Context Navigation

mitkrb-systemd.xml@ af637d2

Visit:

systemd-11177

Last change on this file since af637d2 was af637d2, checked in by Krejzi <krejzi@…>, 10 years ago

Disable system verto in kerberos instructions by default.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@13925 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "357f1312b7720a0a591e22db0f7829fe">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "165 MB (Additional 25 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 4.4 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs75_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),<!--
82	<xref linkend="gnupg2"/> (to authenticate the package),-->
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<!-- Can't recieve the key properly:
115
116	gpg: requesting key 749D7889 from hkp server pgp.mit.edu
117	gpg: Note: signatures using the MD5 algorithm are rejected
118	gpg: key 749D7889: no valid user IDs
119
120	<para>
121	After unpacking the distribution tarball and if you have
122	<xref linkend="gnupg2"/> installed, you can
123	authenticate the package. First, check the contents of the file
124	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
125	</para>
126
127	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
128
129	<para>You will probably see output similar to:</para>
130
131	<screen>Signature made Tue 12 Aug 2014 12:53:10 AM CEST using RSA key ID 749D7889
132	gpg: Can't check signature: public key not found</screen>
133
134	<para>
135	You can import the public key with:
136	</para>
137
138	<screen><userinput>gpg - -keyserver pgp.mit.edu - -recv-keys 0x749D7889</userinput></screen>
139
140	<para>
141	Now re-verify the package with the first command above. You should get a
142	indication of a good signature, but the key will still not be certified
143	with a trusted signature. Trusting the downloaded key is a separate
144	operation but it is up to you to determine the level of trust.
145	</para>
146	-->
147
148	<para>
149	Build <application>MIT Kerberos V5</application> by running the
150	following commands:
151	</para>
152
153	<screen><userinput>cd src &&
154	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
155	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
156	-i configure.in &&<!-- Tests passed fine without this.
157	sed -e 's@\^u}@^u cols 300}@' \
158	-i tests/dejagnu/config/default.exp && -->
159	autoconf &&
160	./configure --prefix=/usr \
161	--sysconfdir=/etc \
162	--localstatedir=/var/lib \
163	--with-system-et \
164	--with-system-ss \
165	--without-system-verto \
166	--enable-dns-for-realm &&
167	make</userinput></screen>
168
169	<para>
170	To test the build, issue: <command>make check</command>. You need at
171	least <xref linkend="tcl"/>, which is used to drive the testsuite.
172	Furthermore, <xref linkend="dejagnu"/> must be available for some
173	of the tests to run. If you have a former version of MIT Kerberos V5
174	installed, it may happen that the test suite pick up the installed
175	versions of the libraries, rather than the newly built ones. If so,
176	it is better to run the tests after the installation.
177	</para>
178
179	<para>
180	Now, as the <systemitem class="username">root</systemitem> user:
181	</para>
182
183	<screen role="root"><userinput>make install &&
184
185	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
186	kdb5 kdb_ldap krad krb5 krb5support verto ; do
187	[ -e /usr/lib/lib$LIBRARY.so ] && chmod -v 755 /usr/lib/lib$LIBRARY.so
188	done &&
189
190	mv -v /usr/lib/libkrb5.so.* /lib &&
191	mv -v /usr/lib/libk5crypto.so.* /lib &&
192	mv -v /usr/lib/libkrb5support.so.* /lib &&
193
194	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &&
195	ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &&
196	ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &&
197
198	mv -v /usr/bin/ksu /bin &&
199	chmod -v 755 /bin/ksu &&
200
201	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
202	cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
203
204	unset LIBRARY</userinput></screen>
205
206
207	</sect2>
208
209	<sect2 role="commands">
210	<title>Command Explanations</title>
211
212	<para>
213	<command>sed -e ...</command>: The first <command>sed</command> fixes
214	<application>Python</application> detection.<!-- The second one increases
215	the width of the virtual terminal used for some tests, to prevent
216	some spurious characters to be echoed, which is taken as a failure. -->
217	</para>
218
219	<para>
220	<parameter>--localstatedir=/var/lib</parameter>: This switch is
221	used so that the Kerberos variable run-time data is located in
222	<filename class="directory">/var/lib</filename> instead of
223	<filename class="directory">/usr/var</filename>.
224	</para>
225
226	<para>
227	<parameter>--with-system-et</parameter>: This switch causes the build
228	to use the system-installed versions of the error-table support
229	software.
230	</para>
231
232	<para>
233	<parameter>--with-system-ss</parameter>: This switch causes the build
234	to use the system-installed versions of the subsystem command-line
235	interface software.
236	</para>
237
238	<para>
239	<parameter>--without-system-verto</parameter>: This switch causes
240	the build to use the internal version of <filename
241	class="libraryfile">libverto</filename> library in case older one
242	is present from previous <application>Kerberos</application>
243	installation.
244	</para>
245
246	<para>
247	<parameter>--enable-dns-for-realm</parameter>: This switch allows
248	realms to be resolved using the DNS server.
249	</para>
250
251	<para>
252	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
253	<command>ksu</command> program to the
254	<filename class="directory">/bin</filename> directory so that it is
255	available when the <filename class="directory">/usr</filename>
256	filesystem is not mounted.
257	</para>
258
259	<para>
260	<option>--with-ldap</option>: Use this switch if you want to compile
261	<application>OpenLDAP</application> database backend module.
262	</para>
263
264	</sect2>
265
266	<sect2 role="configuration">
267	<title>Configuring MIT Kerberos V5</title>
268
269	<sect3 id="krb5-config">
270	<title>Config Files</title>
271
272	<para>
273	<filename>/etc/krb5.conf</filename> and
274	<filename>/var/lib/krb5kdc/kdc.conf</filename>
275	</para>
276
277	<indexterm zone="mitkrb krb5-config">
278	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
279	</indexterm>
280
281	<indexterm zone="mitkrb krb5-config">
282	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
283	</indexterm>
284
285	</sect3>
286
287	<sect3>
288	<title>Configuration Information</title>
289
290	<sect4>
291	<title>Kerberos Configuration</title>
292
293	<tip>
294	<para>
295	You should consider installing some sort of password checking
296	dictionary so that you can configure the installation to only
297	accept strong passwords. A suitable dictionary to use is shown in
298	the <xref linkend="cracklib"/> instructions. Note that only one
299	file can be used, but you can concatenate many files into one. The
300	configuration file shown below assumes you have installed a
301	dictionary to <filename>/usr/share/dict/words</filename>.
302	</para>
303	</tip>
304
305	<para>
306	Create the Kerberos configuration file with the following
307	commands issued by the <systemitem class="username">root</systemitem>
308	user:
309	</para>
310
311	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
312	<literal># Begin /etc/krb5.conf
313
314	[libdefaults]
315	default_realm = <replaceable><LFS.ORG></replaceable>
316	encrypt = true
317
318	[realms]
319	<replaceable><LFS.ORG></replaceable> = {
320	kdc = <replaceable><belgarath.lfs.org></replaceable>
321	admin_server = <replaceable><belgarath.lfs.org></replaceable>
322	dict_file = /usr/share/dict/words
323	}
324
325	[domain_realm]
326	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
327
328	[logging]
329	kdc = SYSLOG[:INFO[:AUTH]]
330	admin_server = SYSLOG[INFO[:AUTH]]
331	default = SYSLOG[[:SYS]]
332
333	# End /etc/krb5.conf</literal>
334	EOF</userinput></screen>
335
336	<para>
337	You will need to substitute your domain and proper hostname for the
338	occurrences of the <replaceable><belgarath></replaceable> and
339	<replaceable><lfs.org></replaceable> names.
340	</para>
341
342	<para>
343	<option>default_realm</option> should be the name of your
344	domain changed to ALL CAPS. This isn't required, but both
345	<application>Heimdal</application> and MIT recommend it.
346	</para>
347
348	<para>
349	<option>encrypt = true</option> provides encryption of all traffic
350	between kerberized clients and servers. It's not necessary and can
351	be left off. If you leave it off, you can encrypt all traffic from
352	the client to the server using a switch on the client program
353	instead.
354	</para>
355
356	<para>
357	The <option>[realms]</option> parameters tell the client programs
358	where to look for the KDC authentication services.
359	</para>
360
361	<para>
362	The <option>[domain_realm]</option> section maps a domain to a realm.
363	</para>
364
365	<para>
366	Create the KDC database:
367	</para>
368
369	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
370
371	<para>
372	Now you should populate the database with principals
373	(users). For now, just use your regular login name or
374	<systemitem class="username">root</systemitem>.
375	</para>
376
377	<screen role="root"><userinput>kadmin.local
378	<prompt>kadmin.local:</prompt> add_policy dict-only
379	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
380
381	<para>
382	The KDC server and any machine running kerberized
383	server daemons must have a host key installed:
384	</para>
385
386	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
387
388	<para>
389	After choosing the defaults when prompted, you will have to
390	export the data to a keytab file:
391	</para>
392
393	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
394
395	<para>
396	This should have created a file in
397	<filename class="directory">/etc</filename> named
398	<filename>krb5.keytab</filename> (Kerberos 5). This file should
399	have 600 (<systemitem class="username">root</systemitem> rw only)
400	permissions. Keeping the keytab files from public access is crucial
401	to the overall security of the Kerberos installation.
402	</para>
403
404	<para>
405	Exit the <command>kadmin</command> program (use
406	<command>quit</command> or <command>exit</command>) and return
407	back to the shell prompt. Start the KDC daemon manually, just to
408	test out the installation:
409	</para>
410
411	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
412
413	<para>
414	Attempt to get a ticket with the following command:
415	</para>
416
417	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
418
419	<para>
420	You will be prompted for the password you created. After you
421	get your ticket, you can list it with the following command:
422	</para>
423
424	<screen><userinput>klist</userinput></screen>
425
426	<para>
427	Information about the ticket should be displayed on the
428	screen.
429	</para>
430
431	<para>
432	To test the functionality of the keytab file, issue the
433	following command:
434	</para>
435
436	<screen><userinput>ktutil
437	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
438	<prompt>ktutil:</prompt> l</userinput></screen>
439
440	<para>
441	This should dump a list of the host principal, along with
442	the encryption methods used to access the principal.
443	</para>
444
445	<para>
446	At this point, if everything has been successful so far, you
447	can feel fairly confident in the installation and configuration of
448	the package.
449	</para>
450
451	</sect4>
452
453	<sect4>
454	<title>Additional Information</title>
455
456	<para>
457	For additional information consult the <ulink
458	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
459	documentation for krb5-&mitkrb-version;</ulink> on which the above
460	instructions are based.
461	</para>
462
463	</sect4>
464
465	</sect3>
466
467	<sect3 id="mitkrb-init">
468	<title>Systemd Units</title>
469
470	<para>
471	To start the Kerberos services at boot,
472	install the systemd units from the <xref linkend="bootscripts"/>
473	package by running the following command as the
474	<systemitem class="username">root</systemitem> user:
475	</para>
476
477	<indexterm zone="mitkrb mitkrb-init">
478	<primary sortas="f-krb5">krb5</primary>
479	</indexterm>
480
481	<screen role="root"><userinput>make install-krb5</userinput></screen>
482
483	</sect3>
484
485	</sect2>
486
487	<sect2 role="content">
488
489	<title>Contents</title>
490	<para></para>
491
492	<segmentedlist>
493	<segtitle>Installed Programs</segtitle>
494	<segtitle>Installed Libraries</segtitle>
495	<segtitle>Installed Directories</segtitle>
496
497	<seglistitem>
498	<seg>
499	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
500	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
501	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
502	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
503	sserver, uuclient and uuserver
504	</seg>
505	<seg>
506	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
507	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so
508	(optional), libkrad.so, libkrb5.so, libkrb5support.so, and
509	libverto.so
510	</seg>
511	<seg>
512	/usr/include/gssapi,
513	/usr/include/gssrpc,
514	/usr/include/kadm5,
515	/usr/include/krb5,
516	/usr/lib/krb5,
517	/usr/share/doc/krb5-&mitkrb-version;,
518	/usr/share/examples/krb5 and
519	/var/lib/krb5kdc
520	</seg>
521	</seglistitem>
522	</segmentedlist>
523
524	<variablelist>
525	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
526	<?dbfo list-presentation="list"?>
527	<?dbhtml list-presentation="table"?>
528
529	<varlistentry id="k5srvutil">
530	<term><command>k5srvutil</command></term>
531	<listitem>
532	<para>
533	is a host keytable manipulation utility.
534	</para>
535	<indexterm zone="mitkrb k5srvutil">
536	<primary sortas="b-k5srvutil">k5srvutil</primary>
537	</indexterm>
538	</listitem>
539	</varlistentry>
540
541	<varlistentry id="kadmin">
542	<term><command>kadmin</command></term>
543	<listitem>
544	<para>
545	is an utility used to make modifications
546	to the Kerberos database.
547	</para>
548	<indexterm zone="mitkrb kadmin">
549	<primary sortas="b-kadmin">kadmin</primary>
550	</indexterm>
551	</listitem>
552	</varlistentry>
553
554	<varlistentry id="kadmind">
555	<term><command>kadmind</command></term>
556	<listitem>
557	<para>
558	is a server for administrative access
559	to a Kerberos database.
560	</para>
561	<indexterm zone="mitkrb kadmind">
562	<primary sortas="b-kadmind">kadmind</primary>
563	</indexterm>
564	</listitem>
565	</varlistentry>
566
567	<varlistentry id="kdb5_util">
568	<term><command>kdb5_util</command></term>
569	<listitem>
570	<para>
571	is the KDC database utility.
572	</para>
573	<indexterm zone="mitkrb kdb5_util">
574	<primary sortas="b-kdb5_util">kdb5_util</primary>
575	</indexterm>
576	</listitem>
577	</varlistentry>
578
579	<varlistentry id="kdestroy">
580	<term><command>kdestroy</command></term>
581	<listitem>
582	<para>
583	removes the current set of tickets.
584	</para>
585	<indexterm zone="mitkrb kdestroy">
586	<primary sortas="b-kdestroy">kdestroy</primary>
587	</indexterm>
588	</listitem>
589	</varlistentry>
590
591	<varlistentry id="kinit">
592	<term><command>kinit</command></term>
593	<listitem>
594	<para>
595	is used to authenticate to the Kerberos server as a
596	principal and acquire a ticket granting ticket that can
597	later be used to obtain tickets for other services.
598	</para>
599	<indexterm zone="mitkrb kinit">
600	<primary sortas="b-kinit">kinit</primary>
601	</indexterm>
602	</listitem>
603	</varlistentry>
604
605	<varlistentry id="klist">
606	<term><command>klist</command></term>
607	<listitem>
608	<para>
609	reads and displays the current tickets in
610	the credential cache.
611	</para>
612	<indexterm zone="mitkrb klist">
613	<primary sortas="b-klist">klist</primary>
614	</indexterm>
615	</listitem>
616	</varlistentry>
617
618	<varlistentry id="kpasswd">
619	<term><command>kpasswd</command></term>
620	<listitem>
621	<para>
622	is a program for changing Kerberos 5 passwords.
623	</para>
624	<indexterm zone="mitkrb kpasswd">
625	<primary sortas="b-kpasswd">kpasswd</primary>
626	</indexterm>
627	</listitem>
628	</varlistentry>
629
630	<varlistentry id="kprop">
631	<term><command>kprop</command></term>
632	<listitem>
633	<para>
634	takes a principal database in a specified format and
635	converts it into a stream of database records.
636	</para>
637	<indexterm zone="mitkrb kprop">
638	<primary sortas="b-kprop">kprop</primary>
639	</indexterm>
640	</listitem>
641	</varlistentry>
642
643	<varlistentry id="kpropd">
644	<term><command>kpropd</command></term>
645	<listitem>
646	<para>
647	receives a database sent by <command>kprop</command>
648	and writes it as a local database.
649	</para>
650	<indexterm zone="mitkrb kpropd">
651	<primary sortas="b-kpropd">kpropd</primary>
652	</indexterm>
653	</listitem>
654	</varlistentry>
655
656	<varlistentry id="krb5-config-prog2">
657	<term><command>krb5-config</command></term>
658	<listitem>
659	<para>
660	gives information on how to link programs against
661	libraries.
662	</para>
663	<indexterm zone="mitkrb krb5-config-prog2">
664	<primary sortas="b-krb5-config">krb5-config</primary>
665	</indexterm>
666	</listitem>
667	</varlistentry>
668
669	<varlistentry id="krb5kdc">
670	<term><command>krb5kdc</command></term>
671	<listitem>
672	<para>
673	is the <application>Kerberos 5</application> server.
674	</para>
675	<indexterm zone="mitkrb krb5kdc">
676	<primary sortas="b-krb5kdc">krb5kdc</primary>
677	</indexterm>
678	</listitem>
679	</varlistentry>
680
681	<varlistentry id="ksu">
682	<term><command>ksu</command></term>
683	<listitem>
684	<para>
685	is the super user program using Kerberos protocol.
686	Requires a properly configured
687	<filename>/etc/shells</filename> and
688	<filename>~/.k5login</filename> containing principals
689	authorized to become super users.
690	</para>
691	<indexterm zone="mitkrb ksu">
692	<primary sortas="b-ksu">ksu</primary>
693	</indexterm>
694	</listitem>
695	</varlistentry>
696
697	<varlistentry id="kswitch">
698	<term><command>kswitch</command></term>
699	<listitem>
700	<para>
701	makes the specified credential cache the
702	primary cache for the collection, if a cache
703	collection is available.
704	</para>
705	<indexterm zone="mitkrb kswitch">
706	<primary sortas="b-kswitch">kswitch</primary>
707	</indexterm>
708	</listitem>
709	</varlistentry>
710
711	<varlistentry id="ktutil">
712	<term><command>ktutil</command></term>
713	<listitem>
714	<para>
715	is a program for managing Kerberos keytabs.
716	</para>
717	<indexterm zone="mitkrb ktutil">
718	<primary sortas="b-ktutil">ktutil</primary>
719	</indexterm>
720	</listitem>
721	</varlistentry>
722
723	<varlistentry id="kvno">
724	<term><command>kvno</command></term>
725	<listitem>
726	<para>
727	prints keyversion numbers of Kerberos principals.
728	</para>
729	<indexterm zone="mitkrb kvno">
730	<primary sortas="b-kvno">kvno</primary>
731	</indexterm>
732	</listitem>
733	</varlistentry>
734
735	<varlistentry id="sclient">
736	<term><command>sclient</command></term>
737	<listitem>
738	<para>
739	used to contact a sample server and authenticate to it
740	using Kerberos 5 tickets, then display the server's
741	response.
742	</para>
743	<indexterm zone="mitkrb sclient">
744	<primary sortas="b-sclient">sclient</primary>
745	</indexterm>
746	</listitem>
747	</varlistentry>
748
749	<varlistentry id="sserver">
750	<term><command>sserver</command></term>
751	<listitem>
752	<para>
753	is the sample Kerberos 5 server.
754	</para>
755	<indexterm zone="mitkrb sserver">
756	<primary sortas="b-sserver">sserver</primary>
757	</indexterm>
758	</listitem>
759	</varlistentry>
760
761	<varlistentry id="libgssapi_krb5">
762	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
763	<listitem>
764	<para>
765	contain the Generic Security Service Application Programming
766	Interface (GSSAPI) functions which provides security services
767	to callers in a generic fashion, supportable with a range of
768	underlying mechanisms and technologies and hence allowing
769	source-level portability of applications to different
770	environments.
771	</para>
772	<indexterm zone="mitkrb libgssapi_krb5">
773	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
774	</indexterm>
775	</listitem>
776	</varlistentry>
777
778	<varlistentry id="libkadm5clnt">
779	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
780	<listitem>
781	<para>
782	contains the administrative authentication and password checking
783	functions required by Kerberos 5 client-side programs.
784	</para>
785	<indexterm zone="mitkrb libkadm5clnt">
786	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="libkadm5srv">
792	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
793	<listitem>
794	<para>
795	contain the administrative authentication and password
796	checking functions required by Kerberos 5 servers.
797	</para>
798	<indexterm zone="mitkrb libkadm5srv">
799	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
800	</indexterm>
801	</listitem>
802	</varlistentry>
803
804	<varlistentry id="libkdb5">
805	<term><filename class="libraryfile">libkdb5.so</filename></term>
806	<listitem>
807	<para>
808	is a Kerberos 5 authentication/authorization database
809	access library.
810	</para>
811	<indexterm zone="mitkrb libkdb5">
812	<primary sortas="c-libkdb5">libkdb5.so</primary>
813	</indexterm>
814	</listitem>
815	</varlistentry>
816
817	<varlistentry id="libkrad">
818	<term><filename class="libraryfile">libkrad.so</filename></term>
819	<listitem>
820	<para>
821	contains the internal support library for RADIUS functionality.
822	</para>
823	<indexterm zone="mitkrb libkrad">
824	<primary sortas="c-libkrad">libkrad.so</primary>
825	</indexterm>
826	</listitem>
827	</varlistentry>
828
829	<varlistentry id="libkrb5">
830	<term><filename class="libraryfile">libkrb5.so</filename></term>
831	<listitem>
832	<para>
833	is an all-purpose <application>Kerberos 5</application> library.
834	</para>
835	<indexterm zone="mitkrb libkrb5">
836	<primary sortas="c-libkrb5">libkrb5.so</primary>
837	</indexterm>
838	</listitem>
839	</varlistentry>
840
841	</variablelist>
842
843	</sect2>
844
845	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb-systemd.xml@ af637d2

Download in other formats: