Context Navigation

mitkrb.xml@ 90cb5d6

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 90cb5d6 was 90cb5d6, checked in by Bruce Dubbs <bdubbs@…>, 9 years ago

Finish tagging Part II. Post LFS Configuration and Extra Software
Archive unussed libxfcegui4

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16429 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 31.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "f7ebfa6c99c10b16979ebf9a98343189">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "142 MB (Additional 28 MB for the testsuite)">
12	<!ENTITY mitkrb-time "0.9 SBU (additional 5.0 SBU for the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs78_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),
82	<xref linkend="gnupg2"/> (to authenticate the package),
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP-2
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<para>
115	After unpacking the distribution tarball and if you have
116	<xref linkend="gnupg2"/> installed, you can
117	authenticate the package. First, check the contents of the file
118	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
119	</para>
120
121	<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
122
123	<para>You will probably see output similar to:</para>
124
125	<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
126	gpg: Can't check signature: No public key</literal></screen>
127
128	<para>
129	You can import the public key with:
130	</para>
131
132	<screen><userinput>gpg2 --keyserver pgp.mit.edu --recv-keys 0055C305</userinput></screen>
133
134	<para>
135	Now re-verify the package with the first command above. You should get a
136	indication of a good signature, but the key will still not be certified
137	with a trusted signature. Trusting the downloaded key is a separate
138	operation but it is up to you to determine the level of trust.
139	</para>
140
141	<para>
142	Build <application>MIT Kerberos V5</application> by running the
143	following commands:
144	</para>
145
146	<screen><userinput>cd src &&
147
148	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
149	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
150	-i configure.in &&
151
152	sed -e 's@\^u}@^u cols 300}@' \
153	-i tests/dejagnu/config/default.exp &&
154
155	autoconf &&
156	./configure --prefix=/usr \
157	--sysconfdir=/etc \
158	--localstatedir=/var/lib \
159	--with-system-et \
160	--with-system-ss \
161	--with-system-verto=no \
162	--enable-dns-for-realm &&
163	make</userinput></screen>
164
165	<para>
166	To test the build, issue: <command>make check</command>. You need at
167	least <xref linkend="tcl"/>, which is used to drive the testsuite.
168	Furthermore, <xref linkend="dejagnu"/> must be available for some
169	of the tests to run. If you have a former version of MIT Kerberos V5
170	installed, it may happen that the test suite pick up the installed
171	versions of the libraries, rather than the newly built ones. If so,
172	it is better to run the tests after the installation.
173	</para>
174
175	<para>
176	Now, as the <systemitem class="username">root</systemitem> user:
177	</para>
178
179	<screen role="root"><userinput>make install &&
180
181	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
182	kdb5 kdb_ldap krad krb5 krb5support verto ; do
183	chmod -v 755 /usr/lib/lib$LIBRARY.so
184	done &&
185	unset LIBRARY &&
186
187	mv -v /usr/lib/libkrb5.so.3* /lib &&
188	mv -v /usr/lib/libk5crypto.so.3* /lib &&
189	mv -v /usr/lib/libkrb5support.so.0* /lib &&
190
191	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
192	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
193	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
194
195	mv -v /usr/bin/ksu /bin &&
196	chmod -v 755 /bin/ksu &&
197
198	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
199	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
200
201
202	</sect2>
203
204	<sect2 role="commands">
205	<title>Command Explanations</title>
206
207	<para>
208	<command>sed -e ...</command>: The first <command>sed</command> fixes
209	<application>Python</application> detection. The second one increases
210	the width of the virtual terminal used for some tests, to prevent
211	some spurious characters to be echoed, which is taken as a failure.
212	</para>
213
214	<para>
215	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
216	used so that the Kerberos variable run-time data is located in
217	<filename class="directory">/var/lib</filename> instead of
218	<filename class="directory">/usr/var</filename>.
219	</para>
220
221	<para>
222	<parameter>--with-system-et</parameter>: This switch causes the build
223	to use the system-installed versions of the error-table support
224	software.
225	</para>
226
227	<para>
228	<parameter>--with-system-ss</parameter>: This switch causes the build
229	to use the system-installed versions of the subsystem command-line
230	interface software.
231	</para>
232
233	<para>
234	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
235	the package: it does not recognize its own verto library installed
236	previously. This is not a problem, if reinstalling the same version,
237	but if you are updating, the old library is used as system's one,
238	instead of installing the new version.
239	</para>
240
241	<para>
242	<parameter>--enable-dns-for-realm</parameter>: This switch allows
243	realms to be resolved using the DNS server.
244	</para>
245
246	<para>
247	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
248	<command>ksu</command> program to the
249	<filename class="directory">/bin</filename> directory so that it is
250	available when the <filename class="directory">/usr</filename>
251	filesystem is not mounted.
252	</para>
253
254	<para>
255	<option>--with-ldap</option>: Use this switch if you want to compile
256	<application>OpenLDAP</application> database backend module.
257	</para>
258
259	</sect2>
260
261	<sect2 role="configuration">
262	<title>Configuring MIT Kerberos V5</title>
263
264	<sect3 id="krb5-config">
265	<title>Config Files</title>
266
267	<para>
268	<filename>/etc/krb5.conf</filename> and
269	<filename>/var/lib/krb5kdc/kdc.conf</filename>
270	</para>
271
272	<indexterm zone="mitkrb krb5-config">
273	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
274	</indexterm>
275
276	<indexterm zone="mitkrb krb5-config">
277	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
278	</indexterm>
279
280	</sect3>
281
282	<sect3>
283	<title>Configuration Information</title>
284
285	<sect4>
286	<title>Kerberos Configuration</title>
287
288	<tip>
289	<para>
290	You should consider installing some sort of password checking
291	dictionary so that you can configure the installation to only
292	accept strong passwords. A suitable dictionary to use is shown in
293	the <xref linkend="cracklib"/> instructions. Note that only one
294	file can be used, but you can concatenate many files into one. The
295	configuration file shown below assumes you have installed a
296	dictionary to <filename>/usr/share/dict/words</filename>.
297	</para>
298	</tip>
299
300	<para>
301	Create the Kerberos configuration file with the following
302	commands issued by the <systemitem class="username">root</systemitem>
303	user:
304	</para>
305
306	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
307	<literal># Begin /etc/krb5.conf
308
309	[libdefaults]
310	default_realm = <replaceable><LFS.ORG></replaceable>
311	encrypt = true
312
313	[realms]
314	<replaceable><LFS.ORG></replaceable> = {
315	kdc = <replaceable><belgarath.lfs.org></replaceable>
316	admin_server = <replaceable><belgarath.lfs.org></replaceable>
317	dict_file = /usr/share/dict/words
318	}
319
320	[domain_realm]
321	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
322
323	[logging]
324	kdc = SYSLOG[:INFO[:AUTH]]
325	admin_server = SYSLOG[INFO[:AUTH]]
326	default = SYSLOG[[:SYS]]
327
328	# End /etc/krb5.conf</literal>
329	EOF</userinput></screen>
330
331	<para>
332	You will need to substitute your domain and proper hostname for the
333	occurrences of the <replaceable><belgarath></replaceable> and
334	<replaceable><lfs.org></replaceable> names.
335	</para>
336
337	<para>
338	<option>default_realm</option> should be the name of your
339	domain changed to ALL CAPS. This isn't required, but both
340	<application>Heimdal</application> and MIT recommend it.
341	</para>
342
343	<para>
344	<option>encrypt = true</option> provides encryption of all traffic
345	between kerberized clients and servers. It's not necessary and can
346	be left off. If you leave it off, you can encrypt all traffic from
347	the client to the server using a switch on the client program
348	instead.
349	</para>
350
351	<para>
352	The <option>[realms]</option> parameters tell the client programs
353	where to look for the KDC authentication services.
354	</para>
355
356	<para>
357	The <option>[domain_realm]</option> section maps a domain to a realm.
358	</para>
359
360	<para>
361	Create the KDC database:
362	</para>
363
364	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
365
366	<para>
367	Now you should populate the database with principals
368	(users). For now, just use your regular login name or
369	<systemitem class="username">root</systemitem>.
370	</para>
371
372	<screen role="root"><userinput>kadmin.local
373	<prompt>kadmin.local:</prompt> add_policy dict-only
374	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
375
376	<para>
377	The KDC server and any machine running kerberized
378	server daemons must have a host key installed:
379	</para>
380
381	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
382
383	<para>
384	After choosing the defaults when prompted, you will have to
385	export the data to a keytab file:
386	</para>
387
388	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
389
390	<para>
391	This should have created a file in
392	<filename class="directory">/etc</filename> named
393	<filename>krb5.keytab</filename> (Kerberos 5). This file should
394	have 600 (<systemitem class="username">root</systemitem> rw only)
395	permissions. Keeping the keytab files from public access is crucial
396	to the overall security of the Kerberos installation.
397	</para>
398
399	<para>
400	Exit the <command>kadmin</command> program (use
401	<command>quit</command> or <command>exit</command>) and return
402	back to the shell prompt. Start the KDC daemon manually, just to
403	test out the installation:
404	</para>
405
406	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
407
408	<para>
409	Attempt to get a ticket with the following command:
410	</para>
411
412	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
413
414	<para>
415	You will be prompted for the password you created. After you
416	get your ticket, you can list it with the following command:
417	</para>
418
419	<screen><userinput>klist</userinput></screen>
420
421	<para>
422	Information about the ticket should be displayed on the
423	screen.
424	</para>
425
426	<para>
427	To test the functionality of the keytab file, issue the
428	following command:
429	</para>
430
431	<screen><userinput>ktutil
432	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
433	<prompt>ktutil:</prompt> l</userinput></screen>
434
435	<para>
436	This should dump a list of the host principal, along with
437	the encryption methods used to access the principal.
438	</para>
439
440	<para>
441	At this point, if everything has been successful so far, you
442	can feel fairly confident in the installation and configuration of
443	the package.
444	</para>
445
446	</sect4>
447
448	<sect4>
449	<title>Additional Information</title>
450
451	<para>
452	For additional information consult the <ulink
453	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
454	documentation for krb5-&mitkrb-version;</ulink> on which the above
455	instructions are based.
456	</para>
457
458	</sect4>
459
460	</sect3>
461
462	<sect3 id="mitkrb-init">
463	<title>Init Script</title>
464
465	<para>
466	If you want to start <application>Kerberos</application> services
467	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
468	script included in the <xref linkend="bootscripts"/> package using
469	the following command:
470	</para>
471
472	<indexterm zone="mitkrb mitkrb-init">
473	<primary sortas="f-krb5">krb5</primary>
474	</indexterm>
475
476	<screen role="root"><userinput>make install-krb5</userinput></screen>
477
478	</sect3>
479
480	</sect2>
481
482	<sect2 role="content">
483
484	<title>Contents</title>
485	<para></para>
486
487	<segmentedlist>
488	<segtitle>Installed Programs</segtitle>
489	<segtitle>Installed Libraries</segtitle>
490	<segtitle>Installed Directories</segtitle>
491
492	<seglistitem>
493	<seg>
494	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
495	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
496	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
497	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
498	sserver, uuclient and uuserver
499	</seg>
500	<seg>
501	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
502	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
503	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
504	libverto.so, and some plugins under the /usr/lib/krb5 tree
505	</seg>
506	<seg>
507	/usr/include/{gssapi,gssrpc,kadm5,krb5},
508	/usr/lib/krb5,
509	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5}, and
510	/var/lib/{,run}/krb5kdc
511	</seg>
512	</seglistitem>
513	</segmentedlist>
514
515	<variablelist>
516	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
517	<?dbfo list-presentation="list"?>
518	<?dbhtml list-presentation="table"?>
519
520	<varlistentry id="gss-client">
521	<term><command>gss-client</command></term>
522	<listitem>
523	<para>
524	is a GSSAPI test client.
525	</para>
526	<indexterm zone="mitkrb gss-client">
527	<primary sortas="b-gss-client">gss-client</primary>
528	</indexterm>
529	</listitem>
530	</varlistentry>
531
532	<varlistentry id="gss-server">
533	<term><command>gss-server</command></term>
534	<listitem>
535	<para>
536	is a GSSAPI test server.
537	</para>
538	<indexterm zone="mitkrb gss-server">
539	<primary sortas="b-gss-server">gss-server</primary>
540	</indexterm>
541	</listitem>
542	</varlistentry>
543
544	<varlistentry id="k5srvutil">
545	<term><command>k5srvutil</command></term>
546	<listitem>
547	<para>
548	is a host keytable manipulation utility.
549	</para>
550	<indexterm zone="mitkrb k5srvutil">
551	<primary sortas="b-k5srvutil">k5srvutil</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="kadmin">
557	<term><command>kadmin</command></term>
558	<listitem>
559	<para>
560	is a utility used to make modifications
561	to the Kerberos database.
562	</para>
563	<indexterm zone="mitkrb kadmin">
564	<primary sortas="b-kadmin">kadmin</primary>
565	</indexterm>
566	</listitem>
567	</varlistentry>
568
569	<varlistentry id="kadmin.local">
570	<term><command>kadmin.local</command></term>
571	<listitem>
572	<para>
573	is a utility similar at <command>kadmin</command>, but if the
574	database is db2, the local client <command>kadmin.local</command>,
575	is intended to run directly on the master KDC without Kerberos
576	authentication.
577	</para>
578	<indexterm zone="mitkrb kadmin.local">
579	<primary sortas="b-kadmin.local">kadmin.local</primary>
580	</indexterm>
581	</listitem>
582	</varlistentry>
583
584	<varlistentry id="kadmind">
585	<term><command>kadmind</command></term>
586	<listitem>
587	<para>
588	is a server for administrative access
589	to a Kerberos database.
590	</para>
591	<indexterm zone="mitkrb kadmind">
592	<primary sortas="b-kadmind">kadmind</primary>
593	</indexterm>
594	</listitem>
595	</varlistentry>
596
597	<varlistentry id="kdb5_ldap_util">
598	<term><command>kdb5_ldap_util (optional)</command></term>
599	<listitem>
600	<para>
601	allows an administrator to manage realms, Kerberos services
602	and ticket policies.
603	</para>
604	<indexterm zone="mitkrb kdb5_ldap_util">
605	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
606	</indexterm>
607	</listitem>
608	</varlistentry>
609
610	<varlistentry id="kdb5_util">
611	<term><command>kdb5_util</command></term>
612	<listitem>
613	<para>
614	is the KDC database utility.
615	</para>
616	<indexterm zone="mitkrb kdb5_util">
617	<primary sortas="b-kdb5_util">kdb5_util</primary>
618	</indexterm>
619	</listitem>
620	</varlistentry>
621
622	<varlistentry id="kdestroy">
623	<term><command>kdestroy</command></term>
624	<listitem>
625	<para>
626	removes the current set of tickets.
627	</para>
628	<indexterm zone="mitkrb kdestroy">
629	<primary sortas="b-kdestroy">kdestroy</primary>
630	</indexterm>
631	</listitem>
632	</varlistentry>
633
634	<varlistentry id="kinit">
635	<term><command>kinit</command></term>
636	<listitem>
637	<para>
638	is used to authenticate to the Kerberos server as a
639	principal and acquire a ticket granting ticket that can
640	later be used to obtain tickets for other services.
641	</para>
642	<indexterm zone="mitkrb kinit">
643	<primary sortas="b-kinit">kinit</primary>
644	</indexterm>
645	</listitem>
646	</varlistentry>
647
648	<varlistentry id="klist">
649	<term><command>klist</command></term>
650	<listitem>
651	<para>
652	reads and displays the current tickets in
653	the credential cache.
654	</para>
655	<indexterm zone="mitkrb klist">
656	<primary sortas="b-klist">klist</primary>
657	</indexterm>
658	</listitem>
659	</varlistentry>
660
661	<varlistentry id="kpasswd">
662	<term><command>kpasswd</command></term>
663	<listitem>
664	<para>
665	is a program for changing Kerberos 5 passwords.
666	</para>
667	<indexterm zone="mitkrb kpasswd">
668	<primary sortas="b-kpasswd">kpasswd</primary>
669	</indexterm>
670	</listitem>
671	</varlistentry>
672
673	<varlistentry id="kprop">
674	<term><command>kprop</command></term>
675	<listitem>
676	<para>
677	takes a principal database in a specified format and
678	converts it into a stream of database records.
679	</para>
680	<indexterm zone="mitkrb kprop">
681	<primary sortas="b-kprop">kprop</primary>
682	</indexterm>
683	</listitem>
684	</varlistentry>
685
686	<varlistentry id="kpropd">
687	<term><command>kpropd</command></term>
688	<listitem>
689	<para>
690	receives a database sent by <command>kprop</command>
691	and writes it as a local database.
692	</para>
693	<indexterm zone="mitkrb kpropd">
694	<primary sortas="b-kpropd">kpropd</primary>
695	</indexterm>
696	</listitem>
697	</varlistentry>
698
699	<varlistentry id="kproplog">
700	<term><command>kproplog</command></term>
701	<listitem>
702	<para>
703	displays the contents of the KDC database update log to standard
704	output.
705	</para>
706	<indexterm zone="mitkrb kproplog">
707	<primary sortas="b-kproplog">kproplog</primary>
708	</indexterm>
709	</listitem>
710	</varlistentry>
711
712	<varlistentry id="krb5-config-prog2">
713	<term><command>krb5-config</command></term>
714	<listitem>
715	<para>
716	gives information on how to link programs against
717	libraries.
718	</para>
719	<indexterm zone="mitkrb krb5-config-prog2">
720	<primary sortas="b-krb5-config">krb5-config</primary>
721	</indexterm>
722	</listitem>
723	</varlistentry>
724
725	<varlistentry id="krb5kdc">
726	<term><command>krb5kdc</command></term>
727	<listitem>
728	<para>
729	is the <application>Kerberos 5</application> server.
730	</para>
731	<indexterm zone="mitkrb krb5kdc">
732	<primary sortas="b-krb5kdc">krb5kdc</primary>
733	</indexterm>
734	</listitem>
735	</varlistentry>
736
737	<varlistentry id="krb5-send-pr">
738	<term><command>krb5-send-pr</command></term>
739	<listitem>
740	<para>
741	send problem report (PR) to a central support site.
742	</para>
743	<indexterm zone="mitkrb krb5-send-pr">
744	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
745	</indexterm>
746	</listitem>
747	</varlistentry>
748
749	<varlistentry id="ksu">
750	<term><command>ksu</command></term>
751	<listitem>
752	<para>
753	is the super user program using Kerberos protocol.
754	Requires a properly configured
755	<filename>/etc/shells</filename> and
756	<filename>~/.k5login</filename> containing principals
757	authorized to become super users.
758	</para>
759	<indexterm zone="mitkrb ksu">
760	<primary sortas="b-ksu">ksu</primary>
761	</indexterm>
762	</listitem>
763	</varlistentry>
764
765	<varlistentry id="kswitch">
766	<term><command>kswitch</command></term>
767	<listitem>
768	<para>
769	makes the specified credential cache the
770	primary cache for the collection, if a cache
771	collection is available.
772	</para>
773	<indexterm zone="mitkrb kswitch">
774	<primary sortas="b-kswitch">kswitch</primary>
775	</indexterm>
776	</listitem>
777	</varlistentry>
778
779	<varlistentry id="ktutil">
780	<term><command>ktutil</command></term>
781	<listitem>
782	<para>
783	is a program for managing Kerberos keytabs.
784	</para>
785	<indexterm zone="mitkrb ktutil">
786	<primary sortas="b-ktutil">ktutil</primary>
787	</indexterm>
788	</listitem>
789	</varlistentry>
790
791	<varlistentry id="kvno">
792	<term><command>kvno</command></term>
793	<listitem>
794	<para>
795	prints keyversion numbers of Kerberos principals.
796	</para>
797	<indexterm zone="mitkrb kvno">
798	<primary sortas="b-kvno">kvno</primary>
799	</indexterm>
800	</listitem>
801	</varlistentry>
802
803	<varlistentry id="sclient">
804	<term><command>sclient</command></term>
805	<listitem>
806	<para>
807	used to contact a sample server and authenticate to it
808	using Kerberos 5 tickets, then display the server's
809	response.
810	</para>
811	<indexterm zone="mitkrb sclient">
812	<primary sortas="b-sclient">sclient</primary>
813	</indexterm>
814	</listitem>
815	</varlistentry>
816
817	<varlistentry id="sim_client">
818	<term><command>sim_client</command></term>
819	<listitem>
820	<para>
821	is a simple UDP-based sample client program, for
822	demonstration.
823	</para>
824	<indexterm zone="mitkrb sim_client">
825	<primary sortas="b-sim_client">sim_client</primary>
826	</indexterm>
827	</listitem>
828	</varlistentry>
829
830	<varlistentry id="sim_server">
831	<term><command>sim_server</command></term>
832	<listitem>
833	<para>
834	is a simple UDP-based server application, for
835	demonstration.
836	</para>
837	<indexterm zone="mitkrb sim_server">
838	<primary sortas="b-sim_server">sim_server</primary>
839	</indexterm>
840	</listitem>
841	</varlistentry>
842
843	<varlistentry id="sserver">
844	<term><command>sserver</command></term>
845	<listitem>
846	<para>
847	is the sample Kerberos 5 server.
848	</para>
849	<indexterm zone="mitkrb sserver">
850	<primary sortas="b-sserver">sserver</primary>
851	</indexterm>
852	</listitem>
853	</varlistentry>
854
855	<varlistentry id="uuclient">
856	<term><command>uuclient</command></term>
857	<listitem>
858	<para>
859	is an another sample client.
860	</para>
861	<indexterm zone="mitkrb uuclient">
862	<primary sortas="b-uuclient">uuclient</primary>
863	</indexterm>
864	</listitem>
865	</varlistentry>
866
867	<varlistentry id="uuserver">
868	<term><command>uuserver</command></term>
869	<listitem>
870	<para>
871	is an another sample server.
872	</para>
873	<indexterm zone="mitkrb uuserver">
874	<primary sortas="b-uuserver">uuserver</primary>
875	</indexterm>
876	</listitem>
877	</varlistentry>
878
879
880	<varlistentry id="libgssapi_krb5">
881	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
882	<listitem>
883	<para>
884	contain the Generic Security Service Application Programming
885	Interface (GSSAPI) functions which provides security services
886	to callers in a generic fashion, supportable with a range of
887	underlying mechanisms and technologies and hence allowing
888	source-level portability of applications to different
889	environments.
890	</para>
891	<indexterm zone="mitkrb libgssapi_krb5">
892	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
893	</indexterm>
894	</listitem>
895	</varlistentry>
896
897	<varlistentry id="libkadm5clnt">
898	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
899	<listitem>
900	<para>
901	contains the administrative authentication and password checking
902	functions required by Kerberos 5 client-side programs.
903	</para>
904	<indexterm zone="mitkrb libkadm5clnt">
905	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
906	</indexterm>
907	</listitem>
908	</varlistentry>
909
910	<varlistentry id="libkadm5srv">
911	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
912	<listitem>
913	<para>
914	contain the administrative authentication and password
915	checking functions required by Kerberos 5 servers.
916	</para>
917	<indexterm zone="mitkrb libkadm5srv">
918	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
919	</indexterm>
920	</listitem>
921	</varlistentry>
922
923	<varlistentry id="libkdb5">
924	<term><filename class="libraryfile">libkdb5.so</filename></term>
925	<listitem>
926	<para>
927	is a Kerberos 5 authentication/authorization database
928	access library.
929	</para>
930	<indexterm zone="mitkrb libkdb5">
931	<primary sortas="c-libkdb5">libkdb5.so</primary>
932	</indexterm>
933	</listitem>
934	</varlistentry>
935
936	<varlistentry id="libkrad">
937	<term><filename class="libraryfile">libkrad.so</filename></term>
938	<listitem>
939	<para>
940	contains the internal support library for RADIUS functionality.
941	</para>
942	<indexterm zone="mitkrb libkrad">
943	<primary sortas="c-libkrad">libkrad.so</primary>
944	</indexterm>
945	</listitem>
946	</varlistentry>
947
948	<varlistentry id="libkrb5">
949	<term><filename class="libraryfile">libkrb5.so</filename></term>
950	<listitem>
951	<para>
952	is an all-purpose <application>Kerberos 5</application> library.
953	</para>
954	<indexterm zone="mitkrb libkrb5">
955	<primary sortas="c-libkrb5">libkrb5.so</primary>
956	</indexterm>
957	</listitem>
958	</varlistentry>
959
960	</variablelist>
961
962	</sect2>
963
964	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 90cb5d6

Download in other formats: