source: postlfs/security/mitkrb.xml@ 28370fe

10.0 10.1 11.0 7.10 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus nosym perl-modules qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 28370fe was 28370fe, checked in by Fernando de Oliveira <fernando@…>, 6 years ago
  • More short descriptions from Denis Mugnier.
  • Fix main menu display problem for LXQT from hykwok1.
  • fontforge-20150824: --enable-debug requires libspiro.
  • Update to firefox-40.0.3.
  • Update to libreoffice-5.0.1.
  • Update to NetworkManager-1.0.6 and network-manager-applet-1.0.6.
  • Update to unrar-5.3.3.
  • Update to NSPR-4.10.9.
  • Update to libassuan-2.3.0.
  • Update to xterm-320.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16363 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 31.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "f7ebfa6c99c10b16979ebf9a98343189">
10 <!ENTITY mitkrb-size "12 MB">
11 <!ENTITY mitkrb-buildsize "142 MB (Additional 28 MB for the testsuite)">
12 <!ENTITY mitkrb-time "0.9 SBU (additional 5.0 SBU for the testsuite)">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para>
33 <application>MIT Kerberos V5</application> is a free implementation
34 of Kerberos 5. Kerberos is a network authentication protocol. It
35 centralizes the authentication database and uses kerberized
36 applications to work with servers or services that support Kerberos
37 allowing single logins and encrypted communication over internal
38 networks or the Internet.
39 </para>
40
41 &lfs77_checked; &gcc5_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &mitkrb-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &mitkrb-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &mitkrb-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &mitkrb-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <xref linkend="dejagnu"/> (for full test coverage),
82 <xref linkend="gnupg2"/> (to authenticate the package),
83 <xref linkend="keyutils"/>,
84 <xref linkend="openldap"/>,
85 <xref linkend="python2"/> (used during the testsuite) and
86 <xref linkend="rpcbind"/> (used during the testsuite)
87 </para>
88
89 <note>
90 <para>
91 Some sort of time synchronization facility on your system (like
92 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
93 if there is a time difference between a kerberized client and the
94 KDC server.
95 </para>
96 </note>
97
98 <para condition="html" role="usernotes">User Notes:
99 <ulink url="&blfs-wiki;/mitkrb"/>
100 </para>
101 </sect2>
102
103 <sect2 role="installation">
104 <title>Installation of MIT Kerberos V5</title>
105
106 <para>
107 <application>MIT Kerberos V5</application> is distributed in a
108 TAR file containing a compressed TAR package and a detached PGP-2
109 <filename class="extension">ASC</filename> file. You'll need to unpack
110 the distribution tar file, then unpack the compressed tar file before
111 starting the build.
112 </para>
113
114 <para>
115 After unpacking the distribution tarball and if you have
116 <xref linkend="gnupg2"/> installed, you can
117 authenticate the package. First, check the contents of the file
118 <filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
119 </para>
120
121<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
122
123 <para>You will probably see output similar to:</para>
124
125<screen><literal>gpg: Signature made Fri May 8 23:40:13 2015 utc using RSA key ID 0055C305
126gpg: Can't check signature: No public key</literal></screen>
127
128 <para>
129 You can import the public key with:
130 </para>
131
132<screen><userinput>gpg2 --keyserver pgp.mit.edu --recv-keys 0055C305</userinput></screen>
133
134 <para>
135 Now re-verify the package with the first command above. You should get a
136 indication of a good signature, but the key will still not be certified
137 with a trusted signature. Trusting the downloaded key is a separate
138 operation but it is up to you to determine the level of trust.
139 </para>
140
141 <para>
142 Build <application>MIT Kerberos V5</application> by running the
143 following commands:
144 </para>
145
146<screen><userinput>cd src &amp;&amp;
147sed -e "s@python2.5/Python.h@&amp; python2.7/Python.h@g" \
148 -e "s@-lpython2.5]@&amp;,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
149 -i configure.in &amp;&amp;
150sed -e 's@\^u}@^u cols 300}@' \
151 -i tests/dejagnu/config/default.exp &amp;&amp;
152autoconf &amp;&amp;
153./configure --prefix=/usr \
154 --sysconfdir=/etc \
155 --localstatedir=/var/lib \
156 --with-system-et \
157 --with-system-ss \
158 --with-system-verto=no \
159 --enable-dns-for-realm &amp;&amp;
160make</userinput></screen>
161
162 <para>
163 To test the build, issue: <command>make check</command>. You need at
164 least <xref linkend="tcl"/>, which is used to drive the testsuite.
165 Furthermore, <xref linkend="dejagnu"/> must be available for some
166 of the tests to run. If you have a former version of MIT Kerberos V5
167 installed, it may happen that the test suite pick up the installed
168 versions of the libraries, rather than the newly built ones. If so,
169 it is better to run the tests after the installation.
170 </para>
171
172 <para>
173 Now, as the <systemitem class="username">root</systemitem> user:
174 </para>
175
176<screen role="root"><userinput>make install &amp;&amp;
177
178for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
179 kdb5 kdb_ldap krad krb5 krb5support verto ; do
180 chmod -v 755 /usr/lib/lib$LIBRARY.so
181done &amp;&amp;
182unset LIBRARY &amp;&amp;
183
184mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
185mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
186mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
187
188ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
189ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
190ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &amp;&amp;
191
192mv -v /usr/bin/ksu /bin &amp;&amp;
193chmod -v 755 /bin/ksu &amp;&amp;
194
195install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
196cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
197
198
199 </sect2>
200
201 <sect2 role="commands">
202 <title>Command Explanations</title>
203
204 <para>
205 <command>sed -e ...</command>: The first <command>sed</command> fixes
206 <application>Python</application> detection. The second one increases
207 the width of the virtual terminal used for some tests, to prevent
208 some spurious characters to be echoed, which is taken as a failure.
209 </para>
210
211 <para>
212 <parameter>--localstatedir=/var/lib</parameter>: This parameter is
213 used so that the Kerberos variable run-time data is located in
214 <filename class="directory">/var/lib</filename> instead of
215 <filename class="directory">/usr/var</filename>.
216 </para>
217
218 <para>
219 <parameter>--with-system-et</parameter>: This switch causes the build
220 to use the system-installed versions of the error-table support
221 software.
222 </para>
223
224 <para>
225 <parameter>--with-system-ss</parameter>: This switch causes the build
226 to use the system-installed versions of the subsystem command-line
227 interface software.
228 </para>
229
230 <para>
231 <parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
232 the package: it does not recognize its own verto library installed
233 previously. This is not a problem, if reinstalling the same version,
234 but if you are updating, the old library is used as system's one,
235 instead of installing the new version.
236 </para>
237
238 <para>
239 <parameter>--enable-dns-for-realm</parameter>: This switch allows
240 realms to be resolved using the DNS server.
241 </para>
242
243 <para>
244 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
245 <command>ksu</command> program to the
246 <filename class="directory">/bin</filename> directory so that it is
247 available when the <filename class="directory">/usr</filename>
248 filesystem is not mounted.
249 </para>
250
251 <para>
252 <option>--with-ldap</option>: Use this switch if you want to compile
253 <application>OpenLDAP</application> database backend module.
254 </para>
255
256 </sect2>
257
258 <sect2 role="configuration">
259 <title>Configuring MIT Kerberos V5</title>
260
261 <sect3 id="krb5-config">
262 <title>Config Files</title>
263
264 <para>
265 <filename>/etc/krb5.conf</filename> and
266 <filename>/var/lib/krb5kdc/kdc.conf</filename>
267 </para>
268
269 <indexterm zone="mitkrb krb5-config">
270 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
271 </indexterm>
272
273 <indexterm zone="mitkrb krb5-config">
274 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
275 </indexterm>
276
277 </sect3>
278
279 <sect3>
280 <title>Configuration Information</title>
281
282 <sect4>
283 <title>Kerberos Configuration</title>
284
285 <tip>
286 <para>
287 You should consider installing some sort of password checking
288 dictionary so that you can configure the installation to only
289 accept strong passwords. A suitable dictionary to use is shown in
290 the <xref linkend="cracklib"/> instructions. Note that only one
291 file can be used, but you can concatenate many files into one. The
292 configuration file shown below assumes you have installed a
293 dictionary to <filename>/usr/share/dict/words</filename>.
294 </para>
295 </tip>
296
297 <para>
298 Create the Kerberos configuration file with the following
299 commands issued by the <systemitem class="username">root</systemitem>
300 user:
301 </para>
302
303<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
304<literal># Begin /etc/krb5.conf
305
306[libdefaults]
307 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
308 encrypt = true
309
310[realms]
311 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
312 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
313 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
314 dict_file = /usr/share/dict/words
315 }
316
317[domain_realm]
318 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
319
320[logging]
321 kdc = SYSLOG[:INFO[:AUTH]]
322 admin_server = SYSLOG[INFO[:AUTH]]
323 default = SYSLOG[[:SYS]]
324
325# End /etc/krb5.conf</literal>
326EOF</userinput></screen>
327
328 <para>
329 You will need to substitute your domain and proper hostname for the
330 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
331 <replaceable>&lt;lfs.org&gt;</replaceable> names.
332 </para>
333
334 <para>
335 <option>default_realm</option> should be the name of your
336 domain changed to ALL CAPS. This isn't required, but both
337 <application>Heimdal</application> and MIT recommend it.
338 </para>
339
340 <para>
341 <option>encrypt = true</option> provides encryption of all traffic
342 between kerberized clients and servers. It's not necessary and can
343 be left off. If you leave it off, you can encrypt all traffic from
344 the client to the server using a switch on the client program
345 instead.
346 </para>
347
348 <para>
349 The <option>[realms]</option> parameters tell the client programs
350 where to look for the KDC authentication services.
351 </para>
352
353 <para>
354 The <option>[domain_realm]</option> section maps a domain to a realm.
355 </para>
356
357 <para>
358 Create the KDC database:
359 </para>
360
361<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
362
363 <para>
364 Now you should populate the database with principals
365 (users). For now, just use your regular login name or
366 <systemitem class="username">root</systemitem>.
367 </para>
368
369<screen role="root"><userinput>kadmin.local
370<prompt>kadmin.local:</prompt> add_policy dict-only
371<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
372
373 <para>
374 The KDC server and any machine running kerberized
375 server daemons must have a host key installed:
376 </para>
377
378<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
379
380 <para>
381 After choosing the defaults when prompted, you will have to
382 export the data to a keytab file:
383 </para>
384
385<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
386
387 <para>
388 This should have created a file in
389 <filename class="directory">/etc</filename> named
390 <filename>krb5.keytab</filename> (Kerberos 5). This file should
391 have 600 (<systemitem class="username">root</systemitem> rw only)
392 permissions. Keeping the keytab files from public access is crucial
393 to the overall security of the Kerberos installation.
394 </para>
395
396 <para>
397 Exit the <command>kadmin</command> program (use
398 <command>quit</command> or <command>exit</command>) and return
399 back to the shell prompt. Start the KDC daemon manually, just to
400 test out the installation:
401 </para>
402
403<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
404
405 <para>
406 Attempt to get a ticket with the following command:
407 </para>
408
409<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
410
411 <para>
412 You will be prompted for the password you created. After you
413 get your ticket, you can list it with the following command:
414 </para>
415
416<screen><userinput>klist</userinput></screen>
417
418 <para>
419 Information about the ticket should be displayed on the
420 screen.
421 </para>
422
423 <para>
424 To test the functionality of the keytab file, issue the
425 following command:
426 </para>
427
428<screen><userinput>ktutil
429<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
430<prompt>ktutil:</prompt> l</userinput></screen>
431
432 <para>
433 This should dump a list of the host principal, along with
434 the encryption methods used to access the principal.
435 </para>
436
437 <para>
438 At this point, if everything has been successful so far, you
439 can feel fairly confident in the installation and configuration of
440 the package.
441 </para>
442
443 </sect4>
444
445 <sect4>
446 <title>Additional Information</title>
447
448 <para>
449 For additional information consult the <ulink
450 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
451 documentation for krb5-&mitkrb-version;</ulink> on which the above
452 instructions are based.
453 </para>
454
455 </sect4>
456
457 </sect3>
458
459 <sect3 id="mitkrb-init">
460 <title>Init Script</title>
461
462 <para>
463 If you want to start <application>Kerberos</application> services
464 at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
465 script included in the <xref linkend="bootscripts"/> package using
466 the following command:
467 </para>
468
469 <indexterm zone="mitkrb mitkrb-init">
470 <primary sortas="f-krb5">krb5</primary>
471 </indexterm>
472
473<screen role="root"><userinput>make install-krb5</userinput></screen>
474
475 </sect3>
476
477 </sect2>
478
479 <sect2 role="content">
480
481 <title>Contents</title>
482 <para></para>
483
484 <segmentedlist>
485 <segtitle>Installed Programs</segtitle>
486 <segtitle>Installed Libraries</segtitle>
487 <segtitle>Installed Directories</segtitle>
488
489 <seglistitem>
490 <seg>
491 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
492 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
493 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
494 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
495 sserver, uuclient and uuserver
496 </seg>
497 <seg>
498 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
499 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
500 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
501 libverto.so, and some plugins under the /usr/lib/krb5 tree
502 </seg>
503 <seg>
504 /usr/include/{gssapi,gssrpc,kadm5,krb5},
505 /usr/lib/krb5,
506 /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5}, and
507 /var/lib/{,run}/krb5kdc
508 </seg>
509 </seglistitem>
510 </segmentedlist>
511
512 <variablelist>
513 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
514 <?dbfo list-presentation="list"?>
515 <?dbhtml list-presentation="table"?>
516
517 <varlistentry id="gss-client">
518 <term><command>gss-client</command></term>
519 <listitem>
520 <para>
521 is a GSSAPI test client.
522 </para>
523 <indexterm zone="mitkrb gss-client">
524 <primary sortas="b-gss-client">gss-client</primary>
525 </indexterm>
526 </listitem>
527 </varlistentry>
528
529 <varlistentry id="gss-server">
530 <term><command>gss-server</command></term>
531 <listitem>
532 <para>
533 is a GSSAPI test server.
534 </para>
535 <indexterm zone="mitkrb gss-server">
536 <primary sortas="b-gss-server">gss-server</primary>
537 </indexterm>
538 </listitem>
539 </varlistentry>
540
541 <varlistentry id="k5srvutil">
542 <term><command>k5srvutil</command></term>
543 <listitem>
544 <para>
545 is a host keytable manipulation utility.
546 </para>
547 <indexterm zone="mitkrb k5srvutil">
548 <primary sortas="b-k5srvutil">k5srvutil</primary>
549 </indexterm>
550 </listitem>
551 </varlistentry>
552
553 <varlistentry id="kadmin">
554 <term><command>kadmin</command></term>
555 <listitem>
556 <para>
557 is a utility used to make modifications
558 to the Kerberos database.
559 </para>
560 <indexterm zone="mitkrb kadmin">
561 <primary sortas="b-kadmin">kadmin</primary>
562 </indexterm>
563 </listitem>
564 </varlistentry>
565
566 <varlistentry id="kadmin.local">
567 <term><command>kadmin.local</command></term>
568 <listitem>
569 <para>
570 is a utility similar at <command>kadmin</command>, but if the
571 database is db2, the local client <command>kadmin.local</command>,
572 is intended to run directly on the master KDC without Kerberos
573 authentication.
574 </para>
575 <indexterm zone="mitkrb kadmin.local">
576 <primary sortas="b-kadmin.local">kadmin.local</primary>
577 </indexterm>
578 </listitem>
579 </varlistentry>
580
581 <varlistentry id="kadmind">
582 <term><command>kadmind</command></term>
583 <listitem>
584 <para>
585 is a server for administrative access
586 to a Kerberos database.
587 </para>
588 <indexterm zone="mitkrb kadmind">
589 <primary sortas="b-kadmind">kadmind</primary>
590 </indexterm>
591 </listitem>
592 </varlistentry>
593
594 <varlistentry id="kdb5_ldap_util">
595 <term><command>kdb5_ldap_util (optional)</command></term>
596 <listitem>
597 <para>
598 allows an administrator to manage realms, Kerberos services
599 and ticket policies.
600 </para>
601 <indexterm zone="mitkrb kdb5_ldap_util">
602 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
603 </indexterm>
604 </listitem>
605 </varlistentry>
606
607 <varlistentry id="kdb5_util">
608 <term><command>kdb5_util</command></term>
609 <listitem>
610 <para>
611 is the KDC database utility.
612 </para>
613 <indexterm zone="mitkrb kdb5_util">
614 <primary sortas="b-kdb5_util">kdb5_util</primary>
615 </indexterm>
616 </listitem>
617 </varlistentry>
618
619 <varlistentry id="kdestroy">
620 <term><command>kdestroy</command></term>
621 <listitem>
622 <para>
623 removes the current set of tickets.
624 </para>
625 <indexterm zone="mitkrb kdestroy">
626 <primary sortas="b-kdestroy">kdestroy</primary>
627 </indexterm>
628 </listitem>
629 </varlistentry>
630
631 <varlistentry id="kinit">
632 <term><command>kinit</command></term>
633 <listitem>
634 <para>
635 is used to authenticate to the Kerberos server as a
636 principal and acquire a ticket granting ticket that can
637 later be used to obtain tickets for other services.
638 </para>
639 <indexterm zone="mitkrb kinit">
640 <primary sortas="b-kinit">kinit</primary>
641 </indexterm>
642 </listitem>
643 </varlistentry>
644
645 <varlistentry id="klist">
646 <term><command>klist</command></term>
647 <listitem>
648 <para>
649 reads and displays the current tickets in
650 the credential cache.
651 </para>
652 <indexterm zone="mitkrb klist">
653 <primary sortas="b-klist">klist</primary>
654 </indexterm>
655 </listitem>
656 </varlistentry>
657
658 <varlistentry id="kpasswd">
659 <term><command>kpasswd</command></term>
660 <listitem>
661 <para>
662 is a program for changing Kerberos 5 passwords.
663 </para>
664 <indexterm zone="mitkrb kpasswd">
665 <primary sortas="b-kpasswd">kpasswd</primary>
666 </indexterm>
667 </listitem>
668 </varlistentry>
669
670 <varlistentry id="kprop">
671 <term><command>kprop</command></term>
672 <listitem>
673 <para>
674 takes a principal database in a specified format and
675 converts it into a stream of database records.
676 </para>
677 <indexterm zone="mitkrb kprop">
678 <primary sortas="b-kprop">kprop</primary>
679 </indexterm>
680 </listitem>
681 </varlistentry>
682
683 <varlistentry id="kpropd">
684 <term><command>kpropd</command></term>
685 <listitem>
686 <para>
687 receives a database sent by <command>kprop</command>
688 and writes it as a local database.
689 </para>
690 <indexterm zone="mitkrb kpropd">
691 <primary sortas="b-kpropd">kpropd</primary>
692 </indexterm>
693 </listitem>
694 </varlistentry>
695
696 <varlistentry id="kproplog">
697 <term><command>kproplog</command></term>
698 <listitem>
699 <para>
700 displays the contents of the KDC database update log to standard
701 output.
702 </para>
703 <indexterm zone="mitkrb kproplog">
704 <primary sortas="b-kproplog">kproplog</primary>
705 </indexterm>
706 </listitem>
707 </varlistentry>
708
709 <varlistentry id="krb5-config-prog2">
710 <term><command>krb5-config</command></term>
711 <listitem>
712 <para>
713 gives information on how to link programs against
714 libraries.
715 </para>
716 <indexterm zone="mitkrb krb5-config-prog2">
717 <primary sortas="b-krb5-config">krb5-config</primary>
718 </indexterm>
719 </listitem>
720 </varlistentry>
721
722 <varlistentry id="krb5kdc">
723 <term><command>krb5kdc</command></term>
724 <listitem>
725 <para>
726 is the <application>Kerberos 5</application> server.
727 </para>
728 <indexterm zone="mitkrb krb5kdc">
729 <primary sortas="b-krb5kdc">krb5kdc</primary>
730 </indexterm>
731 </listitem>
732 </varlistentry>
733
734 <varlistentry id="krb5-send-pr">
735 <term><command>krb5-send-pr</command></term>
736 <listitem>
737 <para>
738 send problem report (PR) to a central support site.
739 </para>
740 <indexterm zone="mitkrb krb5-send-pr">
741 <primary sortas="b-krb-send-pr">krb5-send-pr</primary>
742 </indexterm>
743 </listitem>
744 </varlistentry>
745
746 <varlistentry id="ksu">
747 <term><command>ksu</command></term>
748 <listitem>
749 <para>
750 is the super user program using Kerberos protocol.
751 Requires a properly configured
752 <filename>/etc/shells</filename> and
753 <filename>~/.k5login</filename> containing principals
754 authorized to become super users.
755 </para>
756 <indexterm zone="mitkrb ksu">
757 <primary sortas="b-ksu">ksu</primary>
758 </indexterm>
759 </listitem>
760 </varlistentry>
761
762 <varlistentry id="kswitch">
763 <term><command>kswitch</command></term>
764 <listitem>
765 <para>
766 makes the specified credential cache the
767 primary cache for the collection, if a cache
768 collection is available.
769 </para>
770 <indexterm zone="mitkrb kswitch">
771 <primary sortas="b-kswitch">kswitch</primary>
772 </indexterm>
773 </listitem>
774 </varlistentry>
775
776 <varlistentry id="ktutil">
777 <term><command>ktutil</command></term>
778 <listitem>
779 <para>
780 is a program for managing Kerberos keytabs.
781 </para>
782 <indexterm zone="mitkrb ktutil">
783 <primary sortas="b-ktutil">ktutil</primary>
784 </indexterm>
785 </listitem>
786 </varlistentry>
787
788 <varlistentry id="kvno">
789 <term><command>kvno</command></term>
790 <listitem>
791 <para>
792 prints keyversion numbers of Kerberos principals.
793 </para>
794 <indexterm zone="mitkrb kvno">
795 <primary sortas="b-kvno">kvno</primary>
796 </indexterm>
797 </listitem>
798 </varlistentry>
799
800 <varlistentry id="sclient">
801 <term><command>sclient</command></term>
802 <listitem>
803 <para>
804 used to contact a sample server and authenticate to it
805 using Kerberos 5 tickets, then display the server's
806 response.
807 </para>
808 <indexterm zone="mitkrb sclient">
809 <primary sortas="b-sclient">sclient</primary>
810 </indexterm>
811 </listitem>
812 </varlistentry>
813
814 <varlistentry id="sim_client">
815 <term><command>sim_client</command></term>
816 <listitem>
817 <para>
818 is a simple UDP-based sample client program, for
819 demonstration.
820 </para>
821 <indexterm zone="mitkrb sim_client">
822 <primary sortas="b-sim_client">sim_client</primary>
823 </indexterm>
824 </listitem>
825 </varlistentry>
826
827 <varlistentry id="sim_server">
828 <term><command>sim_server</command></term>
829 <listitem>
830 <para>
831 is a simple UDP-based server application, for
832 demonstration.
833 </para>
834 <indexterm zone="mitkrb sim_server">
835 <primary sortas="b-sim_server">sim_server</primary>
836 </indexterm>
837 </listitem>
838 </varlistentry>
839
840 <varlistentry id="sserver">
841 <term><command>sserver</command></term>
842 <listitem>
843 <para>
844 is the sample Kerberos 5 server.
845 </para>
846 <indexterm zone="mitkrb sserver">
847 <primary sortas="b-sserver">sserver</primary>
848 </indexterm>
849 </listitem>
850 </varlistentry>
851
852 <varlistentry id="uuclient">
853 <term><command>uuclient</command></term>
854 <listitem>
855 <para>
856 is an another sample client.
857 </para>
858 <indexterm zone="mitkrb uuclient">
859 <primary sortas="b-uuclient">uuclient</primary>
860 </indexterm>
861 </listitem>
862 </varlistentry>
863
864 <varlistentry id="uuserver">
865 <term><command>uuserver</command></term>
866 <listitem>
867 <para>
868 is an another sample server.
869 </para>
870 <indexterm zone="mitkrb uuserver">
871 <primary sortas="b-uuserver">uuserver</primary>
872 </indexterm>
873 </listitem>
874 </varlistentry>
875
876
877 <varlistentry id="libgssapi_krb5">
878 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
879 <listitem>
880 <para>
881 contain the Generic Security Service Application Programming
882 Interface (GSSAPI) functions which provides security services
883 to callers in a generic fashion, supportable with a range of
884 underlying mechanisms and technologies and hence allowing
885 source-level portability of applications to different
886 environments.
887 </para>
888 <indexterm zone="mitkrb libgssapi_krb5">
889 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
890 </indexterm>
891 </listitem>
892 </varlistentry>
893
894 <varlistentry id="libkadm5clnt">
895 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
896 <listitem>
897 <para>
898 contains the administrative authentication and password checking
899 functions required by Kerberos 5 client-side programs.
900 </para>
901 <indexterm zone="mitkrb libkadm5clnt">
902 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
903 </indexterm>
904 </listitem>
905 </varlistentry>
906
907 <varlistentry id="libkadm5srv">
908 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
909 <listitem>
910 <para>
911 contain the administrative authentication and password
912 checking functions required by Kerberos 5 servers.
913 </para>
914 <indexterm zone="mitkrb libkadm5srv">
915 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
916 </indexterm>
917 </listitem>
918 </varlistentry>
919
920 <varlistentry id="libkdb5">
921 <term><filename class="libraryfile">libkdb5.so</filename></term>
922 <listitem>
923 <para>
924 is a Kerberos 5 authentication/authorization database
925 access library.
926 </para>
927 <indexterm zone="mitkrb libkdb5">
928 <primary sortas="c-libkdb5">libkdb5.so</primary>
929 </indexterm>
930 </listitem>
931 </varlistentry>
932
933 <varlistentry id="libkrad">
934 <term><filename class="libraryfile">libkrad.so</filename></term>
935 <listitem>
936 <para>
937 contains the internal support library for RADIUS functionality.
938 </para>
939 <indexterm zone="mitkrb libkrad">
940 <primary sortas="c-libkrad">libkrad.so</primary>
941 </indexterm>
942 </listitem>
943 </varlistentry>
944
945 <varlistentry id="libkrb5">
946 <term><filename class="libraryfile">libkrb5.so</filename></term>
947 <listitem>
948 <para>
949 is an all-purpose <application>Kerberos 5</application> library.
950 </para>
951 <indexterm zone="mitkrb libkrb5">
952 <primary sortas="c-libkrb5">libkrb5.so</primary>
953 </indexterm>
954 </listitem>
955 </varlistentry>
956
957 </variablelist>
958
959 </sect2>
960
961</sect1>
Note: See TracBrowser for help on using the repository browser.