Context Navigation

mitkrb.xml@ 3ff3b9b

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 3ff3b9b was 3ff3b9b, checked in by Krejzi <krejzi@…>, 11 years ago

Some more package updates, fix iptables compilation.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10927 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 26.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.11/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "1a13c53899806c4da99a798a04d25545">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "125 MB (Additional 20 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.4 SBU (additional 2.0 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs72_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (required to run the testsuite),
82	<xref linkend="keyutils"/>,
83	<xref linkend="openldap"/> and
84	<xref linkend="python2"/> (used during the testsuite).
85	</para>
86
87	<note>
88	<para>
89	Some sort of time synchronization facility on your system (like
90	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
91	if there is a time difference between a kerberized client and the
92	KDC server.
93	</para>
94	</note>
95
96	<para condition="html" role="usernotes">User Notes:
97	<ulink url="&blfs-wiki;/mitkrb"/>
98	</para>
99	</sect2>
100
101	<sect2 role="installation">
102	<title>Installation of MIT Kerberos V5</title>
103
104	<para>
105	<application>MIT Kerberos V5</application> is distributed in a
106	TAR file containing a compressed TAR package and a detached PGP
107	<filename class="extension">ASC</filename> file. You'll need to unpack
108	the distribution tar file, then unpack the compressed tar file before
109	starting the build.
110	</para>
111
112	<para>
113	After unpacking the distribution tarball and if you have
114	<xref linkend="gnupg"/> installed, you can
115	authenticate the package. First, check the contents of the file
116	<filename>krb5-1.10.3.tar.gz.asc</filename>.
117	</para>
118
119	<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
120
121	<para>You will probably see output similar to:</para>
122
123	<screen>gpg: Signature made Wed Aug 8 22:29:58 2012 GMT using RSA key ID F376813D
124	gpg: Can't check signature: public key not found</screen>
125
126	<para>
127	You can import the public key with:
128	</para>
129
130	<screen><userinput>gpg gpg --keyserver pgp.mit.edu --recv-keys 0xF376813D</userinput></screen>
131
132	<para>
133	Now re-verify the package with the first command above. You should get a
134	indication of a good signature, but the key will still not be certified
135	with a trusted signature. Trusting the downloaded key is a separate
136	operation but it is up to you to determine the level of trust.
137	</para>
138
139	<para>
140	Build <application>MIT Kerberos V5</application> by running the
141	following commands:
142	</para>
143
144	<screen><userinput>cd src &&
145	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
146	--prefix=/usr \
147	--localstatedir=/var/lib \
148	--with-system-et \
149	--with-system-ss \
150	--enable-dns-for-realm &&
151	make</userinput></screen>
152
153	<para>
154	The regression test suite is designed to be run after the
155	installation has been completed.
156	</para>
157
158	<para>
159	Now, as the <systemitem class="username">root</systemitem> user:
160	</para>
161
162	<screen role="root"><userinput>make install &&
163
164	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit kadm5srv_mit \
165	kdb5 krb5 krb5support verto ; do
166	chmod -v 755 /usr/lib/lib$LIBRARY.so..
167	done &&
168
169	mv -v /usr/lib/libkrb5.so.3* /lib &&
170	mv -v /usr/lib/libk5crypto.so.3* /lib &&
171	mv -v /usr/lib/libkrb5support.so.0* /lib &&
172
173	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
174	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
175	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
176
177	mv -v /usr/bin/ksu /bin &&
178	chmod -v 755 /bin/ksu &&
179
180	install -m644 -v ../doc/*.info /usr/share/info &&
181
182	for INFOFILE in admin install user; do
183	install-info --info-dir=/usr/share/info \
184	/usr/share/info/krb5-$INFOFILE.info
185	rm ../doc/krb5-$INFOFILE.info
186	done &&
187
188	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
189	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
190
191	unset LIBRARY INFOFILE</userinput></screen>
192
193	<para>
194	To test the installation, you must have <xref linkend="dejagnu"/>
195	installed and issue: <command>make check</command>.
196	</para>
197
198	</sect2>
199
200	<sect2 role="commands">
201	<title>Command Explanations</title>
202
203	<para>
204	<option>--enable-dns-for-realm</option>: This switch allows
205	realms to be resolved using the DNS server.
206	</para>
207
208	<para>
209	<option>--with-system-et</option>: This switch causes the build
210	to use the system-installed versions of the error-table support
211	software.
212	</para>
213
214	<para>
215	<option>--with-system-ss</option>: This switch causes the build
216	to use the system-installed versions of the subsystem command-line
217	interface software.
218	</para>
219
220	<para>
221	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
222	used so that the Kerberos variable run-time data is located in
223	<filename class="directory">/var/lib</filename> instead of
224	<filename class="directory">/usr/var</filename>.
225	</para>
226
227	<para>
228	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
229	<command>ksu</command> program to the
230	<filename class="directory">/bin</filename> directory so that it is
231	available when the <filename class="directory">/usr</filename>
232	filesystem is not mounted.
233	</para>
234
235	<para>
236	<option>--with-ldap</option>: Use this switch if you want to compile
237	<application>OpenLDAP</application> database backend module.
238	</para>
239
240	</sect2>
241
242	<sect2 role="configuration">
243	<title>Configuring MIT Kerberos V5</title>
244
245	<sect3 id="krb5-config">
246	<title>Config Files</title>
247
248	<para>
249	<filename>/etc/krb5.conf</filename> and
250	<filename>/var/lib/krb5kdc/kdc.conf</filename>
251	</para>
252
253	<indexterm zone="mitkrb krb5-config">
254	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
255	</indexterm>
256
257	<indexterm zone="mitkrb krb5-config">
258	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
259	</indexterm>
260
261	</sect3>
262
263	<sect3>
264	<title>Configuration Information</title>
265
266	<sect4>
267	<title>Kerberos Configuration</title>
268
269	<tip>
270	<para>
271	You should consider installing some sort of password checking
272	dictionary so that you can configure the installation to only
273	accept strong passwords. A suitable dictionary to use is shown in
274	the <xref linkend="cracklib"/> instructions. Note that only one
275	file can be used, but you can concatenate many files into one. The
276	configuration file shown below assumes you have installed a
277	dictionary to <filename>/usr/share/dict/words</filename>.
278	</para>
279	</tip>
280
281	<para>
282	Create the Kerberos configuration file with the following
283	commands issued by the <systemitem class="username">root</systemitem>
284	user:
285	</para>
286
287	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
288	<literal># Begin /etc/krb5.conf
289
290	[libdefaults]
291	default_realm = <replaceable><LFS.ORG></replaceable>
292	encrypt = true
293
294	[realms]
295	<replaceable><LFS.ORG></replaceable> = {
296	kdc = <replaceable><belgarath.lfs.org></replaceable>
297	admin_server = <replaceable><belgarath.lfs.org></replaceable>
298	dict_file = /usr/share/dict/words
299	}
300
301	[domain_realm]
302	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
303
304	[logging]
305	kdc = SYSLOG[:INFO[:AUTH]]
306	admin_server = SYSLOG[INFO[:AUTH]]
307	default = SYSLOG[[:SYS]]
308
309	# End /etc/krb5.conf</literal>
310	EOF</userinput></screen>
311
312	<para>
313	You will need to substitute your domain and proper hostname for the
314	occurrences of the <replaceable><belgarath></replaceable> and
315	<replaceable><lfs.org></replaceable> names.
316	</para>
317
318	<para>
319	<option>default_realm</option> should be the name of your
320	domain changed to ALL CAPS. This isn't required, but both
321	<application>Heimdal</application> and MIT recommend it.
322	</para>
323
324	<para>
325	<option>encrypt = true</option> provides encryption of all traffic
326	between kerberized clients and servers. It's not necessary and can
327	be left off. If you leave it off, you can encrypt all traffic from
328	the client to the server using a switch on the client program
329	instead.
330	</para>
331
332	<para>
333	The <option>[realms]</option> parameters tell the client programs
334	where to look for the KDC authentication services.
335	</para>
336
337	<para>
338	The <option>[domain_realm]</option> section maps a domain to a realm.
339	</para>
340
341	<para>
342	Create the KDC database:
343	</para>
344
345	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
346
347	<para>
348	Now you should populate the database with principals
349	(users). For now, just use your regular login name or
350	<systemitem class="username">root</systemitem>.
351	</para>
352
353	<screen role="root"><userinput>kadmin.local
354	<prompt>kadmin:</prompt> add_policy dict-only
355	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
356
357	<para>
358	The KDC server and any machine running kerberized
359	server daemons must have a host key installed:
360	</para>
361
362	<screen role="root"><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
363
364	<para>
365	After choosing the defaults when prompted, you will have to
366	export the data to a keytab file:
367	</para>
368
369	<screen role="root"><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
370
371	<para>
372	This should have created a file in
373	<filename class="directory">/etc</filename> named
374	<filename>krb5.keytab</filename> (Kerberos 5). This file should
375	have 600 (<systemitem class="username">root</systemitem> rw only)
376	permissions. Keeping the keytab files from public access is crucial
377	to the overall security of the Kerberos installation.
378	</para>
379
380	<para>
381	Exit the <command>kadmin</command> program (use
382	<command>quit</command> or <command>exit</command>) and return
383	back to the shell prompt. Start the KDC daemon manually, just to
384	test out the installation:
385	</para>
386
387	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
388
389	<para>
390	Attempt to get a ticket with the following command:
391	</para>
392
393	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
394
395	<para>
396	You will be prompted for the password you created. After you
397	get your ticket, you can list it with the following command:
398	</para>
399
400	<screen><userinput>klist</userinput></screen>
401
402	<para>
403	Information about the ticket should be displayed on the
404	screen.
405	</para>
406
407	<para>
408	To test the functionality of the keytab file, issue the
409	following command:
410	</para>
411
412	<screen><userinput>ktutil
413	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
414	<prompt>ktutil:</prompt> l</userinput></screen>
415
416	<para>
417	This should dump a list of the host principal, along with
418	the encryption methods used to access the principal.
419	</para>
420
421	<para>
422	At this point, if everything has been successful so far, you
423	can feel fairly confident in the installation and configuration of
424	the package.
425	</para>
426
427	</sect4>
428
429	<sect4>
430	<title>Additional Information</title>
431
432	<para>
433	For additional information consult <ulink
434	url="http://web.mit.edu/kerberos/www/krb5-1.10/#documentation">
435	Documentation for krb-&mitkrb-version;</ulink> on which the above
436	instructions are based.
437	</para>
438
439	</sect4>
440
441	</sect3>
442
443	<sect3 id="mitkrb-init">
444	<title>Init Script</title>
445
446	<para>
447	If you want to start <application>Kerberos</application> services
448	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
449	script included in the <xref linkend="bootscripts"/> package using
450	the following command:
451	</para>
452
453	<indexterm zone="mitkrb mitkrb-init">
454	<primary sortas="f-krb5">krb5</primary>
455	</indexterm>
456
457	<screen role="root"><userinput>make install-krb5</userinput></screen>
458
459	</sect3>
460
461	</sect2>
462
463	<sect2 role="content">
464
465	<title>Contents</title>
466	<para></para>
467
468	<segmentedlist>
469	<segtitle>Installed Programs</segtitle>
470	<segtitle>Installed Libraries</segtitle>
471	<segtitle>Installed Directories</segtitle>
472
473	<seglistitem>
474	<seg>
475	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
476	kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
477	kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr,
478	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
479	sserver, uuclient and uuserver
480	</seg>
481	<seg>
482	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
483	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so,
484	libkrb5.so, libkrb5support.so, and libverto.so
485	</seg>
486	<seg>
487	/usr/include/gssapi,
488	/usr/include/gssrpc,
489	/usr/include/kadm5,
490	/usr/include/krb5,
491	/usr/lib/krb5,
492	/usr/share/doc/krb5-&mitkrb-version;,
493	/usr/share/examples/krb5 and
494	/var/lib/krb5kdc
495	</seg>
496	</seglistitem>
497	</segmentedlist>
498
499	<variablelist>
500	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
501	<?dbfo list-presentation="list"?>
502	<?dbhtml list-presentation="table"?>
503
504	<varlistentry id="k5srvutil">
505	<term><command>k5srvutil</command></term>
506	<listitem>
507	<para>
508	is a host keytable manipulation utility.
509	</para>
510	<indexterm zone="mitkrb k5srvutil">
511	<primary sortas="b-k5srvutil">k5srvutil</primary>
512	</indexterm>
513	</listitem>
514	</varlistentry>
515
516	<varlistentry id="kadmin">
517	<term><command>kadmin</command></term>
518	<listitem>
519	<para>
520	is an utility used to make modifications
521	to the Kerberos database.
522	</para>
523	<indexterm zone="mitkrb kadmin">
524	<primary sortas="b-kadmin">kadmin</primary>
525	</indexterm>
526	</listitem>
527	</varlistentry>
528
529	<varlistentry id="kadmind">
530	<term><command>kadmind</command></term>
531	<listitem>
532	<para>
533	is a server for administrative access
534	to a Kerberos database.
535	</para>
536	<indexterm zone="mitkrb kadmind">
537	<primary sortas="b-kadmind">kadmind</primary>
538	</indexterm>
539	</listitem>
540	</varlistentry>
541
542	<varlistentry id="kdb5_util">
543	<term><command>kdb5_util</command></term>
544	<listitem>
545	<para>
546	is the KDC database utility.
547	</para>
548	<indexterm zone="mitkrb kdb5_util">
549	<primary sortas="b-kdb5_util">kdb5_util</primary>
550	</indexterm>
551	</listitem>
552	</varlistentry>
553
554	<varlistentry id="kdestroy">
555	<term><command>kdestroy</command></term>
556	<listitem>
557	<para>
558	removes the current set of tickets.
559	</para>
560	<indexterm zone="mitkrb kdestroy">
561	<primary sortas="b-kdestroy">kdestroy</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="kinit">
567	<term><command>kinit</command></term>
568	<listitem>
569	<para>
570	is used to authenticate to the Kerberos server as a
571	principal and acquire a ticket granting ticket that can
572	later be used to obtain tickets for other services.
573	</para>
574	<indexterm zone="mitkrb kinit">
575	<primary sortas="b-kinit">kinit</primary>
576	</indexterm>
577	</listitem>
578	</varlistentry>
579
580	<varlistentry id="klist">
581	<term><command>klist</command></term>
582	<listitem>
583	<para>
584	reads and displays the current tickets in
585	the credential cache.
586	</para>
587	<indexterm zone="mitkrb klist">
588	<primary sortas="b-klist">klist</primary>
589	</indexterm>
590	</listitem>
591	</varlistentry>
592
593	<varlistentry id="kpasswd">
594	<term><command>kpasswd</command></term>
595	<listitem>
596	<para>
597	is a program for changing Kerberos 5 passwords.
598	</para>
599	<indexterm zone="mitkrb kpasswd">
600	<primary sortas="b-kpasswd">kpasswd</primary>
601	</indexterm>
602	</listitem>
603	</varlistentry>
604
605	<varlistentry id="kprop">
606	<term><command>kprop</command></term>
607	<listitem>
608	<para>
609	takes a principal database in a specified format and
610	converts it into a stream of database records.
611	</para>
612	<indexterm zone="mitkrb kprop">
613	<primary sortas="b-kprop">kprop</primary>
614	</indexterm>
615	</listitem>
616	</varlistentry>
617
618	<varlistentry id="kpropd">
619	<term><command>kpropd</command></term>
620	<listitem>
621	<para>
622	receives a database sent by <command>kprop</command>
623	and writes it as a local database.
624	</para>
625	<indexterm zone="mitkrb kpropd">
626	<primary sortas="b-kpropd">kpropd</primary>
627	</indexterm>
628	</listitem>
629	</varlistentry>
630
631	<varlistentry id="krb5-config-prog2">
632	<term><command>krb5-config</command></term>
633	<listitem>
634	<para>
635	gives information on how to link programs against
636	libraries.
637	</para>
638	<indexterm zone="mitkrb krb5-config-prog2">
639	<primary sortas="b-krb5-config">krb5-config</primary>
640	</indexterm>
641	</listitem>
642	</varlistentry>
643
644	<varlistentry id="krb5kdc">
645	<term><command>krb5kdc</command></term>
646	<listitem>
647	<para>
648	is the <application>Kerberos 5</application> server.
649	</para>
650	<indexterm zone="mitkrb krb5kdc">
651	<primary sortas="b-krb5kdc">krb5kdc</primary>
652	</indexterm>
653	</listitem>
654	</varlistentry>
655
656	<varlistentry id="ksu">
657	<term><command>ksu</command></term>
658	<listitem>
659	<para>
660	is the super user program using Kerberos protocol.
661	Requires a properly configured
662	<filename>/etc/shells</filename> and
663	<filename>~/.k5login</filename> containing principals
664	authorized to become super users.
665	</para>
666	<indexterm zone="mitkrb ksu">
667	<primary sortas="b-ksu">ksu</primary>
668	</indexterm>
669	</listitem>
670	</varlistentry>
671
672	<varlistentry id="kswitch">
673	<term><command>kswitch</command></term>
674	<listitem>
675	<para>
676	makes the specified credential cache the
677	primary cache for the collection, if a cache
678	collection is available.
679	</para>
680	<indexterm zone="mitkrb kswitch">
681	<primary sortas="b-kswitch">kswitch</primary>
682	</indexterm>
683	</listitem>
684	</varlistentry>
685
686	<varlistentry id="ktutil">
687	<term><command>ktutil</command></term>
688	<listitem>
689	<para>
690	is a program for managing Kerberos keytabs.
691	</para>
692	<indexterm zone="mitkrb ktutil">
693	<primary sortas="b-ktutil">ktutil</primary>
694	</indexterm>
695	</listitem>
696	</varlistentry>
697
698	<varlistentry id="kvno">
699	<term><command>kvno</command></term>
700	<listitem>
701	<para>
702	prints keyversion numbers of Kerberos principals.
703	</para>
704	<indexterm zone="mitkrb kvno">
705	<primary sortas="b-kvno">kvno</primary>
706	</indexterm>
707	</listitem>
708	</varlistentry>
709
710	<varlistentry id="sclient">
711	<term><command>sclient</command></term>
712	<listitem>
713	<para>
714	used to contact a sample server and authenticate to it
715	using Kerberos 5 tickets, then display the server's
716	response.
717	</para>
718	<indexterm zone="mitkrb sclient">
719	<primary sortas="b-sclient">sclient</primary>
720	</indexterm>
721	</listitem>
722	</varlistentry>
723
724	<varlistentry id="sserver">
725	<term><command>sserver</command></term>
726	<listitem>
727	<para>
728	is the sample Kerberos 5 server.
729	</para>
730	<indexterm zone="mitkrb sserver">
731	<primary sortas="b-sserver">sserver</primary>
732	</indexterm>
733	</listitem>
734	</varlistentry>
735
736	<varlistentry id="libgssapi_krb5">
737	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
738	<listitem>
739	<para>
740	contain the Generic Security Service Application Programming
741	Interface (GSSAPI) functions which provides security services
742	to callers in a generic fashion, supportable with a range of
743	underlying mechanisms and technologies and hence allowing
744	source-level portability of applications to different
745	environments.
746	</para>
747	<indexterm zone="mitkrb libgssapi_krb5">
748	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
749	</indexterm>
750	</listitem>
751	</varlistentry>
752
753	<varlistentry id="libkadm5clnt">
754	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
755	<listitem>
756	<para>
757	contains the administrative authentication and password checking
758	functions required by Kerberos 5 client-side programs.
759	</para>
760	<indexterm zone="mitkrb libkadm5clnt">
761	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
762	</indexterm>
763	</listitem>
764	</varlistentry>
765
766	<varlistentry id="libkadm5srv">
767	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
768	<listitem>
769	<para>
770	contain the administrative authentication and password
771	checking functions required by Kerberos 5 servers.
772	</para>
773	<indexterm zone="mitkrb libkadm5srv">
774	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778
779	<varlistentry id="libkdb5">
780	<term><filename class="libraryfile">libkdb5.so</filename></term>
781	<listitem>
782	<para>
783	is a Kerberos 5 authentication/authorization database
784	access library.
785	</para>
786	<indexterm zone="mitkrb libkdb5">
787	<primary sortas="c-libkdb5">libkdb5.so</primary>
788	</indexterm>
789	</listitem>
790	</varlistentry>
791
792	<varlistentry id="libkrb5">
793	<term><filename class="libraryfile">libkrb5.so</filename></term>
794	<listitem>
795	<para>
796	is an all-purpose <application>Kerberos 5</application> library.
797	</para>
798	<indexterm zone="mitkrb libkrb5">
799	<primary sortas="c-libkrb5">libkrb5.so</primary>
800	</indexterm>
801	</listitem>
802	</varlistentry>
803
804	</variablelist>
805
806	</sect2>
807
808	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 3ff3b9b

Download in other formats: