Context Navigation

mitkrb.xml@ d7bee48

Visit:

systemd-13485

Last change on this file since d7bee48 was d7bee48, checked in by Douglas R. Reno <renodr@…>, 8 years ago

Sync to trunk r17332

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@17335 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 32.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "2e35f0af0344d68aba99cef616d3a64f">
10	<!ENTITY mitkrb-size "17.1 MB">
11	<!ENTITY mitkrb-buildsize "128 MB (Additional 36 MB for the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 2.0 SBU for the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs77_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),
82	<xref linkend="gnupg2"/> (to authenticate the package),
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite), and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<!--
107	<para>
108	<application>MIT Kerberos V5</application> is distributed in a
109	TAR file containing a compressed TAR package and a detached PGP2
110	<filename class="extension">ASC</filename> file. You'll need to unpack
111	the distribution tar file, then unpack the compressed tar file before
112	starting the build.
113	</para>
114
115	<para>
116	After unpacking the distribution tarball and if you have
117	<xref linkend="gnupg2"/> installed, you can
118	authenticate the package. First, check the contents of the file
119	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
120	</para>
121
122	<screen><userinput>gpg2 -\-verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
123
124	<para>You will probably see output similar to:</para>
125
126	<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
127	gpg: Can't check signature: No public key</literal></screen>
128
129	<para>
130	You can import the public key with:
131	</para>
132
133	<screen><userinput>gpg2 -\-keyserver pgp.mit.edu -\-recv-keys 0055C305</userinput></screen>
134
135	<para>
136	Now re-verify the package with the first command above. You should get a
137	indication of a good signature, but the key will still not be certified
138	with a trusted signature. Trusting the downloaded key is a separate
139	operation but it is up to you to determine the level of trust.
140	</para>-->
141
142	<para>
143	Build <application>MIT Kerberos V5</application> by running the
144	following commands:
145	</para>
146
147	<screen><userinput>cd src &&
148	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
149	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
150	-i configure.in &&
151
152	sed -e 's@\^u}@^u cols 300}@' \
153	-i tests/dejagnu/config/default.exp &&
154
155	sed -e '/eq 0/{n;s/12 //}' \
156	-i plugins/kdb/db2/libdb2/test/run.test &&
157
158	autoconf &&
159	./configure --prefix=/usr \
160	--sysconfdir=/etc \
161	--localstatedir=/var/lib \
162	--with-system-et \
163	--with-system-ss \
164	--with-system-verto=no \
165	--enable-dns-for-realm &&
166	make</userinput></screen>
167
168	<para>
169	To test the build, issue as the <systemitem
170	class="username">root</systemitem> user: <command>make check</command>.
171	You need at least <xref linkend="tcl"/>, which is used to drive the
172	testsuite. Furthermore, <xref linkend="dejagnu"/> must be available for
173	some of the tests to run. If you have a former version of MIT Kerberos V5
174	installed, it may happen that the test suite pick up the installed
175	versions of the libraries, rather than the newly built ones. If so, it is
176	better to run the tests after the installation.
177	</para>
178
179	<para>
180	Now, as the <systemitem class="username">root</systemitem> user:
181	</para>
182
183	<screen role="root"><userinput>make install &&
184
185	for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
186	kdb5 kdb_ldap krad krb5 krb5support verto ; do
187
188	find /usr/lib -type f -name "lib$f.so" -exec chmod -v 755 {} \;
189	done &&
190
191	mv -v /usr/lib/libkrb5.so.3* /lib &&
192	mv -v /usr/lib/libk5crypto.so.3* /lib &&
193	mv -v /usr/lib/libkrb5support.so.0* /lib &&
194
195	ln -sfv ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
196	ln -sfv ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
197	ln -sfv ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
198
199	mv -v /usr/bin/ksu /bin &&
200	chmod -v 755 /bin/ksu &&
201
202	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
203	cp -rfv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
204
205	</sect2>
206
207	<sect2 role="commands">
208	<title>Command Explanations</title>
209
210	<para>
211	<command>sed -e ...</command>: The first <command>sed</command> fixes
212	<application>Python</application> detection. The second one increases
213	the width of the virtual terminal used for some tests to prevent
214	some spurious characters in the output which is taken as a failure. The
215	third <command>sed</command> removes a test that is known to fail.
216	</para>
217
218	<para>
219	<option>--localstatedir=/var/lib</option>: This option is
220	used so that the Kerberos variable run-time data is located in
221	<filename class="directory">/var/lib</filename> instead of
222	<filename class="directory">/usr/var</filename>.
223	</para>
224
225	<para>
226	<option>--with-system-et</option>: This switch causes the build
227	to use the system-installed versions of the error-table support
228	software.
229	</para>
230
231	<para>
232	<option>--with-system-ss</option>: This switch causes the build
233	to use the system-installed versions of the subsystem command-line
234	interface software.
235	</para>
236
237	<para>
238	<option>--with-system-verto=no</option>: This switch fixes a bug in
239	the package: it does not recognize its own verto library installed
240	previously. This is not a problem if you are reinstalling the same version.
241	However, if you are updating, the old library is used as the system library,
242	instead of installing the new version.
243	</para>
244
245	<para>
246	<option>--enable-dns-for-realm</option>: This switch allows
247	realms to be resolved using the DNS server.
248	</para>
249
250	<para>
251	<option>--with-ldap</option>: Use this switch if you want to compile
252	<application>OpenLDAP</application> database backend module.
253	</para>
254
255	<para>
256	<command>mv -v /usr/lib/libk... /lib</command> and
257	<command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
258	Move critical libraries to the
259	<filename class="directory">/lib</filename> directory so that they are
260	available when the <filename class="directory">/usr</filename>
261	filesystem is not mounted.
262	</para>
263
264	<para>
265	<command>find /usr/lib -type f -name "lib$f.so" -exec chmod -v 755 {} \;</command>:
266	This command changes the permissions of installed libraries.
267	</para>
268
269	<para>
270	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
271	<command>ksu</command> program to the
272	<filename class="directory">/bin</filename> directory so that it is
273	available when the <filename class="directory">/usr</filename>
274	filesystem is not mounted.
275	</para>
276
277	</sect2>
278
279	<sect2 role="configuration">
280	<title>Configuring MIT Kerberos V5</title>
281
282	<sect3 id="krb5-config">
283	<title>Config Files</title>
284
285	<para>
286	<filename>/etc/krb5.conf</filename> and
287	<filename>/var/lib/krb5kdc/kdc.conf</filename>
288	</para>
289
290	<indexterm zone="mitkrb krb5-config">
291	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
292	</indexterm>
293
294	<indexterm zone="mitkrb krb5-config">
295	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
296	</indexterm>
297
298	</sect3>
299
300	<sect3>
301	<title>Configuration Information</title>
302
303	<sect4>
304	<title>Kerberos Configuration</title>
305
306	<tip>
307	<para>
308	You should consider installing some sort of password checking
309	dictionary so that you can configure the installation to only
310	accept strong passwords. A suitable dictionary to use is shown in
311	the <xref linkend="cracklib"/> instructions. Note that only one
312	file can be used, but you can concatenate many files into one. The
313	configuration file shown below assumes you have installed a
314	dictionary to <filename>/usr/share/dict/words</filename>.
315	</para>
316	</tip>
317
318	<para>
319	Create the Kerberos configuration file with the following
320	commands issued by the <systemitem class="username">root</systemitem>
321	user:
322	</para>
323
324	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
325	<literal># Begin /etc/krb5.conf
326
327	[libdefaults]
328	default_realm = <replaceable><LFS.ORG></replaceable>
329	encrypt = true
330
331	[realms]
332	<replaceable><LFS.ORG></replaceable> = {
333	kdc = <replaceable><belgarath.lfs.org></replaceable>
334	admin_server = <replaceable><belgarath.lfs.org></replaceable>
335	dict_file = /usr/share/dict/words
336	}
337
338	[domain_realm]
339	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
340
341	[logging]
342	kdc = SYSLOG[:INFO[:AUTH]]
343	admin_server = SYSLOG[INFO[:AUTH]]
344	default = SYSLOG[[:SYS]]
345
346	# End /etc/krb5.conf</literal>
347	EOF</userinput></screen>
348
349	<para>
350	You will need to substitute your domain and proper hostname for the
351	occurrences of the <replaceable><belgarath></replaceable> and
352	<replaceable><lfs.org></replaceable> names.
353	</para>
354
355	<para>
356	<option>default_realm</option> should be the name of your
357	domain changed to ALL CAPS. This isn't required, but both
358	<application>Heimdal</application> and MIT recommend it.
359	</para>
360
361	<para>
362	<option>encrypt = true</option> provides encryption of all traffic
363	between kerberized clients and servers. It's not necessary and can
364	be left off. If you leave it off, you can encrypt all traffic from
365	the client to the server using a switch on the client program
366	instead.
367	</para>
368
369	<para>
370	The <option>[realms]</option> parameters tell the client programs
371	where to look for the KDC authentication services.
372	</para>
373
374	<para>
375	The <option>[domain_realm]</option> section maps a domain to a realm.
376	</para>
377
378	<para>
379	Create the KDC database:
380	</para>
381
382	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
383
384	<para>
385	Now you should populate the database with principals
386	(users). For now, just use your regular login name or
387	<systemitem class="username">root</systemitem>.
388	</para>
389
390	<screen role="root"><userinput>kadmin.local
391	<prompt>kadmin.local:</prompt> add_policy dict-only
392	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
393
394	<para>
395	The KDC server and any machine running kerberized
396	server daemons must have a host key installed:
397	</para>
398
399	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
400
401	<para>
402	After choosing the defaults when prompted, you will have to
403	export the data to a keytab file:
404	</para>
405
406	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
407
408	<para>
409	This should have created a file in
410	<filename class="directory">/etc</filename> named
411	<filename>krb5.keytab</filename> (Kerberos 5). This file should
412	have 600 (<systemitem class="username">root</systemitem> rw only)
413	permissions. Keeping the keytab files from public access is crucial
414	to the overall security of the Kerberos installation.
415	</para>
416
417	<para>
418	Exit the <command>kadmin</command> program (use
419	<command>quit</command> or <command>exit</command>) and return
420	back to the shell prompt. Start the KDC daemon manually, just to
421	test out the installation:
422	</para>
423
424	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
425
426	<para>
427	Attempt to get a ticket with the following command:
428	</para>
429
430	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
431
432	<para>
433	You will be prompted for the password you created. After you
434	get your ticket, you can list it with the following command:
435	</para>
436
437	<screen><userinput>klist</userinput></screen>
438
439	<para>
440	Information about the ticket should be displayed on the
441	screen.
442	</para>
443
444	<para>
445	To test the functionality of the keytab file, issue the
446	following command:
447	</para>
448
449	<screen><userinput>ktutil
450	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
451	<prompt>ktutil:</prompt> l</userinput></screen>
452
453	<para>
454	This should dump a list of the host principal, along with
455	the encryption methods used to access the principal.
456	</para>
457
458	<para>
459	At this point, if everything has been successful so far, you
460	can feel fairly confident in the installation and configuration of
461	the package.
462	</para>
463
464	</sect4>
465
466	<sect4>
467	<title>Additional Information</title>
468
469	<para>
470	For additional information consult the <ulink
471	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
472	documentation for krb5-&mitkrb-version;</ulink> on which the above
473	instructions are based.
474	</para>
475
476	</sect4>
477
478	</sect3>
479
480	<sect3 id="mitkrb-init">
481	<title>Systemd Units</title>
482
483	<para>
484	To start the Kerberos services at boot,
485	install the systemd units from the <xref linkend="bootscripts"/>
486	package by running the following command as the
487	<systemitem class="username">root</systemitem> user:
488	</para>
489
490	<indexterm zone="mitkrb mitkrb-init">
491	<primary sortas="f-krb5">krb5</primary>
492	</indexterm>
493
494	<screen role="root"><userinput>make install-krb5</userinput></screen>
495
496	</sect3>
497
498	</sect2>
499
500	<sect2 role="content">
501
502	<title>Contents</title>
503	<para></para>
504
505	<segmentedlist>
506	<segtitle>Installed Programs</segtitle>
507	<segtitle>Installed Libraries</segtitle>
508	<segtitle>Installed Directories</segtitle>
509
510	<seglistitem>
511	<seg>
512	gss-client,
513	gss-server,
514	k5srvutil,
515	kadmin,
516	kadmin.local,
517	kadmind,
518	kdb5_ldap_util (optional),
519	kdb5_util,
520	kdestroy,
521	kinit,
522	klist,
523	kpasswd,
524	kprop,
525	kpropd,
526	kproplog,
527	krb5-config,
528	krb5kdc,
529	krb5-send-pr,
530	ksu,
531	kswitch,
532	ktutil,
533	kvno,
534	sclient,
535	sim_client,
536	sim_server,
537	sserver,
538	uuclient,
539	and uuserver
540	</seg>
541	<seg>
542	libgssapi_krb5.so,
543	libgssrpc.so,
544	libk5crypto.so,
545	libkadm5clnt_mit.so,
546	libkadm5clnt.so,
547	libkadm5srv_mit.so,
548	libkadm5srv.so,
549	libkdb_ldap.so
550	(optional),
551	libkdb5.so,
552	libkrad.so,
553	libkrb5.so,
554	libkrb5support.so,
555	libverto.so,
556	and some plugins under the /usr/lib/krb5 tree
557	</seg>
558	<seg>
559	/usr/include/gssapi,
560	/usr/include/gssrpc,
561	/usr/include/kadm5,
562	/usr/include/krb5,
563	/usr/lib/krb5,
564	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
565	/var/lib/krb5kdc, and
566	/var/lib/run/krb5kdc
567	</seg>
568	</seglistitem>
569	</segmentedlist>
570
571	<variablelist>
572	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
573	<?dbfo list-presentation="list"?>
574	<?dbhtml list-presentation="table"?>
575
576	<varlistentry id="gss-client">
577	<term><command>gss-client</command></term>
578	<listitem>
579	<para>
580	is a GSSAPI test client.
581	</para>
582	<indexterm zone="mitkrb gss-client">
583	<primary sortas="b-gss-client">gss-client</primary>
584	</indexterm>
585	</listitem>
586	</varlistentry>
587
588	<varlistentry id="gss-server">
589	<term><command>gss-server</command></term>
590	<listitem>
591	<para>
592	is a GSSAPI test server.
593	</para>
594	<indexterm zone="mitkrb gss-server">
595	<primary sortas="b-gss-server">gss-server</primary>
596	</indexterm>
597	</listitem>
598	</varlistentry>
599
600	<varlistentry id="k5srvutil">
601	<term><command>k5srvutil</command></term>
602	<listitem>
603	<para>
604	is a host keytable manipulation utility.
605	</para>
606	<indexterm zone="mitkrb k5srvutil">
607	<primary sortas="b-k5srvutil">k5srvutil</primary>
608	</indexterm>
609	</listitem>
610	</varlistentry>
611
612	<varlistentry id="kadmin">
613	<term><command>kadmin</command></term>
614	<listitem>
615	<para>
616	is a utility used to make modifications
617	to the Kerberos database.
618	</para>
619	<indexterm zone="mitkrb kadmin">
620	<primary sortas="b-kadmin">kadmin</primary>
621	</indexterm>
622	</listitem>
623	</varlistentry>
624
625	<varlistentry id="kadmin.local">
626	<term><command>kadmin.local</command></term>
627	<listitem>
628	<para>
629	is a utility similar at <command>kadmin</command>, but if the
630	database is db2, the local client <command>kadmin.local</command>,
631	is intended to run directly on the master KDC without Kerberos
632	authentication.
633	</para>
634	<indexterm zone="mitkrb kadmin.local">
635	<primary sortas="b-kadmin.local">kadmin.local</primary>
636	</indexterm>
637	</listitem>
638	</varlistentry>
639
640	<varlistentry id="kadmind">
641	<term><command>kadmind</command></term>
642	<listitem>
643	<para>
644	is a server for administrative access
645	to a Kerberos database.
646	</para>
647	<indexterm zone="mitkrb kadmind">
648	<primary sortas="b-kadmind">kadmind</primary>
649	</indexterm>
650	</listitem>
651	</varlistentry>
652
653	<varlistentry id="kdb5_ldap_util">
654	<term><command>kdb5_ldap_util (optional)</command></term>
655	<listitem>
656	<para>
657	allows an administrator to manage realms, Kerberos services
658	and ticket policies.
659	</para>
660	<indexterm zone="mitkrb kdb5_ldap_util">
661	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
662	</indexterm>
663	</listitem>
664	</varlistentry>
665
666	<varlistentry id="kdb5_util">
667	<term><command>kdb5_util</command></term>
668	<listitem>
669	<para>
670	is the KDC database utility.
671	</para>
672	<indexterm zone="mitkrb kdb5_util">
673	<primary sortas="b-kdb5_util">kdb5_util</primary>
674	</indexterm>
675	</listitem>
676	</varlistentry>
677
678	<varlistentry id="kdestroy">
679	<term><command>kdestroy</command></term>
680	<listitem>
681	<para>
682	removes the current set of tickets.
683	</para>
684	<indexterm zone="mitkrb kdestroy">
685	<primary sortas="b-kdestroy">kdestroy</primary>
686	</indexterm>
687	</listitem>
688	</varlistentry>
689
690	<varlistentry id="kinit">
691	<term><command>kinit</command></term>
692	<listitem>
693	<para>
694	is used to authenticate to the Kerberos server as a
695	principal and acquire a ticket granting ticket that can
696	later be used to obtain tickets for other services.
697	</para>
698	<indexterm zone="mitkrb kinit">
699	<primary sortas="b-kinit">kinit</primary>
700	</indexterm>
701	</listitem>
702	</varlistentry>
703
704	<varlistentry id="klist">
705	<term><command>klist</command></term>
706	<listitem>
707	<para>
708	reads and displays the current tickets in
709	the credential cache.
710	</para>
711	<indexterm zone="mitkrb klist">
712	<primary sortas="b-klist">klist</primary>
713	</indexterm>
714	</listitem>
715	</varlistentry>
716
717	<varlistentry id="kpasswd">
718	<term><command>kpasswd</command></term>
719	<listitem>
720	<para>
721	is a program for changing Kerberos 5 passwords.
722	</para>
723	<indexterm zone="mitkrb kpasswd">
724	<primary sortas="b-kpasswd">kpasswd</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="kprop">
730	<term><command>kprop</command></term>
731	<listitem>
732	<para>
733	takes a principal database in a specified format and
734	converts it into a stream of database records.
735	</para>
736	<indexterm zone="mitkrb kprop">
737	<primary sortas="b-kprop">kprop</primary>
738	</indexterm>
739	</listitem>
740	</varlistentry>
741
742	<varlistentry id="kpropd">
743	<term><command>kpropd</command></term>
744	<listitem>
745	<para>
746	receives a database sent by <command>kprop</command>
747	and writes it as a local database.
748	</para>
749	<indexterm zone="mitkrb kpropd">
750	<primary sortas="b-kpropd">kpropd</primary>
751	</indexterm>
752	</listitem>
753	</varlistentry>
754
755	<varlistentry id="kproplog">
756	<term><command>kproplog</command></term>
757	<listitem>
758	<para>
759	displays the contents of the KDC database update log to standard
760	output.
761	</para>
762	<indexterm zone="mitkrb kproplog">
763	<primary sortas="b-kproplog">kproplog</primary>
764	</indexterm>
765	</listitem>
766	</varlistentry>
767
768	<varlistentry id="krb5-config-prog2">
769	<term><command>krb5-config</command></term>
770	<listitem>
771	<para>
772	gives information on how to link programs against
773	libraries.
774	</para>
775	<indexterm zone="mitkrb krb5-config-prog2">
776	<primary sortas="b-krb5-config">krb5-config</primary>
777	</indexterm>
778	</listitem>
779	</varlistentry>
780
781	<varlistentry id="krb5kdc">
782	<term><command>krb5kdc</command></term>
783	<listitem>
784	<para>
785	is the <application>Kerberos 5</application> server.
786	</para>
787	<indexterm zone="mitkrb krb5kdc">
788	<primary sortas="b-krb5kdc">krb5kdc</primary>
789	</indexterm>
790	</listitem>
791	</varlistentry>
792
793	<varlistentry id="krb5-send-pr">
794	<term><command>krb5-send-pr</command></term>
795	<listitem>
796	<para>
797	send problem report (PR) to a central support site.
798	</para>
799	<indexterm zone="mitkrb krb5-send-pr">
800	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
801	</indexterm>
802	</listitem>
803	</varlistentry>
804
805	<varlistentry id="ksu">
806	<term><command>ksu</command></term>
807	<listitem>
808	<para>
809	is the super user program using Kerberos protocol.
810	Requires a properly configured
811	<filename>/etc/shells</filename> and
812	<filename>~/.k5login</filename> containing principals
813	authorized to become super users.
814	</para>
815	<indexterm zone="mitkrb ksu">
816	<primary sortas="b-ksu">ksu</primary>
817	</indexterm>
818	</listitem>
819	</varlistentry>
820
821	<varlistentry id="kswitch">
822	<term><command>kswitch</command></term>
823	<listitem>
824	<para>
825	makes the specified credential cache the
826	primary cache for the collection, if a cache
827	collection is available.
828	</para>
829	<indexterm zone="mitkrb kswitch">
830	<primary sortas="b-kswitch">kswitch</primary>
831	</indexterm>
832	</listitem>
833	</varlistentry>
834
835	<varlistentry id="ktutil">
836	<term><command>ktutil</command></term>
837	<listitem>
838	<para>
839	is a program for managing Kerberos keytabs.
840	</para>
841	<indexterm zone="mitkrb ktutil">
842	<primary sortas="b-ktutil">ktutil</primary>
843	</indexterm>
844	</listitem>
845	</varlistentry>
846
847	<varlistentry id="kvno">
848	<term><command>kvno</command></term>
849	<listitem>
850	<para>
851	prints keyversion numbers of Kerberos principals.
852	</para>
853	<indexterm zone="mitkrb kvno">
854	<primary sortas="b-kvno">kvno</primary>
855	</indexterm>
856	</listitem>
857	</varlistentry>
858
859	<varlistentry id="sclient">
860	<term><command>sclient</command></term>
861	<listitem>
862	<para>
863	used to contact a sample server and authenticate to it
864	using Kerberos 5 tickets, then display the server's
865	response.
866	</para>
867	<indexterm zone="mitkrb sclient">
868	<primary sortas="b-sclient">sclient</primary>
869	</indexterm>
870	</listitem>
871	</varlistentry>
872
873	<varlistentry id="sim_client">
874	<term><command>sim_client</command></term>
875	<listitem>
876	<para>
877	is a simple UDP-based sample client program, for
878	demonstration.
879	</para>
880	<indexterm zone="mitkrb sim_client">
881	<primary sortas="b-sim_client">sim_client</primary>
882	</indexterm>
883	</listitem>
884	</varlistentry>
885
886	<varlistentry id="sim_server">
887	<term><command>sim_server</command></term>
888	<listitem>
889	<para>
890	is a simple UDP-based server application, for
891	demonstration.
892	</para>
893	<indexterm zone="mitkrb sim_server">
894	<primary sortas="b-sim_server">sim_server</primary>
895	</indexterm>
896	</listitem>
897	</varlistentry>
898
899	<varlistentry id="sserver">
900	<term><command>sserver</command></term>
901	<listitem>
902	<para>
903	is the sample Kerberos 5 server.
904	</para>
905	<indexterm zone="mitkrb sserver">
906	<primary sortas="b-sserver">sserver</primary>
907	</indexterm>
908	</listitem>
909	</varlistentry>
910
911	<varlistentry id="uuclient">
912	<term><command>uuclient</command></term>
913	<listitem>
914	<para>
915	is an another sample client.
916	</para>
917	<indexterm zone="mitkrb uuclient">
918	<primary sortas="b-uuclient">uuclient</primary>
919	</indexterm>
920	</listitem>
921	</varlistentry>
922
923	<varlistentry id="uuserver">
924	<term><command>uuserver</command></term>
925	<listitem>
926	<para>
927	is an another sample server.
928	</para>
929	<indexterm zone="mitkrb uuserver">
930	<primary sortas="b-uuserver">uuserver</primary>
931	</indexterm>
932	</listitem>
933	</varlistentry>
934
935
936	<varlistentry id="libgssapi_krb5">
937	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
938	<listitem>
939	<para>
940	contain the Generic Security Service Application Programming
941	Interface (GSSAPI) functions which provides security services
942	to callers in a generic fashion, supportable with a range of
943	underlying mechanisms and technologies and hence allowing
944	source-level portability of applications to different
945	environments.
946	</para>
947	<indexterm zone="mitkrb libgssapi_krb5">
948	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
949	</indexterm>
950	</listitem>
951	</varlistentry>
952
953	<varlistentry id="libkadm5clnt">
954	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
955	<listitem>
956	<para>
957	contains the administrative authentication and password checking
958	functions required by Kerberos 5 client-side programs.
959	</para>
960	<indexterm zone="mitkrb libkadm5clnt">
961	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
962	</indexterm>
963	</listitem>
964	</varlistentry>
965
966	<varlistentry id="libkadm5srv">
967	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
968	<listitem>
969	<para>
970	contain the administrative authentication and password
971	checking functions required by Kerberos 5 servers.
972	</para>
973	<indexterm zone="mitkrb libkadm5srv">
974	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
975	</indexterm>
976	</listitem>
977	</varlistentry>
978
979	<varlistentry id="libkdb5">
980	<term><filename class="libraryfile">libkdb5.so</filename></term>
981	<listitem>
982	<para>
983	is a Kerberos 5 authentication/authorization database
984	access library.
985	</para>
986	<indexterm zone="mitkrb libkdb5">
987	<primary sortas="c-libkdb5">libkdb5.so</primary>
988	</indexterm>
989	</listitem>
990	</varlistentry>
991
992	<varlistentry id="libkrad">
993	<term><filename class="libraryfile">libkrad.so</filename></term>
994	<listitem>
995	<para>
996	contains the internal support library for RADIUS functionality.
997	</para>
998	<indexterm zone="mitkrb libkrad">
999	<primary sortas="c-libkrad">libkrad.so</primary>
1000	</indexterm>
1001	</listitem>
1002	</varlistentry>
1003
1004	<varlistentry id="libkrb5">
1005	<term><filename class="libraryfile">libkrb5.so</filename></term>
1006	<listitem>
1007	<para>
1008	is an all-purpose <application>Kerberos 5</application> library.
1009	</para>
1010	<indexterm zone="mitkrb libkrb5">
1011	<primary sortas="c-libkrb5">libkrb5.so</primary>
1012	</indexterm>
1013	</listitem>
1014	</varlistentry>
1015
1016	</variablelist>
1017
1018	</sect2>
1019
1020	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ d7bee48

Download in other formats: