Context Navigation

mitkrb.xml@ 14e373f4

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 14e373f4 was 14e373f4, checked in by Larry Lawrence <larry@…>, 19 years ago

add warning to mitkrb5

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4920 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
10	<!ENTITY mitkrb-size "6.4 MB">
11	<!ENTITY mitkrb-buildsize "TBD MB">
12	<!ENTITY mitkrb-time "TBD SBU">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Krb5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Krb5</title>
31
32	<para><application>MIT krb5</application> is a free implementation of
33	Kerberos 5. Kerberos is a network authentication protocol. It
34	centralizes the authentication database and uses kerberized
35	applications to work with servers or services that support Kerberos
36	allowing single logins and encrypted communication over internal
37	networks or the Internet.</para>
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
43	</listitem>
44	<listitem>
45	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
46	</listitem>
47	<listitem>
48	<para>Download MD5 sum: &mitkrb-md5sum;</para>
49	</listitem>
50	<listitem>
51	<para>Download size: &mitkrb-size;</para>
52	</listitem>
53	<listitem>
54	<para>Estimated disk space required: &mitkrb-buildsize;</para>
55	</listitem>
56	<listitem>
57	<para>Estimated build time: &mitkrb-time;</para>
58	</listitem>
59	</itemizedlist>
60
61	<bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
62
63	<bridgehead renderas="sect4">Optional</bridgehead>
64	<para><xref linkend="xinetd"/> (services servers only),
65	<xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
66	<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
67	password database)</para>
68
69	<note>
70	<para>Some sort of time synchronization facility on your system (like
71	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
72	there is a time difference between a kerberized client and the
73	KDC server.</para>
74	</note>
75
76	</sect2>
77
78	<sect2 role="installation">
79	<title>Installation of MIT Krb5</title>
80
81
82	<!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
83	the BLFS Editors. Until this section is updated, the Editors reccomend
84	using <xref linkend='heimdal'/> to implement the functionality of this
85	package.</para></note> -->
86
87
88	<para><application>MIT krb5</application> is distributed in a
89	TAR file containing a compressed TAR package and a detached PGP
90	<filename class="extension">ASC</filename> file.</para>
91
92	<para>If you have installed <xref linkend="gnupg"/>, you can
93	authenticate the package with the following command:</para>
94
95	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
96
97	<para>Build <application>MIT krb5</application> by running the
98	following commands:</para>
99
100	<screen><userinput>cd src &&
101	./configure --prefix=/usr --sysconfdir=/etc \
102	--localstatedir=/var/lib --enable-dns \
103	--enable-static --mandir=/usr/share/man &&
104	make</userinput></screen>
105
106	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
107
108	<screen role="root"><userinput>make install &&
109	mv -v /usr/bin/ksu /bin &&
110	mv -v /usr/lib/libkrb5.so.3* /lib &&
111	mv -v /usr/lib/libkrb4.so.2* /lib &&
112	mv -v /usr/lib/libdes425.so.3* /lib &&
113	mv -v /usr/lib/libk5crypto.so.3* /lib &&
114	mv -v /usr/lib/libcom_err.so.3* /lib &&
115	ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
116	ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
117	ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
118	ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
119	ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
120	ldconfig</userinput></screen>
121
122	<warning><command>login.krb5</command> does not support
123	<application>shadow</application> passwords. As a result, when the
124	kerberos server is unavailable, the default fall through to
125	<filename>/etc/password</filename> will <bold>not</bold> work because
126	the passwords have been moved to <filename>/etc/shadow</filename> during
127	the <acronym>LFS</acronym> build process. Entering the following
128	commands without moving the passwords back to
129	<filename>/etc/password</filename> could prevent <bold>any</bold> logins.
130	</warning>
131
132	<para>If <application>Linux-Pam</application> is not installed and
133	you understand the above warning, the following can be entered as the
134	<systemitem class="username">root</systemitem> user:</para>
135
136	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
137	cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
138
139	<para>If <application>CrackLib</application> is installed, or if any
140	word list has been put in
141	<filename class='directory'>/usr/share/dict</filename>, the following
142	should be entered as the <systemitem class="username">root</systemitem>
143	user:</para>
144
145	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
146
147	</sect2>
148
149	<sect2 role="commands">
150	<title>Command Explanations</title>
151
152	<para><parameter>--enable-dns</parameter>: This switch allows
153	realms to be resolved using the DNS server.</para>
154
155	<para><parameter>--enable-static</parameter>: This switch builds static
156	libraries in addition to the shared libraries.</para>
157
158	<para><command>mv -v /bin/login /bin/login.shadow &&
159	cp -v /usr/sbin/login.krb5 /bin/login &&
160	mv -v /usr/bin/ksu /bin</command>: Preserves
161	<application>Shadow</application>'s <command>login</command>
162	command, moves <command>ksu</command> and <command>login</command> to
163	the <filename class="directory">/bin</filename> directory.</para>
164
165	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
166	The <command>login</command> and <command>ksu</command> programs
167	are linked against these libraries, therefore these libraries are moved
168	to <filename class="directory">/lib</filename> to allow logins without
169	mounting <filename class="directory">/usr</filename>.</para>
170
171	</sect2>
172
173	<sect2 role="configuration">
174	<title>Configuring MIT Krb5</title>
175
176	<sect3 id="krb5-config">
177	<title>Config Files</title>
178
179	<para><filename>/etc/krb5.conf</filename> and
180	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
181
182	<indexterm zone="mitkrb krb5-config">
183	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
184	</indexterm>
185
186	<indexterm zone="mitkrb krb5-config">
187	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
188	</indexterm>
189
190	</sect3>
191
192	<sect3>
193	<title>Configuration Information</title>
194
195	<sect4>
196	<title>Kerberos Configuration</title>
197
198	<para>Create the Kerberos configuration file with the following
199	command:</para>
200
201	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
202	<literal># Begin /etc/krb5.conf
203
204	[libdefaults]
205	default_realm = <replaceable>[LFS.ORG]</replaceable>
206	encrypt = true
207
208	[realms]
209	<replaceable>[LFS.ORG]</replaceable> = {
210	kdc = <replaceable>[belgarath.lfs.org]</replaceable>
211	admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
212	}
213
214	[domain_realm]
215	.<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
216
217	[logging]
218	kdc = SYSLOG[:INFO[:AUTH]]
219	admin_server = SYSLOG[INFO[:AUTH]]
220	default = SYSLOG[[:SYS]]
221
222	# End /etc/krb5.conf</literal>
223	EOF</userinput></screen>
224
225	<para>You will need to substitute your domain and proper hostname
226	for the occurances of the <replaceable>[belgarath]</replaceable> and
227	<replaceable>[lfs.org]</replaceable> names.</para>
228
229	<para><option>default_realm</option> should be the name of your
230	domain changed to ALL CAPS. This isn't required, but both
231	<application>Heimdal</application> and MIT recommend it.</para>
232
233	<para><option>encrypt = true</option> provides encryption of all
234	traffic between kerberized clients and servers. It's not necessary
235	and can be left off. If you leave it off, you can encrypt all traffic
236	from the client to the server using a switch on the client program
237	instead.</para>
238
239	<para>The <option>[realms]</option> parameters tell the client
240	programs where to look for the KDC authentication services.</para>
241
242	<para>The <option>[domain_realm]</option> section maps a domain to
243	a realm.</para>
244
245	<para>Create the KDC database:</para>
246
247	<screen role="root"><userinput>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s</userinput></screen>
248
249	<para>Now you should populate the database with principles
250	(users). For now, just use your regular login name or
251	<systemitem class="username">root</systemitem>.</para>
252
253	<screen role="root"><userinput>kadmin.local
254	<prompt>kadmin:</prompt> add_policy dict-only
255	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>[loginname]</replaceable></userinput></screen>
256
257	<para>The KDC server and any machine running kerberized
258	server daemons must have a host key installed:</para>
259
260	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
261
262	<para>After choosing the defaults when prompted, you will have to
263	export the data to a keytab file:</para>
264
265	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
266
267	<para>This should have created a file in
268	<filename class="directory">/etc</filename> named
269	<filename>krb5.keytab</filename> (Kerberos 5). This file should
270	have 600 (<systemitem class="username">root</systemitem> rw only)
271	permissions. Keeping the keytab files from public access is crucial
272	to the overall security of the Kerberos installation.</para>
273
274	<para>Eventually, you'll want to add server daemon principles to the
275	database and extract them to the keytab file. You do this in the same
276	way you created the host principles. Below is an example:</para>
277
278	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable>
279	<prompt>kadmin:</prompt> ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
280
281	<para>Exit the <command>kadmin</command> program (use
282	<command>quit</command> or <command>exit</command>) and return
283	back to the shell prompt. Start the KDC daemon manually, just to
284	test out the installation:</para>
285
286	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
287
288	<para>Attempt to get a ticket with the following command:</para>
289
290	<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
291
292	<para>You will be prompted for the password you created. After you
293	get your ticket, you can list it with the following command:</para>
294
295	<screen><userinput>klist</userinput></screen>
296
297	<para>Information about the ticket should be displayed on the
298	screen.</para>
299
300	<para>To test the functionality of the keytab file, issue the
301	following command:</para>
302
303	<screen><userinput>ktutil
304	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
305	<prompt>ktutil:</prompt> l</userinput></screen>
306
307	<para>This should dump a list of the host principal, along with
308	the encryption methods used to access the principal.</para>
309
310	<para>At this point, if everything has been successful so far, you
311	can feel fairly confident in the installation and configuration of
312	the package.</para>
313
314	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
315	script included in the <xref linkend="intro-important-bootscripts"/>
316	package.</para>
317
318	<screen role="root"><userinput>make install-kerberos</userinput></screen>
319
320	</sect4>
321
322	<sect4>
323	<title>Using Kerberized Client Programs</title>
324
325	<para>To use the kerberized client programs (<command>telnet</command>,
326	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
327	<command>rlogin</command>), you first must get an authentication ticket.
328	Use the <command>kinit</command> program to get the ticket. After you've
329	acquired the ticket, you can use the kerberized programs to connect to
330	any kerberized server on the network. You will not be prompted for
331	authentication until your ticket expires (default is one day), unless
332	you specify a different user as a command line argument to the
333	program.</para>
334
335	<para>The kerberized programs will connect to non kerberized daemons,
336	warning you that authentication is not encrypted.</para>
337
338	</sect4>
339
340	<sect4>
341	<title>Using Kerberized Server Programs</title>
342
343	<para>Using kerberized server programs (<command>telnetd</command>,
344	<command>kpropd</command>, <command>klogind</command> and
345	<command>kshd</command>) requires two additional configuration steps.
346	First the <filename>/etc/services</filename> file must be updated to
347	include eklogin and krb5_prop. Second, the
348	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
349	must be modified for each server that will be activated, usually
350	replacing the server from <xref linkend="inetutils"/>.</para>
351
352	</sect4>
353
354	<sect4>
355	<title>Additional Information</title>
356
357	<para>For additional information consult <ulink
358	url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
359	Documentation for krb-&mitkrb-version;</ulink> on which the above
360	instructions are based.</para>
361
362	</sect4>
363
364	</sect3>
365
366	</sect2>
367
368	<sect2 role="content">
369	<title>Contents</title>
370	<para></para>
371
372	<segmentedlist>
373	<segtitle>Installed Programs</segtitle>
374	<segtitle>Installed Libraries</segtitle>
375	<segtitle>Installed Directories</segtitle>
376
377	<seglistitem>
378	<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
379	kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
380	klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
381	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
382	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
383	uuclient, uuserver, v5passwd, and v5passwdd</seg>
384	<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a],
385	libgssrpc.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a],
386	libkdb5.[so,a], libkrb5.[so,a], and libkrb4.[so,a]</seg>
387	<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
388	</seglistitem>
389	</segmentedlist>
390
391	<variablelist>
392	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
393	<?dbfo list-presentation="list"?>
394	<?dbhtml list-presentation="table"?>
395
396	<varlistentry id="compile_et">
397	<term><command>compile_et</command></term>
398	<listitem>
399	<para>converts the table listing error-code names into a
400	C source file.</para>
401	<indexterm zone="mitkrb compile_et">
402	<primary sortas="b-compile_et">compile_et</primary>
403	</indexterm>
404	</listitem>
405	</varlistentry>
406
407	<varlistentry id="ftp-mitkrb">
408	<term><command>ftp</command></term>
409	<listitem>
410	<para>is a kerberized FTP client.</para>
411	<indexterm zone="mitkrb ftp">
412	<primary sortas="b-ftp">ftp</primary>
413	</indexterm>
414	</listitem>
415	</varlistentry>
416
417	<varlistentry id="ftpd-mitkrb">
418	<term><command>ftpd</command></term>
419	<listitem>
420	<para>is a kerberized FTP daemon.</para>
421	<indexterm zone="mitkrb ftpd">
422	<primary sortas="b-ftpd">ftpd</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="k5srvutil">
428	<term><command>k5srvutil</command></term>
429	<listitem>
430	<para>is a host keytable manipulation utility.</para>
431	<indexterm zone="mitkrb k5srvutil">
432	<primary sortas="b-k5srvutil">k5srvutil</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="kadmin-mitkrb">
438	<term><command>kadmin</command></term>
439	<listitem>
440	<para>is an utility used to make modifications
441	to the Kerberos database.</para>
442	<indexterm zone="mitkrb kadmin-mitkrb">
443	<primary sortas="b-kadmin">kadmin</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="kadmind-mitkrb">
449	<term><command>kadmind</command></term>
450	<listitem>
451	<para>is a server for administrative access
452	to a Kerberos database.</para>
453	<indexterm zone="mitkrb kadmind-mitkrb">
454	<primary sortas="b-kadmind">kadmind</primary>
455	</indexterm>
456	</listitem>
457	</varlistentry>
458
459	<varlistentry id="kdb5_util">
460	<term><command>kdb5_util</command></term>
461	<listitem>
462	<para>is the KDC database utility.</para>
463	<indexterm zone="mitkrb kdb5_util">
464	<primary sortas="b-kdb5_util">kdb5_util</primary>
465	</indexterm>
466	</listitem>
467	</varlistentry>
468
469	<varlistentry id="kdestroy-mitkrb">
470	<term><command>kdestroy</command></term>
471	<listitem>
472	<para>removes the current set of tickets.</para>
473	<indexterm zone="mitkrb kdestroy-mitkrb">
474	<primary sortas="b-kdestroy">kdestroy</primary>
475	</indexterm>
476	</listitem>
477	</varlistentry>
478
479	<varlistentry id="kinit-mitkrb">
480	<term><command>kinit</command></term>
481	<listitem>
482	<para>is used to authenticate to the Kerberos server as a
483	principal and acquire a ticket granting ticket that can
484	later be used to obtain tickets for other services.</para>
485	<indexterm zone="mitkrb kinit-mitkrb">
486	<primary sortas="b-kinit">kinit</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="klist-mitkrb">
492	<term><command>klist</command></term>
493	<listitem>
494	<para>reads and displays the current tickets in
495	the credential cache.</para>
496	<indexterm zone="mitkrb klist-mitkrb">
497	<primary sortas="b-klist">klist</primary>
498	</indexterm>
499	</listitem>
500	</varlistentry>
501
502	<varlistentry id="klogind">
503	<term><command>klogind</command></term>
504	<listitem>
505	<para>is the server that responds to <command>rlogin</command>
506	requests.</para>
507	<indexterm zone="mitkrb klogind">
508	<primary sortas="b-klogind">klogind</primary>
509	</indexterm>
510	</listitem>
511	</varlistentry>
512
513	<varlistentry id="kpasswd-mitkrb">
514	<term><command>kpasswd</command></term>
515	<listitem>
516	<para>is a program for changing Kerberos 5 passwords.</para>
517	<indexterm zone="mitkrb kpasswd-mitkrb">
518	<primary sortas="b-kpasswd">kpasswd</primary>
519	</indexterm>
520	</listitem>
521	</varlistentry>
522
523	<varlistentry id="kprop">
524	<term><command>kprop</command></term>
525	<listitem>
526	<para>takes a principal database in a specified format and
527	converts it into a stream of database records.</para>
528	<indexterm zone="mitkrb kprop">
529	<primary sortas="b-kprop">kprop</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="kpropd">
535	<term><command>kpropd</command></term>
536	<listitem>
537	<para>receives a database sent by <command>kprop</command>
538	and writes it as a local database.</para>
539	<indexterm zone="mitkrb kpropd">
540	<primary sortas="b-kpropd">kpropd</primary>
541	</indexterm>
542	</listitem>
543	</varlistentry>
544
545	<varlistentry id="krb5-config-1">
546	<term><command>krb5-config</command></term>
547	<listitem>
548	<para>gives information on how to link programs against
549	libraries.</para>
550	<indexterm zone="mitkrb krb5-config-prog">
551	<primary sortas="b-krb5-config-1">krb5-config</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="krb5kdc">
557	<term><command>krb5kdc</command></term>
558	<listitem>
559	<para>is a Kerberos 5 server.</para>
560	<indexterm zone="mitkrb krb5kdc">
561	<primary sortas="b-krb5kdc">krb5kdc</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="kshd">
567	<term><command>kshd</command></term>
568	<listitem>
569	<para>is the server that responds to <command>rsh</command>
570	requests.</para>
571	<indexterm zone="mitkrb kshd">
572	<primary sortas="b-kshd">kshd</primary>
573	</indexterm>
574	</listitem>
575	</varlistentry>
576
577	<varlistentry id="ksu">
578	<term><command>ksu</command></term>
579	<listitem>
580	<para>is the super user program using Kerberos protocol.
581	Requires a properly configured
582	<filename class="directory">/etc/shells</filename> and
583	<filename>~/.k5login</filename> containing principals
584	authorized to become super users.</para>
585	<indexterm zone="mitkrb ksu">
586	<primary sortas="b-ksu">ksu</primary>
587	</indexterm>
588	</listitem>
589	</varlistentry>
590
591	<varlistentry id="ktutil-mitkrb">
592	<term><command>ktutil</command></term>
593	<listitem>
594	<para>is a program for managing Kerberos keytabs.</para>
595	<indexterm zone="mitkrb ktutil-mitkrb">
596	<primary sortas="b-ktutil">ktutil</primary>
597	</indexterm>
598	</listitem>
599	</varlistentry>
600
601	<varlistentry id="kvno">
602	<term><command>kvno</command></term>
603	<listitem>
604	<para>prints keyversion numbers of Kerberos principals.</para>
605	<indexterm zone="mitkrb kvno">
606	<primary sortas="b-kvno">kvno</primary>
607	</indexterm>
608	</listitem>
609	</varlistentry>
610
611	<varlistentry id="login.krb5">
612	<term><command>login.krb5</command></term>
613	<listitem>
614	<para>is a kerberized login program.</para>
615	<indexterm zone="mitkrb login">
616	<primary sortas="b-login.krb5">login.krb5</primary>
617	</indexterm>
618	</listitem>
619	</varlistentry>
620
621	<varlistentry id="rcp-mitkrb">
622	<term><command>rcp</command></term>
623	<listitem>
624	<para>is a kerberized rcp client program.</para>
625	<indexterm zone="mitkrb rcp">
626	<primary sortas="b-rcp">rcp</primary>
627	</indexterm>
628	</listitem>
629	</varlistentry>
630
631	<varlistentry id="rlogin">
632	<term><command>rlogin</command></term>
633	<listitem>
634	<para>is a kerberized rlogin client program.</para>
635	<indexterm zone="mitkrb rlogin">
636	<primary sortas="b-rlogin">rlogin</primary>
637	</indexterm>
638	</listitem>
639	</varlistentry>
640
641	<varlistentry id="rsh-mitkrb">
642	<term><command>rsh</command></term>
643	<listitem>
644	<para>is a kerberized rsh client program.</para>
645	<indexterm zone="mitkrb rsh">
646	<primary sortas="b-rsh">rsh</primary>
647	</indexterm>
648	</listitem>
649	</varlistentry>
650
651	<varlistentry id="telnet-mitkrb">
652	<term><command>telnet</command></term>
653	<listitem>
654	<para>is a kerberized telnet client program.</para>
655	<indexterm zone="mitkrb telnet">
656	<primary sortas="b-telnet">telnet</primary>
657	</indexterm>
658	</listitem>
659	</varlistentry>
660
661	<varlistentry id="telnetd-mitkrb">
662	<term><command>telnetd</command></term>
663	<listitem>
664	<para>is a kerberized telnet server.</para>
665	<indexterm zone="mitkrb telnetd">
666	<primary sortas="b-telnetd">telnetd</primary>
667	</indexterm>
668	</listitem>
669	</varlistentry>
670
671	<varlistentry id="libcom_err">
672	<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
673	<listitem>
674	<para>implements the Kerberos library error code.</para>
675	<indexterm zone="mitkrb libcom_err">
676	<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
677	</indexterm>
678	</listitem>
679	</varlistentry>
680
681	<varlistentry id="libgssapi-mitkrb">
682	<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
683	<listitem>
684	<para>contain the Generic Security Service Application
685	Programming Interface (GSSAPI) functions which provides security
686	services to callers in a generic fashion, supportable with a range of
687	underlying mechanisms and technologies and hence allowing source-level
688	portability of applications to different environments.</para>
689	<indexterm zone="mitkrb libgssapi">
690	<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
691	</indexterm>
692	</listitem>
693	</varlistentry>
694
695	<varlistentry id="libkadm5clnt-mitkrb">
696	<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
697	<listitem>
698	<para>contains the administrative authentication and password
699	checking functions required by Kerberos 5 client-side programs.</para>
700	<indexterm zone="mitkrb libkadm5clnt">
701	<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
702	</indexterm>
703	</listitem>
704	</varlistentry>
705
706	<varlistentry id="libkadm5srv-mitkrb">
707	<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
708	<listitem>
709	<para>contain the administrative authentication and password
710	checking functions required by Kerberos 5 servers.</para>
711	<indexterm zone="mitkrb libkadm5srv">
712	<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
713	</indexterm>
714	</listitem>
715	</varlistentry>
716
717	<varlistentry id="libkdb5">
718	<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
719	<listitem>
720	<para>is a Kerberos 5 authentication/authorization database
721	access library.</para>
722	<indexterm zone="mitkrb libkdb5">
723	<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
724	</indexterm>
725	</listitem>
726	</varlistentry>
727
728	<varlistentry id="libkrb5-mitkrb">
729	<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
730	<listitem>
731	<para>is an all-purpose Kerberos 5 library.</para>
732	<indexterm zone="mitkrb libkrb5">
733	<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
734	</indexterm>
735	</listitem>
736	</varlistentry>
737
738	</variablelist>
739
740	</sect2>
741
742	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 14e373f4

Download in other formats: