varlistentry id="ktutil">
780	<term><command>ktutil</command></term>
781	<listitem>
782	<para>
783	is a program for managing Kerberos keytabs.
784	</para>
785	<indexterm zone="mitkrb ktutil">
786	<primary sortas="b-ktutil">ktutil</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="kvno">
792	<term><command>kvno</command></term>
793	<listitem>
794	<para>
795	prints keyversion numbers of Kerberos principals.
796	</para>
797	<indexterm zone="mitkrb kvno">
798	<primary sortas="b-kvno">kvno</primary>
799	</indexterm>
800	</listitem>
801	</varlistentry>
802
803	<varlistentry id="sclient">
804	<term><command>sclient</command></term>
805	<listitem>
806	<para>
807	used to contact a sample server and authenticate to it
808	using Kerberos 5 tickets, then display the server's
809	response.
810	</para>
811	<indexterm zone="mitkrb sclient">
812	<primary sortas="b-sclient">sclient</primary>
813	</indexterm>
814	</listitem>
815	</varlistentry>
816
817	<varlistentry id="sim_client">
818	<term><command>sim_client</command></term>
819	<listitem>
820	<para>
821	is a simple UDP-based sample client program, for
822	demonstration.
823	</para>
824	<indexterm zone="mitkrb sim_client">
825	<primary sortas="b-sim_client">sim_client</primary>
826	</indexterm>
827	</listitem>
828	</varlistentry>
829
830	<varlistentry id="sim_server">
831	<term><command>sim_server</command></term>
832	<listitem>
833	<para>
834	is a simple UDP-based server application, for
835	demonstration.
836	</para>
837	<indexterm zone="mitkrb sim_server">
838	<primary sortas="b-sim_server">sim_server</primary>
839	</indexterm>
840	</listitem>
841	</varlistentry>
842
843	<varlistentry id="sserver">
844	<term><command>sserver</command></term>
845	<listitem>
846	<para>
847	is the sample Kerberos 5 server.
848	</para>
849	<indexterm zone="mitkrb sserver">
850	<primary sortas="b-sserver">sserver</primary>
851	</indexterm>
852	</listitem>
853	</varlistentry>
854
855	<varlistentry id="uuclient">
856	<term><command>uuclient</command></term>
857	<listitem>
858	<para>
859	is an another sample client.
860	</para>
861	<indexterm zone="mitkrb uuclient">
862	<primary sortas="b-uuclient">uuclient</primary>
863	</indexterm>
864	</listitem>
865	</varlistentry>
866
867	<varlistentry id="uuserver">
868	<term><command>uuserver</command></term>
869	<listitem>
870	<para>
871	is an another sample server.
872	</para>
873	<indexterm zone="mitkrb uuserver">
874	<primary sortas="b-uuserver">uuserver</primary>
875	</indexterm>
876	</listitem>
877	</varlistentry>
878
879
880	<varlistentry id="libgssapi_krb5">
881	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
882	<listitem>
883	<para>
884	contain the Generic Security Service Application Programming
885	Interface (GSSAPI) functions which provides security services
886	to callers in a generic fashion, supportable with a range of
887	underlying mechanisms and technologies and hence allowing
888	source-level portability of applications to different
889	environments.
890	</para>
891	<indexterm zone="mitkrb libgssapi_krb5">
892	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
893	</indexterm>
894	</listitem>
895	</varlistentry>
896
897	<varlistentry id="libkadm5clnt">
898	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
899	<listitem>
900	<para>
901	contains the administrative authentication and password checking
902	functions required by Kerberos 5 client-side programs.
903	</para>
904	<indexterm zone="mitkrb libkadm5clnt">
905	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
906	</indexterm>
907	</listitem>
908	</varlistentry>
909
910	<varlistentry id="libkadm5srv">
911	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
912	<listitem>
913	<para>
914	contain the administrative authentication and password
915	checking functions required by Kerberos 5 servers.
916	</para>
917	<indexterm zone="mitkrb libkadm5srv">
918	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
919	</indexterm>
920	</listitem>
921	</varlistentry>
922
923	<varlistentry id="libkdb5">
924	<term><filename class="libraryfile">libkdb5.so</filename></term>
925	<listitem>
926	<para>
927	is a Kerberos 5 authentication/authorization database
928	access library.
929	</para>
930	<indexterm zone="mitkrb libkdb5">
931	<primary sortas="c-libkdb5">libkdb5.so</primary>
932	</indexterm>
933	</listitem>
934	</varlistentry>
935
936	<varlistentry id="libkrad">
937	<term><filename class="libraryfile">libkrad.so</filename></term>
938	<listitem>
939	<para>
940	contains the internal support library for RADIUS functionality.
941	</para>
942	<indexterm zone="mitkrb libkrad">
943	<primary sortas="c-libkrad">libkrad.so</primary>
944	</indexterm>
945	</listitem>
946	</varlistentry>
947
948	<varlistentry id="libkrb5">
949	<term><filename class="libraryfile">libkrb5.so</filename></term>
950	<listitem>
951	<para>
952	is an all-purpose <application>Kerberos 5</application> library.
953	</para>
954	<indexterm zone="mitkrb libkrb5">
955	<primary sortas="c-libkrb5">libkrb5.so</primary>
956	</indexterm>
957	</listitem>
958	</varlistentry>
959
960	</variablelist>
961
962	</sect2>
963
964	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb-systemd.xml@ 77aeb6b

Download in other formats: