source: postlfs/security/mitkrb-systemd.xml@ 77aeb6b

systemd-13485
Last change on this file since 77aeb6b was 77aeb6b, checked in by Douglas R. Reno <renodr@…>, 6 years ago

Added some short descriptions by Denis. Thanks again!
Update to subversion-1.9.0
Update to ModemManager-1.4.10
Update to totem-pl-parser-3.10.5
Update to VTE-0.48.2
Update to yelp-xsl-3.16.1
Update to geocode-glib-3.16.2
Update to gnome-desktop-3.16.2
Update to gnome-online-accounts-3.16.3
Update to webkitgtk+-2.8.5
Update to gtksourceview-3.16.1
Update to libevdev-1.4.4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16366 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 31.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "f7ebfa6c99c10b16979ebf9a98343189">
10 <!ENTITY mitkrb-size "12 MB">
11 <!ENTITY mitkrb-buildsize "142 MB (Additional 28 MB for the testsuite)">
12 <!ENTITY mitkrb-time "0.9 SBU (additional 5.0 SBU for the testsuite)">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para>
33 <application>MIT Kerberos V5</application> is a free implementation
34 of Kerberos 5. Kerberos is a network authentication protocol. It
35 centralizes the authentication database and uses kerberized
36 applications to work with servers or services that support Kerberos
37 allowing single logins and encrypted communication over internal
38 networks or the Internet.
39 </para>
40
41 &lfs77_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &mitkrb-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &mitkrb-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &mitkrb-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &mitkrb-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <xref linkend="bind-utils"/> (used during the testsuite),
82 <xref linkend="dejagnu"/> (for full test coverage),
83 <xref linkend="gnupg2"/> (to authenticate the package),
84 <xref linkend="keyutils"/>,
85 <xref linkend="openldap"/>,
86 <xref linkend="openssl"/>,
87 <xref linkend="python2"/> (used during the testsuite),
88 <xref linkend="tcl"/> and
89 <xref linkend="rpcbind"/> (used during the testsuite)
90 </para>
91
92 <note>
93 <para>
94 Some sort of time synchronization facility on your system (like
95 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
96 if there is a time difference between a kerberized client and the
97 KDC server.
98 </para>
99 </note>
100
101 <para condition="html" role="usernotes">User Notes:
102 <ulink url="&blfs-wiki;/mitkrb"/>
103 </para>
104 </sect2>
105
106 <sect2 role="installation">
107 <title>Installation of MIT Kerberos V5</title>
108
109 <para>
110 <application>MIT Kerberos V5</application> is distributed in a
111 TAR file containing a compressed TAR package and a detached PGP
112 <filename class="extension">ASC</filename> file. You'll need to unpack
113 the distribution tar file, then unpack the compressed tar file before
114 starting the build.
115 </para>
116
117 <para>
118 After unpacking the distribution tarball and if you have
119 <xref linkend="gnupg2"/> installed, you can
120 authenticate the package. First, check the contents of the file
121 <filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
122 </para>
123
124<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
125
126 <para>You will probably see output similar to:</para>
127
128<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
129gpg: Can't check signature: No public key</literal></screen>
130
131 <para>
132 You can import the public key with:
133 </para>
134
135<screen><userinput>gpg2 --keyserver pgp.mit.edu --recv-keys 0055C305</userinput></screen>
136
137 <para>
138 Now re-verify the package with the first command above. You should get a
139 indication of a good signature, but the key will still not be certified
140 with a trusted signature. Trusting the downloaded key is a separate
141 operation but it is up to you to determine the level of trust.
142 </para>
143
144 <para>
145 Build <application>MIT Kerberos V5</application> by running the
146 following commands:
147 </para>
148
149<screen><userinput>cd src &amp;&amp;
150sed -e "s@python2.5/Python.h@&amp; python2.7/Python.h@g" \
151 -e "s@-lpython2.5]@&amp;,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
152 -i configure.in &amp;&amp;
153autoconf &amp;&amp;
154./configure --prefix=/usr \
155 --sysconfdir=/etc \
156 --localstatedir=/var/lib \
157 --with-system-et \
158 --with-system-ss \
159 --without-system-verto \
160 --enable-dns-for-realm &amp;&amp;
161make</userinput></screen>
162
163 <para>
164 To test the build, issue: <command>make check</command>. You need at
165 least <xref linkend="tcl"/>, which is used to drive the testsuite.
166 Furthermore, <xref linkend="dejagnu"/> must be available for some
167 of the tests to run. If you have a former version of MIT Kerberos V5
168 installed, it may happen that the test suite pick up the installed
169 versions of the libraries, rather than the newly built ones. If so,
170 it is better to run the tests after the installation.
171 </para>
172
173 <para>
174 Now, as the <systemitem class="username">root</systemitem> user:
175 </para>
176
177<screen role="root"><userinput>make install &amp;&amp;
178
179for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
180 kdb5 kdb_ldap krad krb5 krb5support verto ; do
181 [ -e /usr/lib/lib$LIBRARY.so ] &amp;&amp; chmod -v 755 /usr/lib/lib$LIBRARY.so
182done &amp;&amp;
183unset LIBRARY &amp;&amp;
184
185mv -v /usr/lib/libkrb5.so.* /lib &amp;&amp;
186mv -v /usr/lib/libk5crypto.so.* /lib &amp;&amp;
187mv -v /usr/lib/libkrb5support.so.* /lib &amp;&amp;
188
189ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &amp;&amp;
190ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &amp;&amp;
191ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &amp;&amp;
192
193mv -v /usr/bin/ksu /bin &amp;&amp;
194chmod -v 755 /bin/ksu &amp;&amp;
195
196install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
197cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
198
199
200 </sect2>
201
202 <sect2 role="commands">
203 <title>Command Explanations</title>
204
205 <para>
206 <command>sed -e ...</command>: This <command>sed</command> fixes
207 <application>Python</application> detection.
208 </para>
209
210 <para>
211 <parameter>--localstatedir=/var/lib</parameter>: This switch is
212 used so that the Kerberos variable run-time data is located in
213 <filename class="directory">/var/lib</filename> instead of
214 <filename class="directory">/usr/var</filename>.
215 </para>
216
217 <para>
218 <parameter>--with-system-et</parameter>: This switch causes the build
219 to use the system-installed versions of the error-table support
220 software.
221 </para>
222
223 <para>
224 <parameter>--with-system-ss</parameter>: This switch causes the build
225 to use the system-installed versions of the subsystem command-line
226 interface software.
227 </para>
228
229 <para>
230 <parameter>--without-system-verto</parameter>: This switch causes
231 the build to use the internal version of <filename
232 class="libraryfile">libverto</filename> library in case older one
233 is present from previous <application>Kerberos</application>
234 installation.
235 </para>
236
237 <para>
238 <parameter>--enable-dns-for-realm</parameter>: This switch allows
239 realms to be resolved using the DNS server.
240 </para>
241
242 <para>
243 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
244 <command>ksu</command> program to the
245 <filename class="directory">/bin</filename> directory so that it is
246 available when the <filename class="directory">/usr</filename>
247 filesystem is not mounted.
248 </para>
249
250 <para>
251 <option>--with-ldap</option>: Use this switch if you want to compile
252 <application>OpenLDAP</application> database backend module.
253 </para>
254
255 </sect2>
256
257 <sect2 role="configuration">
258 <title>Configuring MIT Kerberos V5</title>
259
260 <sect3 id="krb5-config">
261 <title>Config Files</title>
262
263 <para>
264 <filename>/etc/krb5.conf</filename> and
265 <filename>/var/lib/krb5kdc/kdc.conf</filename>
266 </para>
267
268 <indexterm zone="mitkrb krb5-config">
269 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
270 </indexterm>
271
272 <indexterm zone="mitkrb krb5-config">
273 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
274 </indexterm>
275
276 </sect3>
277
278 <sect3>
279 <title>Configuration Information</title>
280
281 <sect4>
282 <title>Kerberos Configuration</title>
283
284 <tip>
285 <para>
286 You should consider installing some sort of password checking
287 dictionary so that you can configure the installation to only
288 accept strong passwords. A suitable dictionary to use is shown in
289 the <xref linkend="cracklib"/> instructions. Note that only one
290 file can be used, but you can concatenate many files into one. The
291 configuration file shown below assumes you have installed a
292 dictionary to <filename>/usr/share/dict/words</filename>.
293 </para>
294 </tip>
295
296 <para>
297 Create the Kerberos configuration file with the following
298 commands issued by the <systemitem class="username">root</systemitem>
299 user:
300 </para>
301
302<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
303<literal># Begin /etc/krb5.conf
304
305[libdefaults]
306 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
307 encrypt = true
308
309[realms]
310 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
311 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
312 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
313 dict_file = /usr/share/dict/words
314 }
315
316[domain_realm]
317 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
318
319[logging]
320 kdc = SYSLOG[:INFO[:AUTH]]
321 admin_server = SYSLOG[INFO[:AUTH]]
322 default = SYSLOG[[:SYS]]
323
324# End /etc/krb5.conf</literal>
325EOF</userinput></screen>
326
327 <para>
328 You will need to substitute your domain and proper hostname for the
329 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
330 <replaceable>&lt;lfs.org&gt;</replaceable> names.
331 </para>
332
333 <para>
334 <option>default_realm</option> should be the name of your
335 domain changed to ALL CAPS. This isn't required, but both
336 <application>Heimdal</application> and MIT recommend it.
337 </para>
338
339 <para>
340 <option>encrypt = true</option> provides encryption of all traffic
341 between kerberized clients and servers. It's not necessary and can
342 be left off. If you leave it off, you can encrypt all traffic from
343 the client to the server using a switch on the client program
344 instead.
345 </para>
346
347 <para>
348 The <option>[realms]</option> parameters tell the client programs
349 where to look for the KDC authentication services.
350 </para>
351
352 <para>
353 The <option>[domain_realm]</option> section maps a domain to a realm.
354 </para>
355
356 <para>
357 Create the KDC database:
358 </para>
359
360<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
361
362 <para>
363 Now you should populate the database with principals
364 (users). For now, just use your regular login name or
365 <systemitem class="username">root</systemitem>.
366 </para>
367
368<screen role="root"><userinput>kadmin.local
369<prompt>kadmin.local:</prompt> add_policy dict-only
370<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
371
372 <para>
373 The KDC server and any machine running kerberized
374 server daemons must have a host key installed:
375 </para>
376
377<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
378
379 <para>
380 After choosing the defaults when prompted, you will have to
381 export the data to a keytab file:
382 </para>
383
384<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
385
386 <para>
387 This should have created a file in
388 <filename class="directory">/etc</filename> named
389 <filename>krb5.keytab</filename> (Kerberos 5). This file should
390 have 600 (<systemitem class="username">root</systemitem> rw only)
391 permissions. Keeping the keytab files from public access is crucial
392 to the overall security of the Kerberos installation.
393 </para>
394
395 <para>
396 Exit the <command>kadmin</command> program (use
397 <command>quit</command> or <command>exit</command>) and return
398 back to the shell prompt. Start the KDC daemon manually, just to
399 test out the installation:
400 </para>
401
402<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
403
404 <para>
405 Attempt to get a ticket with the following command:
406 </para>
407
408<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
409
410 <para>
411 You will be prompted for the password you created. After you
412 get your ticket, you can list it with the following command:
413 </para>
414
415<screen><userinput>klist</userinput></screen>
416
417 <para>
418 Information about the ticket should be displayed on the
419 screen.
420 </para>
421
422 <para>
423 To test the functionality of the keytab file, issue the
424 following command:
425 </para>
426
427<screen><userinput>ktutil
428<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
429<prompt>ktutil:</prompt> l</userinput></screen>
430
431 <para>
432 This should dump a list of the host principal, along with
433 the encryption methods used to access the principal.
434 </para>
435
436 <para>
437 At this point, if everything has been successful so far, you
438 can feel fairly confident in the installation and configuration of
439 the package.
440 </para>
441
442 </sect4>
443
444 <sect4>
445 <title>Additional Information</title>
446
447 <para>
448 For additional information consult the <ulink
449 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
450 documentation for krb5-&mitkrb-version;</ulink> on which the above
451 instructions are based.
452 </para>
453
454 </sect4>
455
456 </sect3>
457
458 <sect3 id="mitkrb-init">
459 <title>Systemd Units</title>
460
461 <para>
462 To start the Kerberos services at boot,
463 install the systemd units from the <xref linkend="bootscripts"/>
464 package by running the following command as the
465 <systemitem class="username">root</systemitem> user:
466 </para>
467
468 <indexterm zone="mitkrb mitkrb-init">
469 <primary sortas="f-krb5">krb5</primary>
470 </indexterm>
471
472<screen role="root"><userinput>make install-krb5</userinput></screen>
473
474 </sect3>
475
476 </sect2>
477
478 <sect2 role="content">
479
480 <title>Contents</title>
481 <para></para>
482
483 <segmentedlist>
484 <segtitle>Installed Programs</segtitle>
485 <segtitle>Installed Libraries</segtitle>
486 <segtitle>Installed Directories</segtitle>
487
488 <seglistitem>
489 <seg>
490 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
491 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
492 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
493 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
494 sserver, uuclient and uuserver
495 </seg>
496 <seg>
497 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
498 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
499 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so, and
500 libverto.so
501 </seg>
502 <seg>
503 /usr/include/gssapi,
504 /usr/include/gssrpc,
505 /usr/include/kadm5,
506 /usr/include/krb5,
507 /usr/lib/krb5,
508 /usr/share/doc/krb5-&mitkrb-version;,
509 /usr/share/examples/krb5 and
510 /var/lib/krb5kdc
511 </seg>
512 </seglistitem>
513 </segmentedlist>
514
515 <variablelist>
516 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
517 <?dbfo list-presentation="list"?>
518 <?dbhtml list-presentation="table"?>
519
520 <varlistentry id="gss-client">
521 <term><command>gss-client</command></term>
522 <listitem>
523 <para>
524 is a GSSAPI test client.
525 </para>
526 <indexterm zone="mitkrb gss-client">
527 <primary sortas="b-gss-client">gss-client</primary>
528 </indexterm>
529 </listitem>
530 </varlistentry>
531
532 <varlistentry id="gss-server">
533 <term><command>gss-server</command></term>
534 <listitem>
535 <para>
536 is a GSSAPI test server.
537 </para>
538 <indexterm zone="mitkrb gss-server">
539 <primary sortas="b-gss-server">gss-server</primary>
540 </indexterm>
541 </listitem>
542 </varlistentry>
543
544 <varlistentry id="k5srvutil">
545 <term><command>k5srvutil</command></term>
546 <listitem>
547 <para>
548 is a host keytable manipulation utility.
549 </para>
550 <indexterm zone="mitkrb k5srvutil">
551 <primary sortas="b-k5srvutil">k5srvutil</primary>
552 </indexterm>
553 </listitem>
554 </varlistentry>
555
556 <varlistentry id="kadmin">
557 <term><command>kadmin</command></term>
558 <listitem>
559 <para>
560 is a utility used to make modifications
561 to the Kerberos database.
562 </para>
563 <indexterm zone="mitkrb kadmin">
564 <primary sortas="b-kadmin">kadmin</primary>
565 </indexterm>
566 </listitem>
567 </varlistentry>
568
569 <varlistentry id="kadmin.local">
570 <term><command>kadmin.local</command></term>
571 <listitem>
572 <para>
573 is a utility similar at <command>kadmin</command>, but if the
574 database is db2, the local client <command>kadmin.local</command>,
575 is intended to run directly on the master KDC without Kerberos
576 authentication.
577 </para>
578 <indexterm zone="mitkrb kadmin.local">
579 <primary sortas="b-kadmin.local">kadmin.local</primary>
580 </indexterm>
581 </listitem>
582 </varlistentry>
583
584 <varlistentry id="kadmind">
585 <term><command>kadmind</command></term>
586 <listitem>
587 <para>
588 is a server for administrative access
589 to a Kerberos database.
590 </para>
591 <indexterm zone="mitkrb kadmind">
592 <primary sortas="b-kadmind">kadmind</primary>
593 </indexterm>
594 </listitem>
595 </varlistentry>
596
597 <varlistentry id="kdb5_ldap_util">
598 <term><command>kdb5_ldap_util (optional)</command></term>
599 <listitem>
600 <para>
601 allows an administrator to manage realms, Kerberos services
602 and ticket policies.
603 </para>
604 <indexterm zone="mitkrb kdb5_ldap_util">
605 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
606 </indexterm>
607 </listitem>
608 </varlistentry>
609
610 <varlistentry id="kdb5_util">
611 <term><command>kdb5_util</command></term>
612 <listitem>
613 <para>
614 is the KDC database utility.
615 </para>
616 <indexterm zone="mitkrb kdb5_util">
617 <primary sortas="b-kdb5_util">kdb5_util</primary>
618 </indexterm>
619 </listitem>
620 </varlistentry>
621
622 <varlistentry id="kdestroy">
623 <term><command>kdestroy</command></term>
624 <listitem>
625 <para>
626 removes the current set of tickets.
627 </para>
628 <indexterm zone="mitkrb kdestroy">
629 <primary sortas="b-kdestroy">kdestroy</primary>
630 </indexterm>
631 </listitem>
632 </varlistentry>
633
634 <varlistentry id="kinit">
635 <term><command>kinit</command></term>
636 <listitem>
637 <para>
638 is used to authenticate to the Kerberos server as a
639 principal and acquire a ticket granting ticket that can
640 later be used to obtain tickets for other services.
641 </para>
642 <indexterm zone="mitkrb kinit">
643 <primary sortas="b-kinit">kinit</primary>
644 </indexterm>
645 </listitem>
646 </varlistentry>
647
648 <varlistentry id="klist">
649 <term><command>klist</command></term>
650 <listitem>
651 <para>
652 reads and displays the current tickets in
653 the credential cache.
654 </para>
655 <indexterm zone="mitkrb klist">
656 <primary sortas="b-klist">klist</primary>
657 </indexterm>
658 </listitem>
659 </varlistentry>
660
661 <varlistentry id="kpasswd">
662 <term><command>kpasswd</command></term>
663 <listitem>
664 <para>
665 is a program for changing Kerberos 5 passwords.
666 </para>
667 <indexterm zone="mitkrb kpasswd">
668 <primary sortas="b-kpasswd">kpasswd</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="kprop">
674 <term><command>kprop</command></term>
675 <listitem>
676 <para>
677 takes a principal database in a specified format and
678 converts it into a stream of database records.
679 </para>
680 <indexterm zone="mitkrb kprop">
681 <primary sortas="b-kprop">kprop</primary>
682 </indexterm>
683 </listitem>
684 </varlistentry>
685
686 <varlistentry id="kpropd">
687 <term><command>kpropd</command></term>
688 <listitem>
689 <para>
690 receives a database sent by <command>kprop</command>
691 and writes it as a local database.
692 </para>
693 <indexterm zone="mitkrb kpropd">
694 <primary sortas="b-kpropd">kpropd</primary>
695 </indexterm>
696 </listitem>
697 </varlistentry>
698
699 <varlistentry id="kproplog">
700 <term><command>kproplog</command></term>
701 <listitem>
702 <para>
703 displays the contents of the KDC database update log to standard
704 output.
705 </para>
706 <indexterm zone="mitkrb kproplog">
707 <primary sortas="b-kproplog">kproplog</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>
711
712 <varlistentry id="krb5-config-prog2">
713 <term><command>krb5-config</command></term>
714 <listitem>
715 <para>
716 gives information on how to link programs against
717 libraries.
718 </para>
719 <indexterm zone="mitkrb krb5-config-prog2">
720 <primary sortas="b-krb5-config">krb5-config</primary>
721 </indexterm>
722 </listitem>
723 </varlistentry>
724
725 <varlistentry id="krb5kdc">
726 <term><command>krb5kdc</command></term>
727 <listitem>
728 <para>
729 is the <application>Kerberos 5</application> server.
730 </para>
731 <indexterm zone="mitkrb krb5kdc">
732 <primary sortas="b-krb5kdc">krb5kdc</primary>
733 </indexterm>
734 </listitem>
735 </varlistentry>
736
737 <varlistentry id="krb5-send-pr">
738 <term><command>krb5-send-pr</command></term>
739 <listitem>
740 <para>
741 send problem report (PR) to a central support site.
742 </para>
743 <indexterm zone="mitkrb krb5-send-pr">
744 <primary sortas="b-krb-send-pr">krb5-send-pr</primary>
745 </indexterm>
746 </listitem>
747 </varlistentry>
748
749 <varlistentry id="ksu">
750 <term><command>ksu</command></term>
751 <listitem>
752 <para>
753 is the super user program using Kerberos protocol.
754 Requires a properly configured
755 <filename>/etc/shells</filename> and
756 <filename>~/.k5login</filename> containing principals
757 authorized to become super users.
758 </para>
759 <indexterm zone="mitkrb ksu">
760 <primary sortas="b-ksu">ksu</primary>
761 </indexterm>
762 </listitem>
763 </varlistentry>
764
765 <varlistentry id="kswitch">
766 <term><command>kswitch</command></term>
767 <listitem>
768 <para>
769 makes the specified credential cache the
770 primary cache for the collection, if a cache
771 collection is available.
772 </para>
773 <indexterm zone="mitkrb kswitch">
774 <primary sortas="b-kswitch">kswitch</primary>
775 </indexterm>
776 </listitem>
777 </varlistentry>
778
779 <varlistentry id="ktutil">
780 <term><command>ktutil</command></term>
781 <listitem>
782 <para>
783 is a program for managing Kerberos keytabs.
784 </para>
785 <indexterm zone="mitkrb ktutil">
786 <primary sortas="b-ktutil">ktutil</primary>
787 </indexterm>
788 </listitem>
789 </varlistentry>
790
791 <varlistentry id="kvno">
792 <term><command>kvno</command></term>
793 <listitem>
794 <para>
795 prints keyversion numbers of Kerberos principals.
796 </para>
797 <indexterm zone="mitkrb kvno">
798 <primary sortas="b-kvno">kvno</primary>
799 </indexterm>
800 </listitem>
801 </varlistentry>
802
803 <varlistentry id="sclient">
804 <term><command>sclient</command></term>
805 <listitem>
806 <para>
807 used to contact a sample server and authenticate to it
808 using Kerberos 5 tickets, then display the server's
809 response.
810 </para>
811 <indexterm zone="mitkrb sclient">
812 <primary sortas="b-sclient">sclient</primary>
813 </indexterm>
814 </listitem>
815 </varlistentry>
816
817 <varlistentry id="sim_client">
818 <term><command>sim_client</command></term>
819 <listitem>
820 <para>
821 is a simple UDP-based sample client program, for
822 demonstration.
823 </para>
824 <indexterm zone="mitkrb sim_client">
825 <primary sortas="b-sim_client">sim_client</primary>
826 </indexterm>
827 </listitem>
828 </varlistentry>
829
830 <varlistentry id="sim_server">
831 <term><command>sim_server</command></term>
832 <listitem>
833 <para>
834 is a simple UDP-based server application, for
835 demonstration.
836 </para>
837 <indexterm zone="mitkrb sim_server">
838 <primary sortas="b-sim_server">sim_server</primary>
839 </indexterm>
840 </listitem>
841 </varlistentry>
842
843 <varlistentry id="sserver">
844 <term><command>sserver</command></term>
845 <listitem>
846 <para>
847 is the sample Kerberos 5 server.
848 </para>
849 <indexterm zone="mitkrb sserver">
850 <primary sortas="b-sserver">sserver</primary>
851 </indexterm>
852 </listitem>
853 </varlistentry>
854
855 <varlistentry id="uuclient">
856 <term><command>uuclient</command></term>
857 <listitem>
858 <para>
859 is an another sample client.
860 </para>
861 <indexterm zone="mitkrb uuclient">
862 <primary sortas="b-uuclient">uuclient</primary>
863 </indexterm>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry id="uuserver">
868 <term><command>uuserver</command></term>
869 <listitem>
870 <para>
871 is an another sample server.
872 </para>
873 <indexterm zone="mitkrb uuserver">
874 <primary sortas="b-uuserver">uuserver</primary>
875 </indexterm>
876 </listitem>
877 </varlistentry>
878
879
880 <varlistentry id="libgssapi_krb5">
881 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
882 <listitem>
883 <para>
884 contain the Generic Security Service Application Programming
885 Interface (GSSAPI) functions which provides security services
886 to callers in a generic fashion, supportable with a range of
887 underlying mechanisms and technologies and hence allowing
888 source-level portability of applications to different
889 environments.
890 </para>
891 <indexterm zone="mitkrb libgssapi_krb5">
892 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
893 </indexterm>
894 </listitem>
895 </varlistentry>
896
897 <varlistentry id="libkadm5clnt">
898 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
899 <listitem>
900 <para>
901 contains the administrative authentication and password checking
902 functions required by Kerberos 5 client-side programs.
903 </para>
904 <indexterm zone="mitkrb libkadm5clnt">
905 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
906 </indexterm>
907 </listitem>
908 </varlistentry>
909
910 <varlistentry id="libkadm5srv">
911 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
912 <listitem>
913 <para>
914 contain the administrative authentication and password
915 checking functions required by Kerberos 5 servers.
916 </para>
917 <indexterm zone="mitkrb libkadm5srv">
918 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
919 </indexterm>
920 </listitem>
921 </varlistentry>
922
923 <varlistentry id="libkdb5">
924 <term><filename class="libraryfile">libkdb5.so</filename></term>
925 <listitem>
926 <para>
927 is a Kerberos 5 authentication/authorization database
928 access library.
929 </para>
930 <indexterm zone="mitkrb libkdb5">
931 <primary sortas="c-libkdb5">libkdb5.so</primary>
932 </indexterm>
933 </listitem>
934 </varlistentry>
935
936 <varlistentry id="libkrad">
937 <term><filename class="libraryfile">libkrad.so</filename></term>
938 <listitem>
939 <para>
940 contains the internal support library for RADIUS functionality.
941 </para>
942 <indexterm zone="mitkrb libkrad">
943 <primary sortas="c-libkrad">libkrad.so</primary>
944 </indexterm>
945 </listitem>
946 </varlistentry>
947
948 <varlistentry id="libkrb5">
949 <term><filename class="libraryfile">libkrb5.so</filename></term>
950 <listitem>
951 <para>
952 is an all-purpose <application>Kerberos 5</application> library.
953 </para>
954 <indexterm zone="mitkrb libkrb5">
955 <primary sortas="c-libkrb5">libkrb5.so</primary>
956 </indexterm>
957 </listitem>
958 </varlistentry>
959
960 </variablelist>
961
962 </sect2>
963
964</sect1>
Note: See TracBrowser for help on using the repository browser.