Context Navigation

mitkrb.xml@ 3597eb6

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 3597eb6 was 3597eb6, checked in by Randy McMurchy <randy@…>, 18 years ago

Added the 'User Notes' wiki link to each package page; changed all instances of .[so,a] to .{so,a} (brackets changed to braces); changed all replaceable tags to use angle brackets instead of square brackets to encapsulate the text - commit #7

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5835 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
10	<!ENTITY mitkrb-size "6.4 MB">
11	<!ENTITY mitkrb-buildsize "TBD MB">
12	<!ENTITY mitkrb-time "TBD SBU">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	<keywordset>
22	<keyword role="package">krb5-&mitkrb-version;-signed.tar</keyword>
23	<keyword role="ftpdir">krb5</keyword>
24	</keywordset>
25	</sect1info>
26
27	<title>MIT Krb5-&mitkrb-version;</title>
28
29	<indexterm zone="mitkrb">
30	<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
31	</indexterm>
32
33	<sect2 role="package">
34	<title>Introduction to MIT Krb5</title>
35
36	<para><application>MIT krb5</application> is a free implementation of
37	Kerberos 5. Kerberos is a network authentication protocol. It
38	centralizes the authentication database and uses kerberized
39	applications to work with servers or services that support Kerberos
40	allowing single logins and encrypted communication over internal
41	networks or the Internet.</para>
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
47	</listitem>
48	<listitem>
49	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
50	</listitem>
51	<listitem>
52	<para>Download MD5 sum: &mitkrb-md5sum;</para>
53	</listitem>
54	<listitem>
55	<para>Download size: &mitkrb-size;</para>
56	</listitem>
57	<listitem>
58	<para>Estimated disk space required: &mitkrb-buildsize;</para>
59	</listitem>
60	<listitem>
61	<para>Estimated build time: &mitkrb-time;</para>
62	</listitem>
63	</itemizedlist>
64
65	<bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
66
67	<bridgehead renderas="sect4">Optional</bridgehead>
68	<para role="optional"><xref linkend="xinetd"/> (services servers only),
69	<xref linkend="linux-pam"/> (for <command>xdm</command> based logins) and
70	<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
71	password database)</para>
72
73	<note>
74	<para>Some sort of time synchronization facility on your system (like
75	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
76	there is a time difference between a kerberized client and the
77	KDC server.</para>
78	</note>
79
80	<para condition="html" role="usernotes">User Notes:
81	<ulink url="&blfs-wiki;/mitkrb"/></para>
82
83	</sect2>
84
85	<sect2 role="installation">
86	<title>Installation of MIT Krb5</title>
87
88
89	<!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
90	the BLFS Editors. Until this section is updated, the Editors reccomend
91	using <xref linkend='heimdal'/> to implement the functionality of this
92	package.</para></note> -->
93
94
95	<para><application>MIT krb5</application> is distributed in a
96	TAR file containing a compressed TAR package and a detached PGP
97	<filename class="extension">ASC</filename> file.</para>
98
99	<para>If you have installed <xref linkend="gnupg"/>, you can
100	authenticate the package with the following command:</para>
101
102	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
103
104	<para>Build <application>MIT krb5</application> by running the
105	following commands:</para>
106
107	<screen><userinput>cd src &&
108	./configure --prefix=/usr --sysconfdir=/etc \
109	--localstatedir=/var/lib --enable-dns \
110	--enable-static --mandir=/usr/share/man &&
111	make</userinput></screen>
112
113	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115	<screen role="root"><userinput>make install &&
116	mv -v /usr/bin/ksu /bin &&
117	mv -v /usr/lib/libkrb5.so.3* /lib &&
118	mv -v /usr/lib/libkrb4.so.2* /lib &&
119	mv -v /usr/lib/libdes425.so.3* /lib &&
120	mv -v /usr/lib/libk5crypto.so.3* /lib &&
121	mv -v /usr/lib/libcom_err.so.3* /lib &&
122	ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
123	ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
124	ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
125	ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
126	ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
127	ldconfig</userinput></screen>
128
129	<warning>
130	<para><command>login.krb5</command> does not support
131	<application>shadow</application> passwords. As a result, when the
132	Kerberos server is unavailable, the default fall through to
133	<filename>/etc/password</filename> will not work because
134	the passwords have been moved to <filename>/etc/shadow</filename> during
135	the LFS build process. Entering the following
136	commands without moving the passwords back to
137	<filename>/etc/password</filename> could prevent any logins.</para>
138	</warning>
139
140	<para>If <application>Linux-Pam</application> is not installed and
141	you understand the above warning, the following can be entered as the
142	<systemitem class="username">root</systemitem> user:</para>
143
144	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
145	cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
146
147	<para>If <application>CrackLib</application> is installed, or if any
148	word list has been put in
149	<filename class='directory'>/usr/share/dict</filename>, the following
150	should be entered as the <systemitem class="username">root</systemitem>
151	user:</para>
152
153	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
154
155	</sect2>
156
157	<sect2 role="commands">
158	<title>Command Explanations</title>
159
160	<para><parameter>--enable-dns</parameter>: This switch allows
161	realms to be resolved using the DNS server.</para>
162
163	<para><parameter>--enable-static</parameter>: This switch builds static
164	libraries in addition to the shared libraries.</para>
165
166	<para><command>mv -v /bin/login /bin/login.shadow &&
167	cp -v /usr/sbin/login.krb5 /bin/login &&
168	mv -v /usr/bin/ksu /bin</command>: Preserves
169	<application>Shadow</application>'s <command>login</command>
170	command, moves <command>ksu</command> and <command>login</command> to
171	the <filename class="directory">/bin</filename> directory.</para>
172
173	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
174	The <command>login</command> and <command>ksu</command> programs
175	are linked against these libraries, therefore these libraries are moved
176	to <filename class="directory">/lib</filename> to allow logins without
177	mounting <filename class="directory">/usr</filename>.</para>
178
179	</sect2>
180
181	<sect2 role="configuration">
182	<title>Configuring MIT Krb5</title>
183
184	<sect3 id="krb5-config">
185	<title>Config Files</title>
186
187	<para><filename>/etc/krb5.conf</filename> and
188	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
189
190	<indexterm zone="mitkrb krb5-config">
191	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
192	</indexterm>
193
194	<indexterm zone="mitkrb krb5-config">
195	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
196	</indexterm>
197
198	</sect3>
199
200	<sect3>
201	<title>Configuration Information</title>
202
203	<sect4>
204	<title>Kerberos Configuration</title>
205
206	<para>Create the Kerberos configuration file with the following
207	command:</para>
208
209	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
210	<literal># Begin /etc/krb5.conf
211
212	[libdefaults]
213	default_realm = <replaceable><LFS.ORG></replaceable>
214	encrypt = true
215
216	[realms]
217	<replaceable><LFS.ORG></replaceable> = {
218	kdc = <replaceable><belgarath.lfs.org></replaceable>
219	admin_server = <replaceable><belgarath.lfs.org></replaceable>
220	}
221
222	[domain_realm]
223	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
224
225	[logging]
226	kdc = SYSLOG[:INFO[:AUTH]]
227	admin_server = SYSLOG[INFO[:AUTH]]
228	default = SYSLOG[[:SYS]]
229
230	# End /etc/krb5.conf</literal>
231	EOF</userinput></screen>
232
233	<para>You will need to substitute your domain and proper hostname
234	for the occurances of the <replaceable><belgarath></replaceable> and
235	<replaceable><lfs.org></replaceable> names.</para>
236
237	<para><option>default_realm</option> should be the name of your
238	domain changed to ALL CAPS. This isn't required, but both
239	<application>Heimdal</application> and MIT recommend it.</para>
240
241	<para><option>encrypt = true</option> provides encryption of all
242	traffic between kerberized clients and servers. It's not necessary
243	and can be left off. If you leave it off, you can encrypt all traffic
244	from the client to the server using a switch on the client program
245	instead.</para>
246
247	<para>The <option>[realms]</option> parameters tell the client
248	programs where to look for the KDC authentication services.</para>
249
250	<para>The <option>[domain_realm]</option> section maps a domain to
251	a realm.</para>
252
253	<para>Create the KDC database:</para>
254
255	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
256
257	<para>Now you should populate the database with principles
258	(users). For now, just use your regular login name or
259	<systemitem class="username">root</systemitem>.</para>
260
261	<screen role="root"><userinput>kadmin.local
262	<prompt>kadmin:</prompt> add_policy dict-only
263	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
264
265	<para>The KDC server and any machine running kerberized
266	server daemons must have a host key installed:</para>
267
268	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
269
270	<para>After choosing the defaults when prompted, you will have to
271	export the data to a keytab file:</para>
272
273	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
274
275	<para>This should have created a file in
276	<filename class="directory">/etc</filename> named
277	<filename>krb5.keytab</filename> (Kerberos 5). This file should
278	have 600 (<systemitem class="username">root</systemitem> rw only)
279	permissions. Keeping the keytab files from public access is crucial
280	to the overall security of the Kerberos installation.</para>
281
282	<para>Eventually, you'll want to add server daemon principles to the
283	database and extract them to the keytab file. You do this in the same
284	way you created the host principles. Below is an example:</para>
285
286	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable><belgarath.lfs.org></replaceable>
287	<prompt>kadmin:</prompt> ktadd ftp/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
288
289	<para>Exit the <command>kadmin</command> program (use
290	<command>quit</command> or <command>exit</command>) and return
291	back to the shell prompt. Start the KDC daemon manually, just to
292	test out the installation:</para>
293
294	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
295
296	<para>Attempt to get a ticket with the following command:</para>
297
298	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
299
300	<para>You will be prompted for the password you created. After you
301	get your ticket, you can list it with the following command:</para>
302
303	<screen><userinput>klist</userinput></screen>
304
305	<para>Information about the ticket should be displayed on the
306	screen.</para>
307
308	<para>To test the functionality of the keytab file, issue the
309	following command:</para>
310
311	<screen><userinput>ktutil
312	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
313	<prompt>ktutil:</prompt> l</userinput></screen>
314
315	<para>This should dump a list of the host principal, along with
316	the encryption methods used to access the principal.</para>
317
318	<para>At this point, if everything has been successful so far, you
319	can feel fairly confident in the installation and configuration of
320	the package.</para>
321
322	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
323	script included in the <xref linkend="bootscripts"/>
324	package.</para>
325
326	<screen role="root"><userinput>make install-kerberos</userinput></screen>
327
328	</sect4>
329
330	<sect4>
331	<title>Using Kerberized Client Programs</title>
332
333	<para>To use the kerberized client programs (<command>telnet</command>,
334	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
335	<command>rlogin</command>), you first must get an authentication ticket.
336	Use the <command>kinit</command> program to get the ticket. After you've
337	acquired the ticket, you can use the kerberized programs to connect to
338	any kerberized server on the network. You will not be prompted for
339	authentication until your ticket expires (default is one day), unless
340	you specify a different user as a command line argument to the
341	program.</para>
342
343	<para>The kerberized programs will connect to non kerberized daemons,
344	warning you that authentication is not encrypted.</para>
345
346	</sect4>
347
348	<sect4>
349	<title>Using Kerberized Server Programs</title>
350
351	<para>Using kerberized server programs (<command>telnetd</command>,
352	<command>kpropd</command>, <command>klogind</command> and
353	<command>kshd</command>) requires two additional configuration steps.
354	First the <filename>/etc/services</filename> file must be updated to
355	include eklogin and krb5_prop. Second, the
356	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
357	must be modified for each server that will be activated, usually
358	replacing the server from <xref linkend="inetutils"/>.</para>
359
360	</sect4>
361
362	<sect4>
363	<title>Additional Information</title>
364
365	<para>For additional information consult <ulink
366	url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
367	Documentation for krb-&mitkrb-version;</ulink> on which the above
368	instructions are based.</para>
369
370	</sect4>
371
372	</sect3>
373
374	</sect2>
375
376	<sect2 role="content">
377	<title>Contents</title>
378	<para></para>
379
380	<segmentedlist>
381	<segtitle>Installed Programs</segtitle>
382	<segtitle>Installed Libraries</segtitle>
383	<segtitle>Installed Directories</segtitle>
384
385	<seglistitem>
386	<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
387	kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
388	klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
389	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
390	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
391	uuclient, uuserver, v5passwd, and v5passwdd</seg>
392	<seg>libcom_err.{so,a}, libdes425.{so,a}, libgssapi.{so,a},
393	libgssrpc.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a},
394	libkdb5.{so,a}, libkrb5.{so,a}, and libkrb4.{so,a}</seg>
395	<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
396	</seglistitem>
397	</segmentedlist>
398
399	<variablelist>
400	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
401	<?dbfo list-presentation="list"?>
402	<?dbhtml list-presentation="table"?>
403
404	<varlistentry id="compile_et">
405	<term><command>compile_et</command></term>
406	<listitem>
407	<para>converts the table listing error-code names into a
408	C source file.</para>
409	<indexterm zone="mitkrb compile_et">
410	<primary sortas="b-compile_et">compile_et</primary>
411	</indexterm>
412	</listitem>
413	</varlistentry>
414
415	<varlistentry id="ftp-mitkrb">
416	<term><command>ftp</command></term>
417	<listitem>
418	<para>is a kerberized FTP client.</para>
419	<indexterm zone="mitkrb ftp">
420	<primary sortas="b-ftp">ftp</primary>
421	</indexterm>
422	</listitem>
423	</varlistentry>
424
425	<varlistentry id="ftpd-mitkrb">
426	<term><command>ftpd</command></term>
427	<listitem>
428	<para>is a kerberized FTP daemon.</para>
429	<indexterm zone="mitkrb ftpd">
430	<primary sortas="b-ftpd">ftpd</primary>
431	</indexterm>
432	</listitem>
433	</varlistentry>
434
435	<varlistentry id="k5srvutil">
436	<term><command>k5srvutil</command></term>
437	<listitem>
438	<para>is a host keytable manipulation utility.</para>
439	<indexterm zone="mitkrb k5srvutil">
440	<primary sortas="b-k5srvutil">k5srvutil</primary>
441	</indexterm>
442	</listitem>
443	</varlistentry>
444
445	<varlistentry id="kadmin-mitkrb">
446	<term><command>kadmin</command></term>
447	<listitem>
448	<para>is an utility used to make modifications
449	to the Kerberos database.</para>
450	<indexterm zone="mitkrb kadmin-mitkrb">
451	<primary sortas="b-kadmin">kadmin</primary>
452	</indexterm>
453	</listitem>
454	</varlistentry>
455
456	<varlistentry id="kadmind-mitkrb">
457	<term><command>kadmind</command></term>
458	<listitem>
459	<para>is a server for administrative access
460	to a Kerberos database.</para>
461	<indexterm zone="mitkrb kadmind-mitkrb">
462	<primary sortas="b-kadmind">kadmind</primary>
463	</indexterm>
464	</listitem>
465	</varlistentry>
466
467	<varlistentry id="kdb5_util">
468	<term><command>kdb5_util</command></term>
469	<listitem>
470	<para>is the KDC database utility.</para>
471	<indexterm zone="mitkrb kdb5_util">
472	<primary sortas="b-kdb5_util">kdb5_util</primary>
473	</indexterm>
474	</listitem>
475	</varlistentry>
476
477	<varlistentry id="kdestroy-mitkrb">
478	<term><command>kdestroy</command></term>
479	<listitem>
480	<para>removes the current set of tickets.</para>
481	<indexterm zone="mitkrb kdestroy-mitkrb">
482	<primary sortas="b-kdestroy">kdestroy</primary>
483	</indexterm>
484	</listitem>
485	</varlistentry>
486
487	<varlistentry id="kinit-mitkrb">
488	<term><command>kinit</command></term>
489	<listitem>
490	<para>is used to authenticate to the Kerberos server as a
491	principal and acquire a ticket granting ticket that can
492	later be used to obtain tickets for other services.</para>
493	<indexterm zone="mitkrb kinit-mitkrb">
494	<primary sortas="b-kinit">kinit</primary>
495	</indexterm>
496	</listitem>
497	</varlistentry>
498
499	<varlistentry id="klist-mitkrb">
500	<term><command>klist</command></term>
501	<listitem>
502	<para>reads and displays the current tickets in
503	the credential cache.</para>
504	<indexterm zone="mitkrb klist-mitkrb">
505	<primary sortas="b-klist">klist</primary>
506	</indexterm>
507	</listitem>
508	</varlistentry>
509
510	<varlistentry id="klogind">
511	<term><command>klogind</command></term>
512	<listitem>
513	<para>is the server that responds to <command>rlogin</command>
514	requests.</para>
515	<indexterm zone="mitkrb klogind">
516	<primary sortas="b-klogind">klogind</primary>
517	</indexterm>
518	</listitem>
519	</varlistentry>
520
521	<varlistentry id="kpasswd-mitkrb">
522	<term><command>kpasswd</command></term>
523	<listitem>
524	<para>is a program for changing Kerberos 5 passwords.</para>
525	<indexterm zone="mitkrb kpasswd-mitkrb">
526	<primary sortas="b-kpasswd">kpasswd</primary>
527	</indexterm>
528	</listitem>
529	</varlistentry>
530
531	<varlistentry id="kprop">
532	<term><command>kprop</command></term>
533	<listitem>
534	<para>takes a principal database in a specified format and
535	converts it into a stream of database records.</para>
536	<indexterm zone="mitkrb kprop">
537	<primary sortas="b-kprop">kprop</primary>
538	</indexterm>
539	</listitem>
540	</varlistentry>
541
542	<varlistentry id="kpropd">
543	<term><command>kpropd</command></term>
544	<listitem>
545	<para>receives a database sent by <command>kprop</command>
546	and writes it as a local database.</para>
547	<indexterm zone="mitkrb kpropd">
548	<primary sortas="b-kpropd">kpropd</primary>
549	</indexterm>
550	</listitem>
551	</varlistentry>
552
553	<varlistentry id="krb5-config-1">
554	<term><command>krb5-config</command></term>
555	<listitem>
556	<para>gives information on how to link programs against
557	libraries.</para>
558	<indexterm zone="mitkrb krb5-config-prog">
559	<primary sortas="b-krb5-config-1">krb5-config</primary>
560	</indexterm>
561	</listitem>
562	</varlistentry>
563
564	<varlistentry id="krb5kdc">
565	<term><command>krb5kdc</command></term>
566	<listitem>
567	<para>is a Kerberos 5 server.</para>
568	<indexterm zone="mitkrb krb5kdc">
569	<primary sortas="b-krb5kdc">krb5kdc</primary>
570	</indexterm>
571	</listitem>
572	</varlistentry>
573
574	<varlistentry id="kshd">
575	<term><command>kshd</command></term>
576	<listitem>
577	<para>is the server that responds to <command>rsh</command>
578	requests.</para>
579	<indexterm zone="mitkrb kshd">
580	<primary sortas="b-kshd">kshd</primary>
581	</indexterm>
582	</listitem>
583	</varlistentry>
584
585	<varlistentry id="ksu">
586	<term><command>ksu</command></term>
587	<listitem>
588	<para>is the super user program using Kerberos protocol.
589	Requires a properly configured
590	<filename class="directory">/etc/shells</filename> and
591	<filename>~/.k5login</filename> containing principals
592	authorized to become super users.</para>
593	<indexterm zone="mitkrb ksu">
594	<primary sortas="b-ksu">ksu</primary>
595	</indexterm>
596	</listitem>
597	</varlistentry>
598
599	<varlistentry id="ktutil-mitkrb">
600	<term><command>ktutil</command></term>
601	<listitem>
602	<para>is a program for managing Kerberos keytabs.</para>
603	<indexterm zone="mitkrb ktutil-mitkrb">
604	<primary sortas="b-ktutil">ktutil</primary>
605	</indexterm>
606	</listitem>
607	</varlistentry>
608
609	<varlistentry id="kvno">
610	<term><command>kvno</command></term>
611	<listitem>
612	<para>prints keyversion numbers of Kerberos principals.</para>
613	<indexterm zone="mitkrb kvno">
614	<primary sortas="b-kvno">kvno</primary>
615	</indexterm>
616	</listitem>
617	</varlistentry>
618
619	<varlistentry id="login.krb5">
620	<term><command>login.krb5</command></term>
621	<listitem>
622	<para>is a kerberized login program.</para>
623	<indexterm zone="mitkrb login">
624	<primary sortas="b-login.krb5">login.krb5</primary>
625	</indexterm>
626	</listitem>
627	</varlistentry>
628
629	<varlistentry id="rcp-mitkrb">
630	<term><command>rcp</command></term>
631	<listitem>
632	<para>is a kerberized rcp client program.</para>
633	<indexterm zone="mitkrb rcp">
634	<primary sortas="b-rcp">rcp</primary>
635	</indexterm>
636	</listitem>
637	</varlistentry>
638
639	<varlistentry id="rlogin">
640	<term><command>rlogin</command></term>
641	<listitem>
642	<para>is a kerberized rlogin client program.</para>
643	<indexterm zone="mitkrb rlogin">
644	<primary sortas="b-rlogin">rlogin</primary>
645	</indexterm>
646	</listitem>
647	</varlistentry>
648
649	<varlistentry id="rsh-mitkrb">
650	<term><command>rsh</command></term>
651	<listitem>
652	<para>is a kerberized rsh client program.</para>
653	<indexterm zone="mitkrb rsh">
654	<primary sortas="b-rsh">rsh</primary>
655	</indexterm>
656	</listitem>
657	</varlistentry>
658
659	<varlistentry id="telnet-mitkrb">
660	<term><command>telnet</command></term>
661	<listitem>
662	<para>is a kerberized telnet client program.</para>
663	<indexterm zone="mitkrb telnet">
664	<primary sortas="b-telnet">telnet</primary>
665	</indexterm>
666	</listitem>
667	</varlistentry>
668
669	<varlistentry id="telnetd-mitkrb">
670	<term><command>telnetd</command></term>
671	<listitem>
672	<para>is a kerberized telnet server.</para>
673	<indexterm zone="mitkrb telnetd">
674	<primary sortas="b-telnetd">telnetd</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="libcom_err">
680	<term><filename class='libraryfile'>libcom_err.{so,a}</filename></term>
681	<listitem>
682	<para>implements the Kerberos library error code.</para>
683	<indexterm zone="mitkrb libcom_err">
684	<primary sortas="c-libcom_err">libcom_err.{so,a}</primary>
685	</indexterm>
686	</listitem>
687	</varlistentry>
688
689	<varlistentry id="libgssapi-mitkrb">
690	<term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
691	<listitem>
692	<para>contain the Generic Security Service Application
693	Programming Interface (GSSAPI) functions which provides security
694	services to callers in a generic fashion, supportable with a range of
695	underlying mechanisms and technologies and hence allowing source-level
696	portability of applications to different environments.</para>
697	<indexterm zone="mitkrb libgssapi">
698	<primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
699	</indexterm>
700	</listitem>
701	</varlistentry>
702
703	<varlistentry id="libkadm5clnt-mitkrb">
704	<term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
705	<listitem>
706	<para>contains the administrative authentication and password
707	checking functions required by Kerberos 5 client-side programs.</para>
708	<indexterm zone="mitkrb libkadm5clnt">
709	<primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
710	</indexterm>
711	</listitem>
712	</varlistentry>
713
714	<varlistentry id="libkadm5srv-mitkrb">
715	<term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
716	<listitem>
717	<para>contain the administrative authentication and password
718	checking functions required by Kerberos 5 servers.</para>
719	<indexterm zone="mitkrb libkadm5srv">
720	<primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
721	</indexterm>
722	</listitem>
723	</varlistentry>
724
725	<varlistentry id="libkdb5">
726	<term><filename class='libraryfile'>libkdb5.{so,a}</filename></term>
727	<listitem>
728	<para>is a Kerberos 5 authentication/authorization database
729	access library.</para>
730	<indexterm zone="mitkrb libkdb5">
731	<primary sortas="c-libkdb5">libkdb5.{so,a}</primary>
732	</indexterm>
733	</listitem>
734	</varlistentry>
735
736	<varlistentry id="libkrb5-mitkrb">
737	<term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
738	<listitem>
739	<para>is an all-purpose Kerberos 5 library.</para>
740	<indexterm zone="mitkrb libkrb5">
741	<primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
742	</indexterm>
743	</listitem>
744	</varlistentry>
745
746	</variablelist>
747
748	</sect2>
749
750	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 3597eb6

Download in other formats: