source: postlfs/security/mitkrb.xml@ 06be400

10.0 10.1 11.0 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 06be400 was 06be400, checked in by David Jensen <djensen@…>, 15 years ago

spell checks (j thru s)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6309 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 28.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- Inserted as a reminder to do this. The mention of a test suite
8 is usually right before the root user installation commands. Please
9 delete these 12 (including one blank) lines after you are done.-->
10
11 <!-- Use one of the two mentions below about a test suite,
12 delete the line that is not applicable. Of course, if the
13 test suite uses syntax other than "make check", revise the
14 line to reflect the actual syntax to run the test suite -->
15
16 <!-- <para>This package does not come with a test suite.</para> -->
17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
20 <!ENTITY mitkrb-download-ftp " ">
21 <!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
22 <!ENTITY mitkrb-size "6.4 MB">
23 <!ENTITY mitkrb-buildsize "TBD MB">
24 <!ENTITY mitkrb-time "TBD SBU">
25]>
26
27<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
28 <?dbhtml filename="mitkrb.html"?>
29
30 <sect1info>
31 <othername>$LastChangedBy$</othername>
32 <date>$Date$</date>
33 </sect1info>
34
35 <title>MIT Krb5-&mitkrb-version;</title>
36
37 <indexterm zone="mitkrb">
38 <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
39 </indexterm>
40
41 <sect2 role="package">
42 <title>Introduction to MIT Krb5</title>
43
44 <para><application>MIT krb5</application> is a free implementation of
45 Kerberos 5. Kerberos is a network authentication protocol. It
46 centralizes the authentication database and uses kerberized
47 applications to work with servers or services that support Kerberos
48 allowing single logins and encrypted communication over internal
49 networks or the Internet.</para>
50
51 <bridgehead renderas="sect3">Package Information</bridgehead>
52 <itemizedlist spacing="compact">
53 <listitem>
54 <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
55 </listitem>
56 <listitem>
57 <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
58 </listitem>
59 <listitem>
60 <para>Download MD5 sum: &mitkrb-md5sum;</para>
61 </listitem>
62 <listitem>
63 <para>Download size: &mitkrb-size;</para>
64 </listitem>
65 <listitem>
66 <para>Estimated disk space required: &mitkrb-buildsize;</para>
67 </listitem>
68 <listitem>
69 <para>Estimated build time: &mitkrb-time;</para>
70 </listitem>
71 </itemizedlist>
72
73 <bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
74
75 <bridgehead renderas="sect4">Optional</bridgehead>
76 <para role="optional"><xref linkend="xinetd"/> (services servers only),
77 <xref linkend="linux-pam"/> (for <command>xdm</command> based logins) and
78 <xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
79 password database)</para>
80
81 <note>
82 <para>Some sort of time synchronization facility on your system (like
83 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if
84 there is a time difference between a kerberized client and the
85 KDC server.</para>
86 </note>
87
88 <para condition="html" role="usernotes">User Notes:
89 <ulink url="&blfs-wiki;/mitkrb"/></para>
90
91 </sect2>
92
93 <sect2 role="installation">
94 <title>Installation of MIT Krb5</title>
95
96
97 <!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
98 the BLFS Editors. Until this section is updated, the Editors reccomend
99 using <xref linkend='heimdal'/> to implement the functionality of this
100 package.</para></note> -->
101
102
103 <para><application>MIT krb5</application> is distributed in a
104 TAR file containing a compressed TAR package and a detached PGP
105 <filename class="extension">ASC</filename> file.</para>
106
107 <para>If you have installed <xref linkend="gnupg"/>, you can
108 authenticate the package with the following command:</para>
109
110<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
111
112 <para>Build <application>MIT krb5</application> by running the
113 following commands:</para>
114
115<screen><userinput>cd src &amp;&amp;
116./configure --prefix=/usr --sysconfdir=/etc \
117 --localstatedir=/var/lib --enable-dns \
118 --enable-static --mandir=/usr/share/man &amp;&amp;
119make</userinput></screen>
120
121 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
122
123<screen role="root"><userinput>make install &amp;&amp;
124mv -v /usr/bin/ksu /bin &amp;&amp;
125mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
126mv -v /usr/lib/libkrb4.so.2* /lib &amp;&amp;
127mv -v /usr/lib/libdes425.so.3* /lib &amp;&amp;
128mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
129mv -v /usr/lib/libcom_err.so.3* /lib &amp;&amp;
130ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &amp;&amp;
131ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &amp;&amp;
132ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &amp;&amp;
133ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &amp;&amp;
134ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &amp;&amp;
135ldconfig</userinput></screen>
136
137 <warning>
138 <para><command>login.krb5</command> does not support
139 <application>shadow</application> passwords. As a result, when the
140 Kerberos server is unavailable, the default fall through to
141 <filename>/etc/password</filename> will not work because
142 the passwords have been moved to <filename>/etc/shadow</filename> during
143 the LFS build process. Entering the following
144 commands without moving the passwords back to
145 <filename>/etc/password</filename> could prevent any logins.</para>
146 </warning>
147
148 <para>If <application>Linux-Pam</application> is not installed and
149 you understand the above warning, the following can be entered as the
150 <systemitem class="username">root</systemitem> user:</para>
151
152<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &amp;&amp;
153cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
154
155 <para>If <application>CrackLib</application> is installed, or if any
156 word list has been put in
157 <filename class='directory'>/usr/share/dict</filename>, the following
158 should be entered as the <systemitem class="username">root</systemitem>
159 user:</para>
160
161<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
162
163 </sect2>
164
165 <sect2 role="commands">
166 <title>Command Explanations</title>
167
168 <para><parameter>--enable-dns</parameter>: This switch allows
169 realms to be resolved using the DNS server.</para>
170
171 <para><parameter>--enable-static</parameter>: This switch builds static
172 libraries in addition to the shared libraries.</para>
173
174 <para><command>mv -v /bin/login /bin/login.shadow &amp;&amp;
175 cp -v /usr/sbin/login.krb5 /bin/login &amp;&amp;
176 mv -v /usr/bin/ksu /bin</command>: Preserves
177 <application>Shadow</application>'s <command>login</command>
178 command, moves <command>ksu</command> and <command>login</command> to
179 the <filename class="directory">/bin</filename> directory.</para>
180
181 <para><command>mv -v ... /lib &amp;&amp; ln -v -sf ...</command>:
182 The <command>login</command> and <command>ksu</command> programs
183 are linked against these libraries, therefore these libraries are moved
184 to <filename class="directory">/lib</filename> to allow logins without
185 mounting <filename class="directory">/usr</filename>.</para>
186
187 </sect2>
188
189 <sect2 role="configuration">
190 <title>Configuring MIT Krb5</title>
191
192 <sect3 id="krb5-config">
193 <title>Config Files</title>
194
195 <para><filename>/etc/krb5.conf</filename> and
196 <filename>/var/lib/krb5kdc/kdc.conf</filename></para>
197
198 <indexterm zone="mitkrb krb5-config">
199 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
200 </indexterm>
201
202 <indexterm zone="mitkrb krb5-config">
203 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
204 </indexterm>
205
206 </sect3>
207
208 <sect3>
209 <title>Configuration Information</title>
210
211 <sect4>
212 <title>Kerberos Configuration</title>
213
214 <para>Create the Kerberos configuration file with the following
215 command:</para>
216
217<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
218<literal># Begin /etc/krb5.conf
219
220[libdefaults]
221 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
222 encrypt = true
223
224[realms]
225 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
226 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
227 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
228 }
229
230[domain_realm]
231 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
232
233[logging]
234 kdc = SYSLOG[:INFO[:AUTH]]
235 admin_server = SYSLOG[INFO[:AUTH]]
236 default = SYSLOG[[:SYS]]
237
238# End /etc/krb5.conf</literal>
239EOF</userinput></screen>
240
241 <para>You will need to substitute your domain and proper hostname
242 for the occurences of the <replaceable>&lt;belgarath&gt;</replaceable> and
243 <replaceable>&lt;lfs.org&gt;</replaceable> names.</para>
244
245 <para><option>default_realm</option> should be the name of your
246 domain changed to ALL CAPS. This isn't required, but both
247 <application>Heimdal</application> and MIT recommend it.</para>
248
249 <para><option>encrypt = true</option> provides encryption of all
250 traffic between kerberized clients and servers. It's not necessary
251 and can be left off. If you leave it off, you can encrypt all traffic
252 from the client to the server using a switch on the client program
253 instead.</para>
254
255 <para>The <option>[realms]</option> parameters tell the client
256 programs where to look for the KDC authentication services.</para>
257
258 <para>The <option>[domain_realm]</option> section maps a domain to
259 a realm.</para>
260
261 <para>Create the KDC database:</para>
262
263<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
264
265 <para>Now you should populate the database with principles
266 (users). For now, just use your regular login name or
267 <systemitem class="username">root</systemitem>.</para>
268
269<screen role="root"><userinput>kadmin.local
270<prompt>kadmin:</prompt> add_policy dict-only
271<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
272
273 <para>The KDC server and any machine running kerberized
274 server daemons must have a host key installed:</para>
275
276<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
277
278 <para>After choosing the defaults when prompted, you will have to
279 export the data to a keytab file:</para>
280
281<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
282
283 <para>This should have created a file in
284 <filename class="directory">/etc</filename> named
285 <filename>krb5.keytab</filename> (Kerberos 5). This file should
286 have 600 (<systemitem class="username">root</systemitem> rw only)
287 permissions. Keeping the keytab files from public access is crucial
288 to the overall security of the Kerberos installation.</para>
289
290 <para>Eventually, you'll want to add server daemon principles to the
291 database and extract them to the keytab file. You do this in the same
292 way you created the host principles. Below is an example:</para>
293
294<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
295<prompt>kadmin:</prompt> ktadd ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
296
297 <para>Exit the <command>kadmin</command> program (use
298 <command>quit</command> or <command>exit</command>) and return
299 back to the shell prompt. Start the KDC daemon manually, just to
300 test out the installation:</para>
301
302<screen role='root'><userinput>/usr/sbin/krb5kdc &amp;</userinput></screen>
303
304 <para>Attempt to get a ticket with the following command:</para>
305
306<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
307
308 <para>You will be prompted for the password you created. After you
309 get your ticket, you can list it with the following command:</para>
310
311<screen><userinput>klist</userinput></screen>
312
313 <para>Information about the ticket should be displayed on the
314 screen.</para>
315
316 <para>To test the functionality of the keytab file, issue the
317 following command:</para>
318
319<screen><userinput>ktutil
320<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
321<prompt>ktutil:</prompt> l</userinput></screen>
322
323 <para>This should dump a list of the host principal, along with
324 the encryption methods used to access the principal.</para>
325
326 <para>At this point, if everything has been successful so far, you
327 can feel fairly confident in the installation and configuration of
328 the package.</para>
329
330 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
331 script included in the <xref linkend="bootscripts"/>
332 package.</para>
333
334<screen role="root"><userinput>make install-kerberos</userinput></screen>
335
336 </sect4>
337
338 <sect4>
339 <title>Using Kerberized Client Programs</title>
340
341 <para>To use the kerberized client programs (<command>telnet</command>,
342 <command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
343 <command>rlogin</command>), you first must get an authentication ticket.
344 Use the <command>kinit</command> program to get the ticket. After you've
345 acquired the ticket, you can use the kerberized programs to connect to
346 any kerberized server on the network. You will not be prompted for
347 authentication until your ticket expires (default is one day), unless
348 you specify a different user as a command line argument to the
349 program.</para>
350
351 <para>The kerberized programs will connect to non kerberized daemons,
352 warning you that authentication is not encrypted.</para>
353
354 </sect4>
355
356 <sect4>
357 <title>Using Kerberized Server Programs</title>
358
359 <para>Using kerberized server programs (<command>telnetd</command>,
360 <command>kpropd</command>, <command>klogind</command> and
361 <command>kshd</command>) requires two additional configuration steps.
362 First the <filename>/etc/services</filename> file must be updated to
363 include eklogin and krb5_prop. Second, the
364 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
365 must be modified for each server that will be activated, usually
366 replacing the server from <xref linkend="inetutils"/>.</para>
367
368 </sect4>
369
370 <sect4>
371 <title>Additional Information</title>
372
373 <para>For additional information consult <ulink
374 url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
375 Documentation for krb-&mitkrb-version;</ulink> on which the above
376 instructions are based.</para>
377
378 </sect4>
379
380 </sect3>
381
382 </sect2>
383
384 <sect2 role="content">
385 <title>Contents</title>
386 <para></para>
387
388 <segmentedlist>
389 <segtitle>Installed Programs</segtitle>
390 <segtitle>Installed Libraries</segtitle>
391 <segtitle>Installed Directories</segtitle>
392
393 <seglistitem>
394 <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
395 kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
396 klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
397 krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
398 rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
399 uuclient, uuserver, v5passwd, and v5passwdd</seg>
400 <seg>libcom_err.{so,a}, libdes425.{so,a}, libgssapi.{so,a},
401 libgssrpc.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a},
402 libkdb5.{so,a}, libkrb5.{so,a}, and libkrb4.{so,a}</seg>
403 <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
404 </seglistitem>
405 </segmentedlist>
406
407 <variablelist>
408 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
409 <?dbfo list-presentation="list"?>
410 <?dbhtml list-presentation="table"?>
411
412 <varlistentry id="compile_et">
413 <term><command>compile_et</command></term>
414 <listitem>
415 <para>converts the table listing error-code names into a
416 C source file.</para>
417 <indexterm zone="mitkrb compile_et">
418 <primary sortas="b-compile_et">compile_et</primary>
419 </indexterm>
420 </listitem>
421 </varlistentry>
422
423 <varlistentry id="ftp-mitkrb">
424 <term><command>ftp</command></term>
425 <listitem>
426 <para>is a kerberized FTP client.</para>
427 <indexterm zone="mitkrb ftp">
428 <primary sortas="b-ftp">ftp</primary>
429 </indexterm>
430 </listitem>
431 </varlistentry>
432
433 <varlistentry id="ftpd-mitkrb">
434 <term><command>ftpd</command></term>
435 <listitem>
436 <para>is a kerberized FTP daemon.</para>
437 <indexterm zone="mitkrb ftpd">
438 <primary sortas="b-ftpd">ftpd</primary>
439 </indexterm>
440 </listitem>
441 </varlistentry>
442
443 <varlistentry id="k5srvutil">
444 <term><command>k5srvutil</command></term>
445 <listitem>
446 <para>is a host keytable manipulation utility.</para>
447 <indexterm zone="mitkrb k5srvutil">
448 <primary sortas="b-k5srvutil">k5srvutil</primary>
449 </indexterm>
450 </listitem>
451 </varlistentry>
452
453 <varlistentry id="kadmin-mitkrb">
454 <term><command>kadmin</command></term>
455 <listitem>
456 <para>is an utility used to make modifications
457 to the Kerberos database.</para>
458 <indexterm zone="mitkrb kadmin-mitkrb">
459 <primary sortas="b-kadmin">kadmin</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 <varlistentry id="kadmind-mitkrb">
465 <term><command>kadmind</command></term>
466 <listitem>
467 <para>is a server for administrative access
468 to a Kerberos database.</para>
469 <indexterm zone="mitkrb kadmind-mitkrb">
470 <primary sortas="b-kadmind">kadmind</primary>
471 </indexterm>
472 </listitem>
473 </varlistentry>
474
475 <varlistentry id="kdb5_util">
476 <term><command>kdb5_util</command></term>
477 <listitem>
478 <para>is the KDC database utility.</para>
479 <indexterm zone="mitkrb kdb5_util">
480 <primary sortas="b-kdb5_util">kdb5_util</primary>
481 </indexterm>
482 </listitem>
483 </varlistentry>
484
485 <varlistentry id="kdestroy-mitkrb">
486 <term><command>kdestroy</command></term>
487 <listitem>
488 <para>removes the current set of tickets.</para>
489 <indexterm zone="mitkrb kdestroy-mitkrb">
490 <primary sortas="b-kdestroy">kdestroy</primary>
491 </indexterm>
492 </listitem>
493 </varlistentry>
494
495 <varlistentry id="kinit-mitkrb">
496 <term><command>kinit</command></term>
497 <listitem>
498 <para>is used to authenticate to the Kerberos server as a
499 principal and acquire a ticket granting ticket that can
500 later be used to obtain tickets for other services.</para>
501 <indexterm zone="mitkrb kinit-mitkrb">
502 <primary sortas="b-kinit">kinit</primary>
503 </indexterm>
504 </listitem>
505 </varlistentry>
506
507 <varlistentry id="klist-mitkrb">
508 <term><command>klist</command></term>
509 <listitem>
510 <para>reads and displays the current tickets in
511 the credential cache.</para>
512 <indexterm zone="mitkrb klist-mitkrb">
513 <primary sortas="b-klist">klist</primary>
514 </indexterm>
515 </listitem>
516 </varlistentry>
517
518 <varlistentry id="klogind">
519 <term><command>klogind</command></term>
520 <listitem>
521 <para>is the server that responds to <command>rlogin</command>
522 requests.</para>
523 <indexterm zone="mitkrb klogind">
524 <primary sortas="b-klogind">klogind</primary>
525 </indexterm>
526 </listitem>
527 </varlistentry>
528
529 <varlistentry id="kpasswd-mitkrb">
530 <term><command>kpasswd</command></term>
531 <listitem>
532 <para>is a program for changing Kerberos 5 passwords.</para>
533 <indexterm zone="mitkrb kpasswd-mitkrb">
534 <primary sortas="b-kpasswd">kpasswd</primary>
535 </indexterm>
536 </listitem>
537 </varlistentry>
538
539 <varlistentry id="kprop">
540 <term><command>kprop</command></term>
541 <listitem>
542 <para>takes a principal database in a specified format and
543 converts it into a stream of database records.</para>
544 <indexterm zone="mitkrb kprop">
545 <primary sortas="b-kprop">kprop</primary>
546 </indexterm>
547 </listitem>
548 </varlistentry>
549
550 <varlistentry id="kpropd">
551 <term><command>kpropd</command></term>
552 <listitem>
553 <para>receives a database sent by <command>kprop</command>
554 and writes it as a local database.</para>
555 <indexterm zone="mitkrb kpropd">
556 <primary sortas="b-kpropd">kpropd</primary>
557 </indexterm>
558 </listitem>
559 </varlistentry>
560
561 <varlistentry id="krb5-config-1">
562 <term><command>krb5-config</command></term>
563 <listitem>
564 <para>gives information on how to link programs against
565 libraries.</para>
566 <indexterm zone="mitkrb krb5-config-prog">
567 <primary sortas="b-krb5-config-1">krb5-config</primary>
568 </indexterm>
569 </listitem>
570 </varlistentry>
571
572 <varlistentry id="krb5kdc">
573 <term><command>krb5kdc</command></term>
574 <listitem>
575 <para>is a Kerberos 5 server.</para>
576 <indexterm zone="mitkrb krb5kdc">
577 <primary sortas="b-krb5kdc">krb5kdc</primary>
578 </indexterm>
579 </listitem>
580 </varlistentry>
581
582 <varlistentry id="kshd">
583 <term><command>kshd</command></term>
584 <listitem>
585 <para>is the server that responds to <command>rsh</command>
586 requests.</para>
587 <indexterm zone="mitkrb kshd">
588 <primary sortas="b-kshd">kshd</primary>
589 </indexterm>
590 </listitem>
591 </varlistentry>
592
593 <varlistentry id="ksu">
594 <term><command>ksu</command></term>
595 <listitem>
596 <para>is the super user program using Kerberos protocol.
597 Requires a properly configured
598 <filename class="directory">/etc/shells</filename> and
599 <filename>~/.k5login</filename> containing principals
600 authorized to become super users.</para>
601 <indexterm zone="mitkrb ksu">
602 <primary sortas="b-ksu">ksu</primary>
603 </indexterm>
604 </listitem>
605 </varlistentry>
606
607 <varlistentry id="ktutil-mitkrb">
608 <term><command>ktutil</command></term>
609 <listitem>
610 <para>is a program for managing Kerberos keytabs.</para>
611 <indexterm zone="mitkrb ktutil-mitkrb">
612 <primary sortas="b-ktutil">ktutil</primary>
613 </indexterm>
614 </listitem>
615 </varlistentry>
616
617 <varlistentry id="kvno">
618 <term><command>kvno</command></term>
619 <listitem>
620 <para>prints keyversion numbers of Kerberos principals.</para>
621 <indexterm zone="mitkrb kvno">
622 <primary sortas="b-kvno">kvno</primary>
623 </indexterm>
624 </listitem>
625 </varlistentry>
626
627 <varlistentry id="login.krb5">
628 <term><command>login.krb5</command></term>
629 <listitem>
630 <para>is a kerberized login program.</para>
631 <indexterm zone="mitkrb login">
632 <primary sortas="b-login.krb5">login.krb5</primary>
633 </indexterm>
634 </listitem>
635 </varlistentry>
636
637 <varlistentry id="rcp-mitkrb">
638 <term><command>rcp</command></term>
639 <listitem>
640 <para>is a kerberized rcp client program.</para>
641 <indexterm zone="mitkrb rcp">
642 <primary sortas="b-rcp">rcp</primary>
643 </indexterm>
644 </listitem>
645 </varlistentry>
646
647 <varlistentry id="rlogin">
648 <term><command>rlogin</command></term>
649 <listitem>
650 <para>is a kerberized rlogin client program.</para>
651 <indexterm zone="mitkrb rlogin">
652 <primary sortas="b-rlogin">rlogin</primary>
653 </indexterm>
654 </listitem>
655 </varlistentry>
656
657 <varlistentry id="rsh-mitkrb">
658 <term><command>rsh</command></term>
659 <listitem>
660 <para>is a kerberized rsh client program.</para>
661 <indexterm zone="mitkrb rsh">
662 <primary sortas="b-rsh">rsh</primary>
663 </indexterm>
664 </listitem>
665 </varlistentry>
666
667 <varlistentry id="telnet-mitkrb">
668 <term><command>telnet</command></term>
669 <listitem>
670 <para>is a kerberized telnet client program.</para>
671 <indexterm zone="mitkrb telnet">
672 <primary sortas="b-telnet">telnet</primary>
673 </indexterm>
674 </listitem>
675 </varlistentry>
676
677 <varlistentry id="telnetd-mitkrb">
678 <term><command>telnetd</command></term>
679 <listitem>
680 <para>is a kerberized telnet server.</para>
681 <indexterm zone="mitkrb telnetd">
682 <primary sortas="b-telnetd">telnetd</primary>
683 </indexterm>
684 </listitem>
685 </varlistentry>
686
687 <varlistentry id="libcom_err">
688 <term><filename class='libraryfile'>libcom_err.{so,a}</filename></term>
689 <listitem>
690 <para>implements the Kerberos library error code.</para>
691 <indexterm zone="mitkrb libcom_err">
692 <primary sortas="c-libcom_err">libcom_err.{so,a}</primary>
693 </indexterm>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry id="libgssapi-mitkrb">
698 <term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
699 <listitem>
700 <para>contain the Generic Security Service Application
701 Programming Interface (GSSAPI) functions which provides security
702 services to callers in a generic fashion, supportable with a range of
703 underlying mechanisms and technologies and hence allowing source-level
704 portability of applications to different environments.</para>
705 <indexterm zone="mitkrb libgssapi">
706 <primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
707 </indexterm>
708 </listitem>
709 </varlistentry>
710
711 <varlistentry id="libkadm5clnt-mitkrb">
712 <term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
713 <listitem>
714 <para>contains the administrative authentication and password
715 checking functions required by Kerberos 5 client-side programs.</para>
716 <indexterm zone="mitkrb libkadm5clnt">
717 <primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
718 </indexterm>
719 </listitem>
720 </varlistentry>
721
722 <varlistentry id="libkadm5srv-mitkrb">
723 <term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
724 <listitem>
725 <para>contain the administrative authentication and password
726 checking functions required by Kerberos 5 servers.</para>
727 <indexterm zone="mitkrb libkadm5srv">
728 <primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
729 </indexterm>
730 </listitem>
731 </varlistentry>
732
733 <varlistentry id="libkdb5">
734 <term><filename class='libraryfile'>libkdb5.{so,a}</filename></term>
735 <listitem>
736 <para>is a Kerberos 5 authentication/authorization database
737 access library.</para>
738 <indexterm zone="mitkrb libkdb5">
739 <primary sortas="c-libkdb5">libkdb5.{so,a}</primary>
740 </indexterm>
741 </listitem>
742 </varlistentry>
743
744 <varlistentry id="libkrb5-mitkrb">
745 <term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
746 <listitem>
747 <para>is an all-purpose Kerberos 5 library.</para>
748 <indexterm zone="mitkrb libkrb5">
749 <primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
750 </indexterm>
751 </listitem>
752 </varlistentry>
753
754 </variablelist>
755
756 </sect2>
757
758</sect1>
Note: See TracBrowser for help on using the repository browser.