Context Navigation

mitkrb.xml@ 572862b

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.6 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 572862b was 572862b, checked in by Fernando de Oliveira <fernando@…>, 10 years ago

krb5-1.12.2: forgot.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@13913 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.2 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "357f1312b7720a0a591e22db0f7829fe">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "120 MB (Additional 25 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 4.4 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs75_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),
82	<xref linkend="gnupg2"/> (to authenticate the package),
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<para>
115	After unpacking the distribution tarball and if you have
116	<xref linkend="gnupg2"/> installed, you can
117	authenticate the package. First, check the contents of the file
118	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
119	</para>
120
121	<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
122
123	<para>You will probably see output similar to:</para>
124
125	<screen>gpg: Signature made Wed Aug 8 22:29:58 2012 GMT using RSA key ID F376813D
126	gpg: Can't check signature: public key not found</screen>
127
128	<para>
129	You can import the public key with:
130	</para>
131
132	<screen><userinput>gpg --keyserver pgp.mit.edu --recv-keys 0xF376813D</userinput></screen>
133
134	<para>
135	Now re-verify the package with the first command above. You should get a
136	indication of a good signature, but the key will still not be certified
137	with a trusted signature. Trusting the downloaded key is a separate
138	operation but it is up to you to determine the level of trust.
139	</para>
140
141	<para>
142	Build <application>MIT Kerberos V5</application> by running the
143	following commands:
144	</para>
145
146	<screen><userinput>cd src &&
147	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
148	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
149	-i configure.in &&
150	sed -e 's@\^u}@^u cols 300}@' \
151	-i tests/dejagnu/config/default.exp &&
152	autoconf &&
153	./configure --prefix=/usr \
154	--sysconfdir=/etc \
155	--localstatedir=/var/lib \
156	--with-system-et \
157	--with-system-ss \
158	--enable-dns-for-realm &&
159	make</userinput></screen>
160
161	<para>
162	To test the build, issue: <command>make check</command>. You need at
163	least <xref linkend="tcl"/>, which is used to drive the testsuite.
164	Furthermore, <xref linkend="dejagnu"/> must be available for some
165	of the tests to run. If you have a former version of MIT Kerberos V5
166	installed, it may happen that the test suite pick up the installed
167	versions of the libraries, rather than the newly built ones. If so,
168	it is better to run the tests after the installation.
169	</para>
170
171	<para>
172	Now, as the <systemitem class="username">root</systemitem> user:
173	</para>
174
175	<screen role="root"><userinput>make install &&
176
177	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
178	kdb5 kdb_ldap krad krb5 krb5support verto ; do
179	[ -e /usr/lib/lib$LIBRARY.so ] && chmod -v 755 /usr/lib/lib$LIBRARY.so
180	done &&
181
182	mv -v /usr/lib/libkrb5.so.3* /lib &&
183	mv -v /usr/lib/libk5crypto.so.3* /lib &&
184	mv -v /usr/lib/libkrb5support.so.0* /lib &&
185
186	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
187	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
188	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
189
190	mv -v /usr/bin/ksu /bin &&
191	chmod -v 755 /bin/ksu &&
192
193	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
194	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
195
196	unset LIBRARY</userinput></screen>
197
198
199	</sect2>
200
201	<sect2 role="commands">
202	<title>Command Explanations</title>
203
204	<para>
205	<command>sed -e ...</command>: The first <command>sed</command> fixes
206	<application>Python</application> detection. The second one increases
207	the width of the virtual terminal used for some tests, to prevent
208	some spurious characters to be echoed, which is taken as a failure.
209	</para>
210
211	<para>
212	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
213	used so that the Kerberos variable run-time data is located in
214	<filename class="directory">/var/lib</filename> instead of
215	<filename class="directory">/usr/var</filename>.
216	</para>
217
218	<para>
219	<parameter>--with-system-et</parameter>: This switch causes the build
220	to use the system-installed versions of the error-table support
221	software.
222	</para>
223
224	<para>
225	<parameter>--with-system-ss</parameter>: This switch causes the build
226	to use the system-installed versions of the subsystem command-line
227	interface software.
228	</para>
229
230	<para>
231	<parameter>--enable-dns-for-realm</parameter>: This switch allows
232	realms to be resolved using the DNS server.
233	</para>
234
235	<para>
236	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
237	<command>ksu</command> program to the
238	<filename class="directory">/bin</filename> directory so that it is
239	available when the <filename class="directory">/usr</filename>
240	filesystem is not mounted.
241	</para>
242
243	<para>
244	<option>--with-ldap</option>: Use this switch if you want to compile
245	<application>OpenLDAP</application> database backend module.
246	</para>
247
248	</sect2>
249
250	<sect2 role="configuration">
251	<title>Configuring MIT Kerberos V5</title>
252
253	<sect3 id="krb5-config">
254	<title>Config Files</title>
255
256	<para>
257	<filename>/etc/krb5.conf</filename> and
258	<filename>/var/lib/krb5kdc/kdc.conf</filename>
259	</para>
260
261	<indexterm zone="mitkrb krb5-config">
262	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
263	</indexterm>
264
265	<indexterm zone="mitkrb krb5-config">
266	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
267	</indexterm>
268
269	</sect3>
270
271	<sect3>
272	<title>Configuration Information</title>
273
274	<sect4>
275	<title>Kerberos Configuration</title>
276
277	<tip>
278	<para>
279	You should consider installing some sort of password checking
280	dictionary so that you can configure the installation to only
281	accept strong passwords. A suitable dictionary to use is shown in
282	the <xref linkend="cracklib"/> instructions. Note that only one
283	file can be used, but you can concatenate many files into one. The
284	configuration file shown below assumes you have installed a
285	dictionary to <filename>/usr/share/dict/words</filename>.
286	</para>
287	</tip>
288
289	<para>
290	Create the Kerberos configuration file with the following
291	commands issued by the <systemitem class="username">root</systemitem>
292	user:
293	</para>
294
295	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
296	<literal># Begin /etc/krb5.conf
297
298	[libdefaults]
299	default_realm = <replaceable><LFS.ORG></replaceable>
300	encrypt = true
301
302	[realms]
303	<replaceable><LFS.ORG></replaceable> = {
304	kdc = <replaceable><belgarath.lfs.org></replaceable>
305	admin_server = <replaceable><belgarath.lfs.org></replaceable>
306	dict_file = /usr/share/dict/words
307	}
308
309	[domain_realm]
310	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
311
312	[logging]
313	kdc = SYSLOG[:INFO[:AUTH]]
314	admin_server = SYSLOG[INFO[:AUTH]]
315	default = SYSLOG[[:SYS]]
316
317	# End /etc/krb5.conf</literal>
318	EOF</userinput></screen>
319
320	<para>
321	You will need to substitute your domain and proper hostname for the
322	occurrences of the <replaceable><belgarath></replaceable> and
323	<replaceable><lfs.org></replaceable> names.
324	</para>
325
326	<para>
327	<option>default_realm</option> should be the name of your
328	domain changed to ALL CAPS. This isn't required, but both
329	<application>Heimdal</application> and MIT recommend it.
330	</para>
331
332	<para>
333	<option>encrypt = true</option> provides encryption of all traffic
334	between kerberized clients and servers. It's not necessary and can
335	be left off. If you leave it off, you can encrypt all traffic from
336	the client to the server using a switch on the client program
337	instead.
338	</para>
339
340	<para>
341	The <option>[realms]</option> parameters tell the client programs
342	where to look for the KDC authentication services.
343	</para>
344
345	<para>
346	The <option>[domain_realm]</option> section maps a domain to a realm.
347	</para>
348
349	<para>
350	Create the KDC database:
351	</para>
352
353	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
354
355	<para>
356	Now you should populate the database with principals
357	(users). For now, just use your regular login name or
358	<systemitem class="username">root</systemitem>.
359	</para>
360
361	<screen role="root"><userinput>kadmin.local
362	<prompt>kadmin.local:</prompt> add_policy dict-only
363	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
364
365	<para>
366	The KDC server and any machine running kerberized
367	server daemons must have a host key installed:
368	</para>
369
370	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
371
372	<para>
373	After choosing the defaults when prompted, you will have to
374	export the data to a keytab file:
375	</para>
376
377	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
378
379	<para>
380	This should have created a file in
381	<filename class="directory">/etc</filename> named
382	<filename>krb5.keytab</filename> (Kerberos 5). This file should
383	have 600 (<systemitem class="username">root</systemitem> rw only)
384	permissions. Keeping the keytab files from public access is crucial
385	to the overall security of the Kerberos installation.
386	</para>
387
388	<para>
389	Exit the <command>kadmin</command> program (use
390	<command>quit</command> or <command>exit</command>) and return
391	back to the shell prompt. Start the KDC daemon manually, just to
392	test out the installation:
393	</para>
394
395	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
396
397	<para>
398	Attempt to get a ticket with the following command:
399	</para>
400
401	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
402
403	<para>
404	You will be prompted for the password you created. After you
405	get your ticket, you can list it with the following command:
406	</para>
407
408	<screen><userinput>klist</userinput></screen>
409
410	<para>
411	Information about the ticket should be displayed on the
412	screen.
413	</para>
414
415	<para>
416	To test the functionality of the keytab file, issue the
417	following command:
418	</para>
419
420	<screen><userinput>ktutil
421	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
422	<prompt>ktutil:</prompt> l</userinput></screen>
423
424	<para>
425	This should dump a list of the host principal, along with
426	the encryption methods used to access the principal.
427	</para>
428
429	<para>
430	At this point, if everything has been successful so far, you
431	can feel fairly confident in the installation and configuration of
432	the package.
433	</para>
434
435	</sect4>
436
437	<sect4>
438	<title>Additional Information</title>
439
440	<para>
441	For additional information consult the <ulink
442	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
443	documentation for krb5-&mitkrb-version;</ulink> on which the above
444	instructions are based.
445	</para>
446
447	</sect4>
448
449	</sect3>
450
451	<sect3 id="mitkrb-init">
452	<title>Init Script</title>
453
454	<para>
455	If you want to start <application>Kerberos</application> services
456	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
457	script included in the <xref linkend="bootscripts"/> package using
458	the following command:
459	</para>
460
461	<indexterm zone="mitkrb mitkrb-init">
462	<primary sortas="f-krb5">krb5</primary>
463	</indexterm>
464
465	<screen role="root"><userinput>make install-krb5</userinput></screen>
466
467	</sect3>
468
469	</sect2>
470
471	<sect2 role="content">
472
473	<title>Contents</title>
474	<para></para>
475
476	<segmentedlist>
477	<segtitle>Installed Programs</segtitle>
478	<segtitle>Installed Libraries</segtitle>
479	<segtitle>Installed Directories</segtitle>
480
481	<seglistitem>
482	<seg>
483	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
484	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
485	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
486	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
487	sserver, uuclient and uuserver
488	</seg>
489	<seg>
490	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
491	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
492	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
493	and some plugins under the /usr/lib/krb5 tree
494	</seg>
495	<seg>
496	/usr/include/gssapi,
497	/usr/include/gssrpc,
498	/usr/include/kadm5,
499	/usr/include/krb5,
500	/usr/lib/krb5,
501	/usr/share/doc/krb5-&mitkrb-version;,
502	/usr/share/examples/krb5 and
503	/var/lib/krb5kdc
504	</seg>
505	</seglistitem>
506	</segmentedlist>
507
508	<variablelist>
509	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
510	<?dbfo list-presentation="list"?>
511	<?dbhtml list-presentation="table"?>
512
513	<varlistentry id="k5srvutil">
514	<term><command>k5srvutil</command></term>
515	<listitem>
516	<para>
517	is a host keytable manipulation utility.
518	</para>
519	<indexterm zone="mitkrb k5srvutil">
520	<primary sortas="b-k5srvutil">k5srvutil</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="kadmin">
526	<term><command>kadmin</command></term>
527	<listitem>
528	<para>
529	is an utility used to make modifications
530	to the Kerberos database.
531	</para>
532	<indexterm zone="mitkrb kadmin">
533	<primary sortas="b-kadmin">kadmin</primary>
534	</indexterm>
535	</listitem>
536	</varlistentry>
537
538	<varlistentry id="kadmind">
539	<term><command>kadmind</command></term>
540	<listitem>
541	<para>
542	is a server for administrative access
543	to a Kerberos database.
544	</para>
545	<indexterm zone="mitkrb kadmind">
546	<primary sortas="b-kadmind">kadmind</primary>
547	</indexterm>
548	</listitem>
549	</varlistentry>
550
551	<varlistentry id="kdb5_util">
552	<term><command>kdb5_util</command></term>
553	<listitem>
554	<para>
555	is the KDC database utility.
556	</para>
557	<indexterm zone="mitkrb kdb5_util">
558	<primary sortas="b-kdb5_util">kdb5_util</primary>
559	</indexterm>
560	</listitem>
561	</varlistentry>
562
563	<varlistentry id="kdestroy">
564	<term><command>kdestroy</command></term>
565	<listitem>
566	<para>
567	removes the current set of tickets.
568	</para>
569	<indexterm zone="mitkrb kdestroy">
570	<primary sortas="b-kdestroy">kdestroy</primary>
571	</indexterm>
572	</listitem>
573	</varlistentry>
574
575	<varlistentry id="kinit">
576	<term><command>kinit</command></term>
577	<listitem>
578	<para>
579	is used to authenticate to the Kerberos server as a
580	principal and acquire a ticket granting ticket that can
581	later be used to obtain tickets for other services.
582	</para>
583	<indexterm zone="mitkrb kinit">
584	<primary sortas="b-kinit">kinit</primary>
585	</indexterm>
586	</listitem>
587	</varlistentry>
588
589	<varlistentry id="klist">
590	<term><command>klist</command></term>
591	<listitem>
592	<para>
593	reads and displays the current tickets in
594	the credential cache.
595	</para>
596	<indexterm zone="mitkrb klist">
597	<primary sortas="b-klist">klist</primary>
598	</indexterm>
599	</listitem>
600	</varlistentry>
601
602	<varlistentry id="kpasswd">
603	<term><command>kpasswd</command></term>
604	<listitem>
605	<para>
606	is a program for changing Kerberos 5 passwords.
607	</para>
608	<indexterm zone="mitkrb kpasswd">
609	<primary sortas="b-kpasswd">kpasswd</primary>
610	</indexterm>
611	</listitem>
612	</varlistentry>
613
614	<varlistentry id="kprop">
615	<term><command>kprop</command></term>
616	<listitem>
617	<para>
618	takes a principal database in a specified format and
619	converts it into a stream of database records.
620	</para>
621	<indexterm zone="mitkrb kprop">
622	<primary sortas="b-kprop">kprop</primary>
623	</indexterm>
624	</listitem>
625	</varlistentry>
626
627	<varlistentry id="kpropd">
628	<term><command>kpropd</command></term>
629	<listitem>
630	<para>
631	receives a database sent by <command>kprop</command>
632	and writes it as a local database.
633	</para>
634	<indexterm zone="mitkrb kpropd">
635	<primary sortas="b-kpropd">kpropd</primary>
636	</indexterm>
637	</listitem>
638	</varlistentry>
639
640	<varlistentry id="krb5-config-prog2">
641	<term><command>krb5-config</command></term>
642	<listitem>
643	<para>
644	gives information on how to link programs against
645	libraries.
646	</para>
647	<indexterm zone="mitkrb krb5-config-prog2">
648	<primary sortas="b-krb5-config">krb5-config</primary>
649	</indexterm>
650	</listitem>
651	</varlistentry>
652
653	<varlistentry id="krb5kdc">
654	<term><command>krb5kdc</command></term>
655	<listitem>
656	<para>
657	is the <application>Kerberos 5</application> server.
658	</para>
659	<indexterm zone="mitkrb krb5kdc">
660	<primary sortas="b-krb5kdc">krb5kdc</primary>
661	</indexterm>
662	</listitem>
663	</varlistentry>
664
665	<varlistentry id="ksu">
666	<term><command>ksu</command></term>
667	<listitem>
668	<para>
669	is the super user program using Kerberos protocol.
670	Requires a properly configured
671	<filename>/etc/shells</filename> and
672	<filename>~/.k5login</filename> containing principals
673	authorized to become super users.
674	</para>
675	<indexterm zone="mitkrb ksu">
676	<primary sortas="b-ksu">ksu</primary>
677	</indexterm>
678	</listitem>
679	</varlistentry>
680
681	<varlistentry id="kswitch">
682	<term><command>kswitch</command></term>
683	<listitem>
684	<para>
685	makes the specified credential cache the
686	primary cache for the collection, if a cache
687	collection is available.
688	</para>
689	<indexterm zone="mitkrb kswitch">
690	<primary sortas="b-kswitch">kswitch</primary>
691	</indexterm>
692	</listitem>
693	</varlistentry>
694
695	<varlistentry id="ktutil">
696	<term><command>ktutil</command></term>
697	<listitem>
698	<para>
699	is a program for managing Kerberos keytabs.
700	</para>
701	<indexterm zone="mitkrb ktutil">
702	<primary sortas="b-ktutil">ktutil</primary>
703	</indexterm>
704	</listitem>
705	</varlistentry>
706
707	<varlistentry id="kvno">
708	<term><command>kvno</command></term>
709	<listitem>
710	<para>
711	prints keyversion numbers of Kerberos principals.
712	</para>
713	<indexterm zone="mitkrb kvno">
714	<primary sortas="b-kvno">kvno</primary>
715	</indexterm>
716	</listitem>
717	</varlistentry>
718
719	<varlistentry id="sclient">
720	<term><command>sclient</command></term>
721	<listitem>
722	<para>
723	used to contact a sample server and authenticate to it
724	using Kerberos 5 tickets, then display the server's
725	response.
726	</para>
727	<indexterm zone="mitkrb sclient">
728	<primary sortas="b-sclient">sclient</primary>
729	</indexterm>
730	</listitem>
731	</varlistentry>
732
733	<varlistentry id="sserver">
734	<term><command>sserver</command></term>
735	<listitem>
736	<para>
737	is the sample Kerberos 5 server.
738	</para>
739	<indexterm zone="mitkrb sserver">
740	<primary sortas="b-sserver">sserver</primary>
741	</indexterm>
742	</listitem>
743	</varlistentry>
744
745	<varlistentry id="libgssapi_krb5">
746	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
747	<listitem>
748	<para>
749	contain the Generic Security Service Application Programming
750	Interface (GSSAPI) functions which provides security services
751	to callers in a generic fashion, supportable with a range of
752	underlying mechanisms and technologies and hence allowing
753	source-level portability of applications to different
754	environments.
755	</para>
756	<indexterm zone="mitkrb libgssapi_krb5">
757	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
758	</indexterm>
759	</listitem>
760	</varlistentry>
761
762	<varlistentry id="libkadm5clnt">
763	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
764	<listitem>
765	<para>
766	contains the administrative authentication and password checking
767	functions required by Kerberos 5 client-side programs.
768	</para>
769	<indexterm zone="mitkrb libkadm5clnt">
770	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
771	</indexterm>
772	</listitem>
773	</varlistentry>
774
775	<varlistentry id="libkadm5srv">
776	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
777	<listitem>
778	<para>
779	contain the administrative authentication and password
780	checking functions required by Kerberos 5 servers.
781	</para>
782	<indexterm zone="mitkrb libkadm5srv">
783	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
784	</indexterm>
785	</listitem>
786	</varlistentry>
787
788	<varlistentry id="libkdb5">
789	<term><filename class="libraryfile">libkdb5.so</filename></term>
790	<listitem>
791	<para>
792	is a Kerberos 5 authentication/authorization database
793	access library.
794	</para>
795	<indexterm zone="mitkrb libkdb5">
796	<primary sortas="c-libkdb5">libkdb5.so</primary>
797	</indexterm>
798	</listitem>
799	</varlistentry>
800
801	<varlistentry id="libkrad">
802	<term><filename class="libraryfile">libkrad.so</filename></term>
803	<listitem>
804	<para>
805	contains the internal support library for RADIUS functionality.
806	</para>
807	<indexterm zone="mitkrb libkrad">
808	<primary sortas="c-libkrad">libkrad.so</primary>
809	</indexterm>
810	</listitem>
811	</varlistentry>
812
813	<varlistentry id="libkrb5">
814	<term><filename class="libraryfile">libkrb5.so</filename></term>
815	<listitem>
816	<para>
817	is an all-purpose <application>Kerberos 5</application> library.
818	</para>
819	<indexterm zone="mitkrb libkrb5">
820	<primary sortas="c-libkrb5">libkrb5.so</primary>
821	</indexterm>
822	</listitem>
823	</varlistentry>
824
825	</variablelist>
826
827	</sect2>
828
829	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 572862b

Download in other formats: