Context Navigation

mitkrb.xml@ 1363324e

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 1363324e was 1363324e, checked in by Randy McMurchy <randy@…>, 19 years ago

Fixed validation error in MIT Kerberos instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4921 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
10	<!ENTITY mitkrb-size "6.4 MB">
11	<!ENTITY mitkrb-buildsize "TBD MB">
12	<!ENTITY mitkrb-time "TBD SBU">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Krb5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Krb5</title>
31
32	<para><application>MIT krb5</application> is a free implementation of
33	Kerberos 5. Kerberos is a network authentication protocol. It
34	centralizes the authentication database and uses kerberized
35	applications to work with servers or services that support Kerberos
36	allowing single logins and encrypted communication over internal
37	networks or the Internet.</para>
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
43	</listitem>
44	<listitem>
45	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
46	</listitem>
47	<listitem>
48	<para>Download MD5 sum: &mitkrb-md5sum;</para>
49	</listitem>
50	<listitem>
51	<para>Download size: &mitkrb-size;</para>
52	</listitem>
53	<listitem>
54	<para>Estimated disk space required: &mitkrb-buildsize;</para>
55	</listitem>
56	<listitem>
57	<para>Estimated build time: &mitkrb-time;</para>
58	</listitem>
59	</itemizedlist>
60
61	<bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
62
63	<bridgehead renderas="sect4">Optional</bridgehead>
64	<para><xref linkend="xinetd"/> (services servers only),
65	<xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
66	<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
67	password database)</para>
68
69	<note>
70	<para>Some sort of time synchronization facility on your system (like
71	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
72	there is a time difference between a kerberized client and the
73	KDC server.</para>
74	</note>
75
76	</sect2>
77
78	<sect2 role="installation">
79	<title>Installation of MIT Krb5</title>
80
81
82	<!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
83	the BLFS Editors. Until this section is updated, the Editors reccomend
84	using <xref linkend='heimdal'/> to implement the functionality of this
85	package.</para></note> -->
86
87
88	<para><application>MIT krb5</application> is distributed in a
89	TAR file containing a compressed TAR package and a detached PGP
90	<filename class="extension">ASC</filename> file.</para>
91
92	<para>If you have installed <xref linkend="gnupg"/>, you can
93	authenticate the package with the following command:</para>
94
95	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
96
97	<para>Build <application>MIT krb5</application> by running the
98	following commands:</para>
99
100	<screen><userinput>cd src &&
101	./configure --prefix=/usr --sysconfdir=/etc \
102	--localstatedir=/var/lib --enable-dns \
103	--enable-static --mandir=/usr/share/man &&
104	make</userinput></screen>
105
106	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
107
108	<screen role="root"><userinput>make install &&
109	mv -v /usr/bin/ksu /bin &&
110	mv -v /usr/lib/libkrb5.so.3* /lib &&
111	mv -v /usr/lib/libkrb4.so.2* /lib &&
112	mv -v /usr/lib/libdes425.so.3* /lib &&
113	mv -v /usr/lib/libk5crypto.so.3* /lib &&
114	mv -v /usr/lib/libcom_err.so.3* /lib &&
115	ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
116	ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
117	ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
118	ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
119	ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
120	ldconfig</userinput></screen>
121
122	<warning>
123	<para><command>login.krb5</command> does not support
124	<application>shadow</application> passwords. As a result, when the
125	Kerberos server is unavailable, the default fall through to
126	<filename>/etc/password</filename> will not work because
127	the passwords have been moved to <filename>/etc/shadow</filename> during
128	the LFS build process. Entering the following
129	commands without moving the passwords back to
130	<filename>/etc/password</filename> could prevent any logins.</para>
131	</warning>
132
133	<para>If <application>Linux-Pam</application> is not installed and
134	you understand the above warning, the following can be entered as the
135	<systemitem class="username">root</systemitem> user:</para>
136
137	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
138	cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
139
140	<para>If <application>CrackLib</application> is installed, or if any
141	word list has been put in
142	<filename class='directory'>/usr/share/dict</filename>, the following
143	should be entered as the <systemitem class="username">root</systemitem>
144	user:</para>
145
146	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
147
148	</sect2>
149
150	<sect2 role="commands">
151	<title>Command Explanations</title>
152
153	<para><parameter>--enable-dns</parameter>: This switch allows
154	realms to be resolved using the DNS server.</para>
155
156	<para><parameter>--enable-static</parameter>: This switch builds static
157	libraries in addition to the shared libraries.</para>
158
159	<para><command>mv -v /bin/login /bin/login.shadow &&
160	cp -v /usr/sbin/login.krb5 /bin/login &&
161	mv -v /usr/bin/ksu /bin</command>: Preserves
162	<application>Shadow</application>'s <command>login</command>
163	command, moves <command>ksu</command> and <command>login</command> to
164	the <filename class="directory">/bin</filename> directory.</para>
165
166	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
167	The <command>login</command> and <command>ksu</command> programs
168	are linked against these libraries, therefore these libraries are moved
169	to <filename class="directory">/lib</filename> to allow logins without
170	mounting <filename class="directory">/usr</filename>.</para>
171
172	</sect2>
173
174	<sect2 role="configuration">
175	<title>Configuring MIT Krb5</title>
176
177	<sect3 id="krb5-config">
178	<title>Config Files</title>
179
180	<para><filename>/etc/krb5.conf</filename> and
181	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
182
183	<indexterm zone="mitkrb krb5-config">
184	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
185	</indexterm>
186
187	<indexterm zone="mitkrb krb5-config">
188	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
189	</indexterm>
190
191	</sect3>
192
193	<sect3>
194	<title>Configuration Information</title>
195
196	<sect4>
197	<title>Kerberos Configuration</title>
198
199	<para>Create the Kerberos configuration file with the following
200	command:</para>
201
202	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
203	<literal># Begin /etc/krb5.conf
204
205	[libdefaults]
206	default_realm = <replaceable>[LFS.ORG]</replaceable>
207	encrypt = true
208
209	[realms]
210	<replaceable>[LFS.ORG]</replaceable> = {
211	kdc = <replaceable>[belgarath.lfs.org]</replaceable>
212	admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
213	}
214
215	[domain_realm]
216	.<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
217
218	[logging]
219	kdc = SYSLOG[:INFO[:AUTH]]
220	admin_server = SYSLOG[INFO[:AUTH]]
221	default = SYSLOG[[:SYS]]
222
223	# End /etc/krb5.conf</literal>
224	EOF</userinput></screen>
225
226	<para>You will need to substitute your domain and proper hostname
227	for the occurances of the <replaceable>[belgarath]</replaceable> and
228	<replaceable>[lfs.org]</replaceable> names.</para>
229
230	<para><option>default_realm</option> should be the name of your
231	domain changed to ALL CAPS. This isn't required, but both
232	<application>Heimdal</application> and MIT recommend it.</para>
233
234	<para><option>encrypt = true</option> provides encryption of all
235	traffic between kerberized clients and servers. It's not necessary
236	and can be left off. If you leave it off, you can encrypt all traffic
237	from the client to the server using a switch on the client program
238	instead.</para>
239
240	<para>The <option>[realms]</option> parameters tell the client
241	programs where to look for the KDC authentication services.</para>
242
243	<para>The <option>[domain_realm]</option> section maps a domain to
244	a realm.</para>
245
246	<para>Create the KDC database:</para>
247
248	<screen role="root"><userinput>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s</userinput></screen>
249
250	<para>Now you should populate the database with principles
251	(users). For now, just use your regular login name or
252	<systemitem class="username">root</systemitem>.</para>
253
254	<screen role="root"><userinput>kadmin.local
255	<prompt>kadmin:</prompt> add_policy dict-only
256	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>[loginname]</replaceable></userinput></screen>
257
258	<para>The KDC server and any machine running kerberized
259	server daemons must have a host key installed:</para>
260
261	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
262
263	<para>After choosing the defaults when prompted, you will have to
264	export the data to a keytab file:</para>
265
266	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
267
268	<para>This should have created a file in
269	<filename class="directory">/etc</filename> named
270	<filename>krb5.keytab</filename> (Kerberos 5). This file should
271	have 600 (<systemitem class="username">root</systemitem> rw only)
272	permissions. Keeping the keytab files from public access is crucial
273	to the overall security of the Kerberos installation.</para>
274
275	<para>Eventually, you'll want to add server daemon principles to the
276	database and extract them to the keytab file. You do this in the same
277	way you created the host principles. Below is an example:</para>
278
279	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable>
280	<prompt>kadmin:</prompt> ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
281
282	<para>Exit the <command>kadmin</command> program (use
283	<command>quit</command> or <command>exit</command>) and return
284	back to the shell prompt. Start the KDC daemon manually, just to
285	test out the installation:</para>
286
287	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
288
289	<para>Attempt to get a ticket with the following command:</para>
290
291	<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
292
293	<para>You will be prompted for the password you created. After you
294	get your ticket, you can list it with the following command:</para>
295
296	<screen><userinput>klist</userinput></screen>
297
298	<para>Information about the ticket should be displayed on the
299	screen.</para>
300
301	<para>To test the functionality of the keytab file, issue the
302	following command:</para>
303
304	<screen><userinput>ktutil
305	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
306	<prompt>ktutil:</prompt> l</userinput></screen>
307
308	<para>This should dump a list of the host principal, along with
309	the encryption methods used to access the principal.</para>
310
311	<para>At this point, if everything has been successful so far, you
312	can feel fairly confident in the installation and configuration of
313	the package.</para>
314
315	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
316	script included in the <xref linkend="intro-important-bootscripts"/>
317	package.</para>
318
319	<screen role="root"><userinput>make install-kerberos</userinput></screen>
320
321	</sect4>
322
323	<sect4>
324	<title>Using Kerberized Client Programs</title>
325
326	<para>To use the kerberized client programs (<command>telnet</command>,
327	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
328	<command>rlogin</command>), you first must get an authentication ticket.
329	Use the <command>kinit</command> program to get the ticket. After you've
330	acquired the ticket, you can use the kerberized programs to connect to
331	any kerberized server on the network. You will not be prompted for
332	authentication until your ticket expires (default is one day), unless
333	you specify a different user as a command line argument to the
334	program.</para>
335
336	<para>The kerberized programs will connect to non kerberized daemons,
337	warning you that authentication is not encrypted.</para>
338
339	</sect4>
340
341	<sect4>
342	<title>Using Kerberized Server Programs</title>
343
344	<para>Using kerberized server programs (<command>telnetd</command>,
345	<command>kpropd</command>, <command>klogind</command> and
346	<command>kshd</command>) requires two additional configuration steps.
347	First the <filename>/etc/services</filename> file must be updated to
348	include eklogin and krb5_prop. Second, the
349	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
350	must be modified for each server that will be activated, usually
351	replacing the server from <xref linkend="inetutils"/>.</para>
352
353	</sect4>
354
355	<sect4>
356	<title>Additional Information</title>
357
358	<para>For additional information consult <ulink
359	url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
360	Documentation for krb-&mitkrb-version;</ulink> on which the above
361	instructions are based.</para>
362
363	</sect4>
364
365	</sect3>
366
367	</sect2>
368
369	<sect2 role="content">
370	<title>Contents</title>
371	<para></para>
372
373	<segmentedlist>
374	<segtitle>Installed Programs</segtitle>
375	<segtitle>Installed Libraries</segtitle>
376	<segtitle>Installed Directories</segtitle>
377
378	<seglistitem>
379	<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
380	kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
381	klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
382	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
383	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
384	uuclient, uuserver, v5passwd, and v5passwdd</seg>
385	<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a],
386	libgssrpc.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a],
387	libkdb5.[so,a], libkrb5.[so,a], and libkrb4.[so,a]</seg>
388	<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
389	</seglistitem>
390	</segmentedlist>
391
392	<variablelist>
393	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
394	<?dbfo list-presentation="list"?>
395	<?dbhtml list-presentation="table"?>
396
397	<varlistentry id="compile_et">
398	<term><command>compile_et</command></term>
399	<listitem>
400	<para>converts the table listing error-code names into a
401	C source file.</para>
402	<indexterm zone="mitkrb compile_et">
403	<primary sortas="b-compile_et">compile_et</primary>
404	</indexterm>
405	</listitem>
406	</varlistentry>
407
408	<varlistentry id="ftp-mitkrb">
409	<term><command>ftp</command></term>
410	<listitem>
411	<para>is a kerberized FTP client.</para>
412	<indexterm zone="mitkrb ftp">
413	<primary sortas="b-ftp">ftp</primary>
414	</indexterm>
415	</listitem>
416	</varlistentry>
417
418	<varlistentry id="ftpd-mitkrb">
419	<term><command>ftpd</command></term>
420	<listitem>
421	<para>is a kerberized FTP daemon.</para>
422	<indexterm zone="mitkrb ftpd">
423	<primary sortas="b-ftpd">ftpd</primary>
424	</indexterm>
425	</listitem>
426	</varlistentry>
427
428	<varlistentry id="k5srvutil">
429	<term><command>k5srvutil</command></term>
430	<listitem>
431	<para>is a host keytable manipulation utility.</para>
432	<indexterm zone="mitkrb k5srvutil">
433	<primary sortas="b-k5srvutil">k5srvutil</primary>
434	</indexterm>
435	</listitem>
436	</varlistentry>
437
438	<varlistentry id="kadmin-mitkrb">
439	<term><command>kadmin</command></term>
440	<listitem>
441	<para>is an utility used to make modifications
442	to the Kerberos database.</para>
443	<indexterm zone="mitkrb kadmin-mitkrb">
444	<primary sortas="b-kadmin">kadmin</primary>
445	</indexterm>
446	</listitem>
447	</varlistentry>
448
449	<varlistentry id="kadmind-mitkrb">
450	<term><command>kadmind</command></term>
451	<listitem>
452	<para>is a server for administrative access
453	to a Kerberos database.</para>
454	<indexterm zone="mitkrb kadmind-mitkrb">
455	<primary sortas="b-kadmind">kadmind</primary>
456	</indexterm>
457	</listitem>
458	</varlistentry>
459
460	<varlistentry id="kdb5_util">
461	<term><command>kdb5_util</command></term>
462	<listitem>
463	<para>is the KDC database utility.</para>
464	<indexterm zone="mitkrb kdb5_util">
465	<primary sortas="b-kdb5_util">kdb5_util</primary>
466	</indexterm>
467	</listitem>
468	</varlistentry>
469
470	<varlistentry id="kdestroy-mitkrb">
471	<term><command>kdestroy</command></term>
472	<listitem>
473	<para>removes the current set of tickets.</para>
474	<indexterm zone="mitkrb kdestroy-mitkrb">
475	<primary sortas="b-kdestroy">kdestroy</primary>
476	</indexterm>
477	</listitem>
478	</varlistentry>
479
480	<varlistentry id="kinit-mitkrb">
481	<term><command>kinit</command></term>
482	<listitem>
483	<para>is used to authenticate to the Kerberos server as a
484	principal and acquire a ticket granting ticket that can
485	later be used to obtain tickets for other services.</para>
486	<indexterm zone="mitkrb kinit-mitkrb">
487	<primary sortas="b-kinit">kinit</primary>
488	</indexterm>
489	</listitem>
490	</varlistentry>
491
492	<varlistentry id="klist-mitkrb">
493	<term><command>klist</command></term>
494	<listitem>
495	<para>reads and displays the current tickets in
496	the credential cache.</para>
497	<indexterm zone="mitkrb klist-mitkrb">
498	<primary sortas="b-klist">klist</primary>
499	</indexterm>
500	</listitem>
501	</varlistentry>
502
503	<varlistentry id="klogind">
504	<term><command>klogind</command></term>
505	<listitem>
506	<para>is the server that responds to <command>rlogin</command>
507	requests.</para>
508	<indexterm zone="mitkrb klogind">
509	<primary sortas="b-klogind">klogind</primary>
510	</indexterm>
511	</listitem>
512	</varlistentry>
513
514	<varlistentry id="kpasswd-mitkrb">
515	<term><command>kpasswd</command></term>
516	<listitem>
517	<para>is a program for changing Kerberos 5 passwords.</para>
518	<indexterm zone="mitkrb kpasswd-mitkrb">
519	<primary sortas="b-kpasswd">kpasswd</primary>
520	</indexterm>
521	</listitem>
522	</varlistentry>
523
524	<varlistentry id="kprop">
525	<term><command>kprop</command></term>
526	<listitem>
527	<para>takes a principal database in a specified format and
528	converts it into a stream of database records.</para>
529	<indexterm zone="mitkrb kprop">
530	<primary sortas="b-kprop">kprop</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="kpropd">
536	<term><command>kpropd</command></term>
537	<listitem>
538	<para>receives a database sent by <command>kprop</command>
539	and writes it as a local database.</para>
540	<indexterm zone="mitkrb kpropd">
541	<primary sortas="b-kpropd">kpropd</primary>
542	</indexterm>
543	</listitem>
544	</varlistentry>
545
546	<varlistentry id="krb5-config-1">
547	<term><command>krb5-config</command></term>
548	<listitem>
549	<para>gives information on how to link programs against
550	libraries.</para>
551	<indexterm zone="mitkrb krb5-config-prog">
552	<primary sortas="b-krb5-config-1">krb5-config</primary>
553	</indexterm>
554	</listitem>
555	</varlistentry>
556
557	<varlistentry id="krb5kdc">
558	<term><command>krb5kdc</command></term>
559	<listitem>
560	<para>is a Kerberos 5 server.</para>
561	<indexterm zone="mitkrb krb5kdc">
562	<primary sortas="b-krb5kdc">krb5kdc</primary>
563	</indexterm>
564	</listitem>
565	</varlistentry>
566
567	<varlistentry id="kshd">
568	<term><command>kshd</command></term>
569	<listitem>
570	<para>is the server that responds to <command>rsh</command>
571	requests.</para>
572	<indexterm zone="mitkrb kshd">
573	<primary sortas="b-kshd">kshd</primary>
574	</indexterm>
575	</listitem>
576	</varlistentry>
577
578	<varlistentry id="ksu">
579	<term><command>ksu</command></term>
580	<listitem>
581	<para>is the super user program using Kerberos protocol.
582	Requires a properly configured
583	<filename class="directory">/etc/shells</filename> and
584	<filename>~/.k5login</filename> containing principals
585	authorized to become super users.</para>
586	<indexterm zone="mitkrb ksu">
587	<primary sortas="b-ksu">ksu</primary>
588	</indexterm>
589	</listitem>
590	</varlistentry>
591
592	<varlistentry id="ktutil-mitkrb">
593	<term><command>ktutil</command></term>
594	<listitem>
595	<para>is a program for managing Kerberos keytabs.</para>
596	<indexterm zone="mitkrb ktutil-mitkrb">
597	<primary sortas="b-ktutil">ktutil</primary>
598	</indexterm>
599	</listitem>
600	</varlistentry>
601
602	<varlistentry id="kvno">
603	<term><command>kvno</command></term>
604	<listitem>
605	<para>prints keyversion numbers of Kerberos principals.</para>
606	<indexterm zone="mitkrb kvno">
607	<primary sortas="b-kvno">kvno</primary>
608	</indexterm>
609	</listitem>
610	</varlistentry>
611
612	<varlistentry id="login.krb5">
613	<term><command>login.krb5</command></term>
614	<listitem>
615	<para>is a kerberized login program.</para>
616	<indexterm zone="mitkrb login">
617	<primary sortas="b-login.krb5">login.krb5</primary>
618	</indexterm>
619	</listitem>
620	</varlistentry>
621
622	<varlistentry id="rcp-mitkrb">
623	<term><command>rcp</command></term>
624	<listitem>
625	<para>is a kerberized rcp client program.</para>
626	<indexterm zone="mitkrb rcp">
627	<primary sortas="b-rcp">rcp</primary>
628	</indexterm>
629	</listitem>
630	</varlistentry>
631
632	<varlistentry id="rlogin">
633	<term><command>rlogin</command></term>
634	<listitem>
635	<para>is a kerberized rlogin client program.</para>
636	<indexterm zone="mitkrb rlogin">
637	<primary sortas="b-rlogin">rlogin</primary>
638	</indexterm>
639	</listitem>
640	</varlistentry>
641
642	<varlistentry id="rsh-mitkrb">
643	<term><command>rsh</command></term>
644	<listitem>
645	<para>is a kerberized rsh client program.</para>
646	<indexterm zone="mitkrb rsh">
647	<primary sortas="b-rsh">rsh</primary>
648	</indexterm>
649	</listitem>
650	</varlistentry>
651
652	<varlistentry id="telnet-mitkrb">
653	<term><command>telnet</command></term>
654	<listitem>
655	<para>is a kerberized telnet client program.</para>
656	<indexterm zone="mitkrb telnet">
657	<primary sortas="b-telnet">telnet</primary>
658	</indexterm>
659	</listitem>
660	</varlistentry>
661
662	<varlistentry id="telnetd-mitkrb">
663	<term><command>telnetd</command></term>
664	<listitem>
665	<para>is a kerberized telnet server.</para>
666	<indexterm zone="mitkrb telnetd">
667	<primary sortas="b-telnetd">telnetd</primary>
668	</indexterm>
669	</listitem>
670	</varlistentry>
671
672	<varlistentry id="libcom_err">
673	<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
674	<listitem>
675	<para>implements the Kerberos library error code.</para>
676	<indexterm zone="mitkrb libcom_err">
677	<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
678	</indexterm>
679	</listitem>
680	</varlistentry>
681
682	<varlistentry id="libgssapi-mitkrb">
683	<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
684	<listitem>
685	<para>contain the Generic Security Service Application
686	Programming Interface (GSSAPI) functions which provides security
687	services to callers in a generic fashion, supportable with a range of
688	underlying mechanisms and technologies and hence allowing source-level
689	portability of applications to different environments.</para>
690	<indexterm zone="mitkrb libgssapi">
691	<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
692	</indexterm>
693	</listitem>
694	</varlistentry>
695
696	<varlistentry id="libkadm5clnt-mitkrb">
697	<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
698	<listitem>
699	<para>contains the administrative authentication and password
700	checking functions required by Kerberos 5 client-side programs.</para>
701	<indexterm zone="mitkrb libkadm5clnt">
702	<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
703	</indexterm>
704	</listitem>
705	</varlistentry>
706
707	<varlistentry id="libkadm5srv-mitkrb">
708	<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
709	<listitem>
710	<para>contain the administrative authentication and password
711	checking functions required by Kerberos 5 servers.</para>
712	<indexterm zone="mitkrb libkadm5srv">
713	<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
714	</indexterm>
715	</listitem>
716	</varlistentry>
717
718	<varlistentry id="libkdb5">
719	<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
720	<listitem>
721	<para>is a Kerberos 5 authentication/authorization database
722	access library.</para>
723	<indexterm zone="mitkrb libkdb5">
724	<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="libkrb5-mitkrb">
730	<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
731	<listitem>
732	<para>is an all-purpose Kerberos 5 library.</para>
733	<indexterm zone="mitkrb libkrb5">
734	<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
735	</indexterm>
736	</listitem>
737	</varlistentry>
738
739	</variablelist>
740
741	</sect2>
742
743	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 1363324e

Download in other formats: