source: postlfs/security/mitkrb-systemd.xml@ ec5324f

systemd-13485
Last change on this file since ec5324f was cb0bbd2, checked in by Douglas R. Reno <renodr@…>, 9 years ago

Update to gjs-1.43.3
Update to libsecret-0.18.3
Update to sqlite-3.8.11.1
Update to nss-3.19.3
Update to gsettings-desktop-schemas-3.16.1
Update to firefox-40.0.2
Added some short descriptions by Denis.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16346 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 30.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "f7ebfa6c99c10b16979ebf9a98343189">
10 <!ENTITY mitkrb-size "12 MB">
11 <!ENTITY mitkrb-buildsize "142 MB (Additional 28 MB for the testsuite)">
12 <!ENTITY mitkrb-time "0.9 SBU (additional 5.0 SBU for the testsuite)">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para>
33 <application>MIT Kerberos V5</application> is a free implementation
34 of Kerberos 5. Kerberos is a network authentication protocol. It
35 centralizes the authentication database and uses kerberized
36 applications to work with servers or services that support Kerberos
37 allowing single logins and encrypted communication over internal
38 networks or the Internet.
39 </para>
40
41 &lfs77_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &mitkrb-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &mitkrb-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &mitkrb-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &mitkrb-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <xref linkend="bind-utils"/> (used during the testsuite),
82 <xref linkend="dejagnu"/> (for full test coverage),
83 <xref linkend="gnupg2"/> (to authenticate the package),
84 <xref linkend="keyutils"/>,
85 <xref linkend="openldap"/>,
86 <xref linkend="openssl"/>,
87 <xref linkend="python2"/> (used during the testsuite),
88 <xref linkend="tcl"/> and
89 <xref linkend="rpcbind"/> (used during the testsuite)
90 </para>
91
92 <note>
93 <para>
94 Some sort of time synchronization facility on your system (like
95 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
96 if there is a time difference between a kerberized client and the
97 KDC server.
98 </para>
99 </note>
100
101 <para condition="html" role="usernotes">User Notes:
102 <ulink url="&blfs-wiki;/mitkrb"/>
103 </para>
104 </sect2>
105
106 <sect2 role="installation">
107 <title>Installation of MIT Kerberos V5</title>
108
109 <para>
110 <application>MIT Kerberos V5</application> is distributed in a
111 TAR file containing a compressed TAR package and a detached PGP
112 <filename class="extension">ASC</filename> file. You'll need to unpack
113 the distribution tar file, then unpack the compressed tar file before
114 starting the build.
115 </para>
116
117 <para>
118 After unpacking the distribution tarball and if you have
119 <xref linkend="gnupg2"/> installed, you can
120 authenticate the package. First, check the contents of the file
121 <filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
122 </para>
123
124<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
125
126 <para>You will probably see output similar to:</para>
127
128<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
129gpg: Can't check signature: No public key</literal></screen>
130
131 <para>
132 You can import the public key with:
133 </para>
134
135<screen><userinput>gpg2 --keyserver pgp.mit.edu --recv-keys 0055C305</userinput></screen>
136
137 <para>
138 Now re-verify the package with the first command above. You should get a
139 indication of a good signature, but the key will still not be certified
140 with a trusted signature. Trusting the downloaded key is a separate
141 operation but it is up to you to determine the level of trust.
142 </para>
143
144 <para>
145 Build <application>MIT Kerberos V5</application> by running the
146 following commands:
147 </para>
148
149<screen><userinput>cd src &amp;&amp;
150sed -e "s@python2.5/Python.h@&amp; python2.7/Python.h@g" \
151 -e "s@-lpython2.5]@&amp;,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
152 -i configure.in &amp;&amp;
153autoconf &amp;&amp;
154./configure --prefix=/usr \
155 --sysconfdir=/etc \
156 --localstatedir=/var/lib \
157 --with-system-et \
158 --with-system-ss \
159 --without-system-verto \
160 --enable-dns-for-realm &amp;&amp;
161make</userinput></screen>
162
163 <para>
164 To test the build, issue: <command>make check</command>. You need at
165 least <xref linkend="tcl"/>, which is used to drive the testsuite.
166 Furthermore, <xref linkend="dejagnu"/> must be available for some
167 of the tests to run. If you have a former version of MIT Kerberos V5
168 installed, it may happen that the test suite pick up the installed
169 versions of the libraries, rather than the newly built ones. If so,
170 it is better to run the tests after the installation.
171 </para>
172
173 <para>
174 Now, as the <systemitem class="username">root</systemitem> user:
175 </para>
176
177<screen role="root"><userinput>make install &amp;&amp;
178
179for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
180 kdb5 kdb_ldap krad krb5 krb5support verto ; do
181 [ -e /usr/lib/lib$LIBRARY.so ] &amp;&amp; chmod -v 755 /usr/lib/lib$LIBRARY.so
182done &amp;&amp;
183unset LIBRARY &amp;&amp;
184
185mv -v /usr/lib/libkrb5.so.* /lib &amp;&amp;
186mv -v /usr/lib/libk5crypto.so.* /lib &amp;&amp;
187mv -v /usr/lib/libkrb5support.so.* /lib &amp;&amp;
188
189ln -sfv ../../lib/$(readlink /usr/lib/libkrb5.so) /usr/lib/libkrb5.so &amp;&amp;
190ln -sfv ../../lib/$(readlink /usr/lib/libk5crypto.so) /usr/lib/libk5crypto.so &amp;&amp;
191ln -sfv ../../lib/$(readlink /usr/lib/libkrb5support.so) /usr/lib/libkrb5support.so &amp;&amp;
192
193mv -v /usr/bin/ksu /bin &amp;&amp;
194chmod -v 755 /bin/ksu &amp;&amp;
195
196install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
197cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
198
199
200 </sect2>
201
202 <sect2 role="commands">
203 <title>Command Explanations</title>
204
205 <para>
206 <command>sed -e ...</command>: This <command>sed</command> fixes
207 <application>Python</application> detection.
208 </para>
209
210 <para>
211 <parameter>--localstatedir=/var/lib</parameter>: This switch is
212 used so that the Kerberos variable run-time data is located in
213 <filename class="directory">/var/lib</filename> instead of
214 <filename class="directory">/usr/var</filename>.
215 </para>
216
217 <para>
218 <parameter>--with-system-et</parameter>: This switch causes the build
219 to use the system-installed versions of the error-table support
220 software.
221 </para>
222
223 <para>
224 <parameter>--with-system-ss</parameter>: This switch causes the build
225 to use the system-installed versions of the subsystem command-line
226 interface software.
227 </para>
228
229 <para>
230 <parameter>--without-system-verto</parameter>: This switch causes
231 the build to use the internal version of <filename
232 class="libraryfile">libverto</filename> library in case older one
233 is present from previous <application>Kerberos</application>
234 installation.
235 </para>
236
237 <para>
238 <parameter>--enable-dns-for-realm</parameter>: This switch allows
239 realms to be resolved using the DNS server.
240 </para>
241
242 <para>
243 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
244 <command>ksu</command> program to the
245 <filename class="directory">/bin</filename> directory so that it is
246 available when the <filename class="directory">/usr</filename>
247 filesystem is not mounted.
248 </para>
249
250 <para>
251 <option>--with-ldap</option>: Use this switch if you want to compile
252 <application>OpenLDAP</application> database backend module.
253 </para>
254
255 </sect2>
256
257 <sect2 role="configuration">
258 <title>Configuring MIT Kerberos V5</title>
259
260 <sect3 id="krb5-config">
261 <title>Config Files</title>
262
263 <para>
264 <filename>/etc/krb5.conf</filename> and
265 <filename>/var/lib/krb5kdc/kdc.conf</filename>
266 </para>
267
268 <indexterm zone="mitkrb krb5-config">
269 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
270 </indexterm>
271
272 <indexterm zone="mitkrb krb5-config">
273 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
274 </indexterm>
275
276 </sect3>
277
278 <sect3>
279 <title>Configuration Information</title>
280
281 <sect4>
282 <title>Kerberos Configuration</title>
283
284 <tip>
285 <para>
286 You should consider installing some sort of password checking
287 dictionary so that you can configure the installation to only
288 accept strong passwords. A suitable dictionary to use is shown in
289 the <xref linkend="cracklib"/> instructions. Note that only one
290 file can be used, but you can concatenate many files into one. The
291 configuration file shown below assumes you have installed a
292 dictionary to <filename>/usr/share/dict/words</filename>.
293 </para>
294 </tip>
295
296 <para>
297 Create the Kerberos configuration file with the following
298 commands issued by the <systemitem class="username">root</systemitem>
299 user:
300 </para>
301
302<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
303<literal># Begin /etc/krb5.conf
304
305[libdefaults]
306 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
307 encrypt = true
308
309[realms]
310 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
311 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
312 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
313 dict_file = /usr/share/dict/words
314 }
315
316[domain_realm]
317 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
318
319[logging]
320 kdc = SYSLOG[:INFO[:AUTH]]
321 admin_server = SYSLOG[INFO[:AUTH]]
322 default = SYSLOG[[:SYS]]
323
324# End /etc/krb5.conf</literal>
325EOF</userinput></screen>
326
327 <para>
328 You will need to substitute your domain and proper hostname for the
329 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
330 <replaceable>&lt;lfs.org&gt;</replaceable> names.
331 </para>
332
333 <para>
334 <option>default_realm</option> should be the name of your
335 domain changed to ALL CAPS. This isn't required, but both
336 <application>Heimdal</application> and MIT recommend it.
337 </para>
338
339 <para>
340 <option>encrypt = true</option> provides encryption of all traffic
341 between kerberized clients and servers. It's not necessary and can
342 be left off. If you leave it off, you can encrypt all traffic from
343 the client to the server using a switch on the client program
344 instead.
345 </para>
346
347 <para>
348 The <option>[realms]</option> parameters tell the client programs
349 where to look for the KDC authentication services.
350 </para>
351
352 <para>
353 The <option>[domain_realm]</option> section maps a domain to a realm.
354 </para>
355
356 <para>
357 Create the KDC database:
358 </para>
359
360<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
361
362 <para>
363 Now you should populate the database with principals
364 (users). For now, just use your regular login name or
365 <systemitem class="username">root</systemitem>.
366 </para>
367
368<screen role="root"><userinput>kadmin.local
369<prompt>kadmin.local:</prompt> add_policy dict-only
370<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
371
372 <para>
373 The KDC server and any machine running kerberized
374 server daemons must have a host key installed:
375 </para>
376
377<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
378
379 <para>
380 After choosing the defaults when prompted, you will have to
381 export the data to a keytab file:
382 </para>
383
384<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
385
386 <para>
387 This should have created a file in
388 <filename class="directory">/etc</filename> named
389 <filename>krb5.keytab</filename> (Kerberos 5). This file should
390 have 600 (<systemitem class="username">root</systemitem> rw only)
391 permissions. Keeping the keytab files from public access is crucial
392 to the overall security of the Kerberos installation.
393 </para>
394
395 <para>
396 Exit the <command>kadmin</command> program (use
397 <command>quit</command> or <command>exit</command>) and return
398 back to the shell prompt. Start the KDC daemon manually, just to
399 test out the installation:
400 </para>
401
402<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
403
404 <para>
405 Attempt to get a ticket with the following command:
406 </para>
407
408<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
409
410 <para>
411 You will be prompted for the password you created. After you
412 get your ticket, you can list it with the following command:
413 </para>
414
415<screen><userinput>klist</userinput></screen>
416
417 <para>
418 Information about the ticket should be displayed on the
419 screen.
420 </para>
421
422 <para>
423 To test the functionality of the keytab file, issue the
424 following command:
425 </para>
426
427<screen><userinput>ktutil
428<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
429<prompt>ktutil:</prompt> l</userinput></screen>
430
431 <para>
432 This should dump a list of the host principal, along with
433 the encryption methods used to access the principal.
434 </para>
435
436 <para>
437 At this point, if everything has been successful so far, you
438 can feel fairly confident in the installation and configuration of
439 the package.
440 </para>
441
442 </sect4>
443
444 <sect4>
445 <title>Additional Information</title>
446
447 <para>
448 For additional information consult the <ulink
449 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
450 documentation for krb5-&mitkrb-version;</ulink> on which the above
451 instructions are based.
452 </para>
453
454 </sect4>
455
456 </sect3>
457
458 <sect3 id="mitkrb-init">
459 <title>Systemd Units</title>
460
461 <para>
462 To start the Kerberos services at boot,
463 install the systemd units from the <xref linkend="bootscripts"/>
464 package by running the following command as the
465 <systemitem class="username">root</systemitem> user:
466 </para>
467
468 <indexterm zone="mitkrb mitkrb-init">
469 <primary sortas="f-krb5">krb5</primary>
470 </indexterm>
471
472<screen role="root"><userinput>make install-krb5</userinput></screen>
473
474 </sect3>
475
476 </sect2>
477
478 <sect2 role="content">
479
480 <title>Contents</title>
481 <para></para>
482
483 <segmentedlist>
484 <segtitle>Installed Programs</segtitle>
485 <segtitle>Installed Libraries</segtitle>
486 <segtitle>Installed Directories</segtitle>
487
488 <seglistitem>
489 <seg>
490 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
491 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
492 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
493 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
494 sserver, uuclient and uuserver
495 </seg>
496 <seg>
497 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
498 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
499 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so, and
500 libverto.so
501 </seg>
502 <seg>
503 /usr/include/gssapi,
504 /usr/include/gssrpc,
505 /usr/include/kadm5,
506 /usr/include/krb5,
507 /usr/lib/krb5,
508 /usr/share/doc/krb5-&mitkrb-version;,
509 /usr/share/examples/krb5 and
510 /var/lib/krb5kdc
511 </seg>
512 </seglistitem>
513 </segmentedlist>
514
515 <variablelist>
516 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
517 <?dbfo list-presentation="list"?>
518 <?dbhtml list-presentation="table"?>
519
520 <varlistentry id="gss-client">
521 <term><command>gss-client</command></term>
522 <listitem>
523 <para>
524 is a GSSAPI test client.
525 </para>
526 <indexterm zone="mitkrb gss-client">
527 <primary sortas="b-gss-client">gss-client</primary>
528 </indexterm>
529 </listitem>
530 </varlistentry>
531
532 <varlistentry id="gss-server">
533 <term><command>gss-server</command></term>
534 <listitem>
535 <para>
536 is a GSSAPI test server.
537 </para>
538 <indexterm zone="mitkrb gss-server">
539 <primary sortas="b-gss-server">gss-server</primary>
540 </indexterm>
541 </listitem>
542 </varlistentry>
543
544 <varlistentry id="k5srvutil">
545 <term><command>k5srvutil</command></term>
546 <listitem>
547 <para>
548 is a host keytable manipulation utility.
549 </para>
550 <indexterm zone="mitkrb k5srvutil">
551 <primary sortas="b-k5srvutil">k5srvutil</primary>
552 </indexterm>
553 </listitem>
554 </varlistentry>
555
556 <varlistentry id="kadmin">
557 <term><command>kadmin</command></term>
558 <listitem>
559 <para>
560 is a utility used to make modifications
561 to the Kerberos database.
562 </para>
563 <indexterm zone="mitkrb kadmin">
564 <primary sortas="b-kadmin">kadmin</primary>
565 </indexterm>
566 </listitem>
567 </varlistentry>
568
569 <varlistentry id="kadmind">
570 <term><command>kadmind</command></term>
571 <listitem>
572 <para>
573 is a server for administrative access
574 to a Kerberos database.
575 </para>
576 <indexterm zone="mitkrb kadmind">
577 <primary sortas="b-kadmind">kadmind</primary>
578 </indexterm>
579 </listitem>
580 </varlistentry>
581
582 <varlistentry id="kdb5_ldap_util">
583 <term><command>kdb5_ldap_util (optional)</command></term>
584 <listitem>
585 <para>
586 allows an administrator to manage realms, Kerberos services
587 and ticket policies.
588 </para>
589 <indexterm zone="mitkrb kdb5_ldap_util">
590 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
591 </indexterm>
592 </listitem>
593 </varlistentry>
594
595 <varlistentry id="kdb5_util">
596 <term><command>kdb5_util</command></term>
597 <listitem>
598 <para>
599 is the KDC database utility.
600 </para>
601 <indexterm zone="mitkrb kdb5_util">
602 <primary sortas="b-kdb5_util">kdb5_util</primary>
603 </indexterm>
604 </listitem>
605 </varlistentry>
606
607 <varlistentry id="kdestroy">
608 <term><command>kdestroy</command></term>
609 <listitem>
610 <para>
611 removes the current set of tickets.
612 </para>
613 <indexterm zone="mitkrb kdestroy">
614 <primary sortas="b-kdestroy">kdestroy</primary>
615 </indexterm>
616 </listitem>
617 </varlistentry>
618
619 <varlistentry id="kinit">
620 <term><command>kinit</command></term>
621 <listitem>
622 <para>
623 is used to authenticate to the Kerberos server as a
624 principal and acquire a ticket granting ticket that can
625 later be used to obtain tickets for other services.
626 </para>
627 <indexterm zone="mitkrb kinit">
628 <primary sortas="b-kinit">kinit</primary>
629 </indexterm>
630 </listitem>
631 </varlistentry>
632
633 <varlistentry id="klist">
634 <term><command>klist</command></term>
635 <listitem>
636 <para>
637 reads and displays the current tickets in
638 the credential cache.
639 </para>
640 <indexterm zone="mitkrb klist">
641 <primary sortas="b-klist">klist</primary>
642 </indexterm>
643 </listitem>
644 </varlistentry>
645
646 <varlistentry id="kpasswd">
647 <term><command>kpasswd</command></term>
648 <listitem>
649 <para>
650 is a program for changing Kerberos 5 passwords.
651 </para>
652 <indexterm zone="mitkrb kpasswd">
653 <primary sortas="b-kpasswd">kpasswd</primary>
654 </indexterm>
655 </listitem>
656 </varlistentry>
657
658 <varlistentry id="kprop">
659 <term><command>kprop</command></term>
660 <listitem>
661 <para>
662 takes a principal database in a specified format and
663 converts it into a stream of database records.
664 </para>
665 <indexterm zone="mitkrb kprop">
666 <primary sortas="b-kprop">kprop</primary>
667 </indexterm>
668 </listitem>
669 </varlistentry>
670
671 <varlistentry id="kpropd">
672 <term><command>kpropd</command></term>
673 <listitem>
674 <para>
675 receives a database sent by <command>kprop</command>
676 and writes it as a local database.
677 </para>
678 <indexterm zone="mitkrb kpropd">
679 <primary sortas="b-kpropd">kpropd</primary>
680 </indexterm>
681 </listitem>
682 </varlistentry>
683
684 <varlistentry id="kproplog">
685 <term><command>kproplog</command></term>
686 <listitem>
687 <para>
688 displays the contents of the KDC database update log to standard
689 output.
690 </para>
691 <indexterm zone="mitkrb kproplog">
692 <primary sortas="b-kproplog">kproplog</primary>
693 </indexterm>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry id="krb5-config-prog2">
698 <term><command>krb5-config</command></term>
699 <listitem>
700 <para>
701 gives information on how to link programs against
702 libraries.
703 </para>
704 <indexterm zone="mitkrb krb5-config-prog2">
705 <primary sortas="b-krb5-config">krb5-config</primary>
706 </indexterm>
707 </listitem>
708 </varlistentry>
709
710 <varlistentry id="krb5kdc">
711 <term><command>krb5kdc</command></term>
712 <listitem>
713 <para>
714 is the <application>Kerberos 5</application> server.
715 </para>
716 <indexterm zone="mitkrb krb5kdc">
717 <primary sortas="b-krb5kdc">krb5kdc</primary>
718 </indexterm>
719 </listitem>
720 </varlistentry>
721
722 <varlistentry id="krb-send-pr">
723 <term><command>krb-send-pr</command></term>
724 <listitem>
725 <para>
726 send problem report (PR) to a central support site.
727 </para>
728 <indexterm zone="mitkrb krb-send-pr">
729 <primary sortas="b-krb-send-pr">krb-send-pr</primary>
730 </indexterm>
731 </listitem>
732 </varlistentry>
733
734 <varlistentry id="ksu">
735 <term><command>ksu</command></term>
736 <listitem>
737 <para>
738 is the super user program using Kerberos protocol.
739 Requires a properly configured
740 <filename>/etc/shells</filename> and
741 <filename>~/.k5login</filename> containing principals
742 authorized to become super users.
743 </para>
744 <indexterm zone="mitkrb ksu">
745 <primary sortas="b-ksu">ksu</primary>
746 </indexterm>
747 </listitem>
748 </varlistentry>
749
750 <varlistentry id="kswitch">
751 <term><command>kswitch</command></term>
752 <listitem>
753 <para>
754 makes the specified credential cache the
755 primary cache for the collection, if a cache
756 collection is available.
757 </para>
758 <indexterm zone="mitkrb kswitch">
759 <primary sortas="b-kswitch">kswitch</primary>
760 </indexterm>
761 </listitem>
762 </varlistentry>
763
764 <varlistentry id="ktutil">
765 <term><command>ktutil</command></term>
766 <listitem>
767 <para>
768 is a program for managing Kerberos keytabs.
769 </para>
770 <indexterm zone="mitkrb ktutil">
771 <primary sortas="b-ktutil">ktutil</primary>
772 </indexterm>
773 </listitem>
774 </varlistentry>
775
776 <varlistentry id="kvno">
777 <term><command>kvno</command></term>
778 <listitem>
779 <para>
780 prints keyversion numbers of Kerberos principals.
781 </para>
782 <indexterm zone="mitkrb kvno">
783 <primary sortas="b-kvno">kvno</primary>
784 </indexterm>
785 </listitem>
786 </varlistentry>
787
788 <varlistentry id="sclient">
789 <term><command>sclient</command></term>
790 <listitem>
791 <para>
792 used to contact a sample server and authenticate to it
793 using Kerberos 5 tickets, then display the server's
794 response.
795 </para>
796 <indexterm zone="mitkrb sclient">
797 <primary sortas="b-sclient">sclient</primary>
798 </indexterm>
799 </listitem>
800 </varlistentry>
801
802 <varlistentry id="sim_client">
803 <term><command>sim_client</command></term>
804 <listitem>
805 <para>
806 is a simple UDP-based sample client program, for
807 demonstration.
808 </para>
809 <indexterm zone="mitkrb sim_client">
810 <primary sortas="b-sim_client">sim_client</primary>
811 </indexterm>
812 </listitem>
813 </varlistentry>
814
815 <varlistentry id="sim_server">
816 <term><command>sim_server</command></term>
817 <listitem>
818 <para>
819 is a simple UDP-based server application, for
820 demonstration.
821 </para>
822 <indexterm zone="mitkrb sim_server">
823 <primary sortas="b-sim_server">sim_server</primary>
824 </indexterm>
825 </listitem>
826 </varlistentry>
827
828 <varlistentry id="sserver">
829 <term><command>sserver</command></term>
830 <listitem>
831 <para>
832 is the sample Kerberos 5 server.
833 </para>
834 <indexterm zone="mitkrb sserver">
835 <primary sortas="b-sserver">sserver</primary>
836 </indexterm>
837 </listitem>
838 </varlistentry>
839
840 <varlistentry id="uuclient">
841 <term><command>uuclient</command></term>
842 <listitem>
843 <para>
844 is an another sample client.
845 </para>
846 <indexterm zone="mitkrb uuclient">
847 <primary sortas="b-uuclient">uuclient</primary>
848 </indexterm>
849 </listitem>
850 </varlistentry>
851
852 <varlistentry id="uuserver">
853 <term><command>uuserver</command></term>
854 <listitem>
855 <para>
856 is an another sample server.
857 </para>
858 <indexterm zone="mitkrb uuserver">
859 <primary sortas="b-uuserver">uuserver</primary>
860 </indexterm>
861 </listitem>
862 </varlistentry>
863
864
865 <varlistentry id="libgssapi_krb5">
866 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
867 <listitem>
868 <para>
869 contain the Generic Security Service Application Programming
870 Interface (GSSAPI) functions which provides security services
871 to callers in a generic fashion, supportable with a range of
872 underlying mechanisms and technologies and hence allowing
873 source-level portability of applications to different
874 environments.
875 </para>
876 <indexterm zone="mitkrb libgssapi_krb5">
877 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
878 </indexterm>
879 </listitem>
880 </varlistentry>
881
882 <varlistentry id="libkadm5clnt">
883 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
884 <listitem>
885 <para>
886 contains the administrative authentication and password checking
887 functions required by Kerberos 5 client-side programs.
888 </para>
889 <indexterm zone="mitkrb libkadm5clnt">
890 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
891 </indexterm>
892 </listitem>
893 </varlistentry>
894
895 <varlistentry id="libkadm5srv">
896 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
897 <listitem>
898 <para>
899 contain the administrative authentication and password
900 checking functions required by Kerberos 5 servers.
901 </para>
902 <indexterm zone="mitkrb libkadm5srv">
903 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
904 </indexterm>
905 </listitem>
906 </varlistentry>
907
908 <varlistentry id="libkdb5">
909 <term><filename class="libraryfile">libkdb5.so</filename></term>
910 <listitem>
911 <para>
912 is a Kerberos 5 authentication/authorization database
913 access library.
914 </para>
915 <indexterm zone="mitkrb libkdb5">
916 <primary sortas="c-libkdb5">libkdb5.so</primary>
917 </indexterm>
918 </listitem>
919 </varlistentry>
920
921 <varlistentry id="libkrad">
922 <term><filename class="libraryfile">libkrad.so</filename></term>
923 <listitem>
924 <para>
925 contains the internal support library for RADIUS functionality.
926 </para>
927 <indexterm zone="mitkrb libkrad">
928 <primary sortas="c-libkrad">libkrad.so</primary>
929 </indexterm>
930 </listitem>
931 </varlistentry>
932
933 <varlistentry id="libkrb5">
934 <term><filename class="libraryfile">libkrb5.so</filename></term>
935 <listitem>
936 <para>
937 is an all-purpose <application>Kerberos 5</application> library.
938 </para>
939 <indexterm zone="mitkrb libkrb5">
940 <primary sortas="c-libkrb5">libkrb5.so</primary>
941 </indexterm>
942 </listitem>
943 </varlistentry>
944
945 </variablelist>
946
947 </sect2>
948
949</sect1>
Note: See TracBrowser for help on using the repository browser.