Context Navigation

mitkrb.xml@ 84da85a

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 84da85a was 0aeb696, checked in by Randy McMurchy <randy@…>, 18 years ago

Added a comment to each file that may need a mention of a test suite added to it, this allows closing of bug #1697

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5951 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 28.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- Inserted as a reminder to do this. The mention of a test suite
8	is usually right before the root user installation commands. Please
9	delete these 12 (including one blank) lines after you are done.-->
10
11	<!-- Use one of the two mentions below about a test suite,
12	delete the line that is not applicable. Of course, if the
13	test suite uses syntax other than "make check", revise the
14	line to reflect the actual syntax to run the test suite -->
15
16	<!-- <para>This package does not come with a test suite.</para> -->
17	<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
20	<!ENTITY mitkrb-download-ftp " ">
21	<!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
22	<!ENTITY mitkrb-size "6.4 MB">
23	<!ENTITY mitkrb-buildsize "TBD MB">
24	<!ENTITY mitkrb-time "TBD SBU">
25	]>
26
27	<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
28	<?dbhtml filename="mitkrb.html"?>
29
30	<sect1info>
31	<othername>$LastChangedBy$</othername>
32	<date>$Date$</date>
33	<keywordset>
34	<keyword role="package">krb5-&mitkrb-version;-signed.tar</keyword>
35	<keyword role="ftpdir">krb5</keyword>
36	</keywordset>
37	</sect1info>
38
39	<title>MIT Krb5-&mitkrb-version;</title>
40
41	<indexterm zone="mitkrb">
42	<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
43	</indexterm>
44
45	<sect2 role="package">
46	<title>Introduction to MIT Krb5</title>
47
48	<para><application>MIT krb5</application> is a free implementation of
49	Kerberos 5. Kerberos is a network authentication protocol. It
50	centralizes the authentication database and uses kerberized
51	applications to work with servers or services that support Kerberos
52	allowing single logins and encrypted communication over internal
53	networks or the Internet.</para>
54
55	<bridgehead renderas="sect3">Package Information</bridgehead>
56	<itemizedlist spacing="compact">
57	<listitem>
58	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
59	</listitem>
60	<listitem>
61	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
62	</listitem>
63	<listitem>
64	<para>Download MD5 sum: &mitkrb-md5sum;</para>
65	</listitem>
66	<listitem>
67	<para>Download size: &mitkrb-size;</para>
68	</listitem>
69	<listitem>
70	<para>Estimated disk space required: &mitkrb-buildsize;</para>
71	</listitem>
72	<listitem>
73	<para>Estimated build time: &mitkrb-time;</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional"><xref linkend="xinetd"/> (services servers only),
81	<xref linkend="linux-pam"/> (for <command>xdm</command> based logins) and
82	<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
83	password database)</para>
84
85	<note>
86	<para>Some sort of time synchronization facility on your system (like
87	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
88	there is a time difference between a kerberized client and the
89	KDC server.</para>
90	</note>
91
92	<para condition="html" role="usernotes">User Notes:
93	<ulink url="&blfs-wiki;/mitkrb"/></para>
94
95	</sect2>
96
97	<sect2 role="installation">
98	<title>Installation of MIT Krb5</title>
99
100
101	<!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
102	the BLFS Editors. Until this section is updated, the Editors reccomend
103	using <xref linkend='heimdal'/> to implement the functionality of this
104	package.</para></note> -->
105
106
107	<para><application>MIT krb5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file.</para>
110
111	<para>If you have installed <xref linkend="gnupg"/>, you can
112	authenticate the package with the following command:</para>
113
114	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
115
116	<para>Build <application>MIT krb5</application> by running the
117	following commands:</para>
118
119	<screen><userinput>cd src &&
120	./configure --prefix=/usr --sysconfdir=/etc \
121	--localstatedir=/var/lib --enable-dns \
122	--enable-static --mandir=/usr/share/man &&
123	make</userinput></screen>
124
125	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
126
127	<screen role="root"><userinput>make install &&
128	mv -v /usr/bin/ksu /bin &&
129	mv -v /usr/lib/libkrb5.so.3* /lib &&
130	mv -v /usr/lib/libkrb4.so.2* /lib &&
131	mv -v /usr/lib/libdes425.so.3* /lib &&
132	mv -v /usr/lib/libk5crypto.so.3* /lib &&
133	mv -v /usr/lib/libcom_err.so.3* /lib &&
134	ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
135	ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
136	ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
137	ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
138	ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
139	ldconfig</userinput></screen>
140
141	<warning>
142	<para><command>login.krb5</command> does not support
143	<application>shadow</application> passwords. As a result, when the
144	Kerberos server is unavailable, the default fall through to
145	<filename>/etc/password</filename> will not work because
146	the passwords have been moved to <filename>/etc/shadow</filename> during
147	the LFS build process. Entering the following
148	commands without moving the passwords back to
149	<filename>/etc/password</filename> could prevent any logins.</para>
150	</warning>
151
152	<para>If <application>Linux-Pam</application> is not installed and
153	you understand the above warning, the following can be entered as the
154	<systemitem class="username">root</systemitem> user:</para>
155
156	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
157	cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
158
159	<para>If <application>CrackLib</application> is installed, or if any
160	word list has been put in
161	<filename class='directory'>/usr/share/dict</filename>, the following
162	should be entered as the <systemitem class="username">root</systemitem>
163	user:</para>
164
165	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
166
167	</sect2>
168
169	<sect2 role="commands">
170	<title>Command Explanations</title>
171
172	<para><parameter>--enable-dns</parameter>: This switch allows
173	realms to be resolved using the DNS server.</para>
174
175	<para><parameter>--enable-static</parameter>: This switch builds static
176	libraries in addition to the shared libraries.</para>
177
178	<para><command>mv -v /bin/login /bin/login.shadow &&
179	cp -v /usr/sbin/login.krb5 /bin/login &&
180	mv -v /usr/bin/ksu /bin</command>: Preserves
181	<application>Shadow</application>'s <command>login</command>
182	command, moves <command>ksu</command> and <command>login</command> to
183	the <filename class="directory">/bin</filename> directory.</para>
184
185	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
186	The <command>login</command> and <command>ksu</command> programs
187	are linked against these libraries, therefore these libraries are moved
188	to <filename class="directory">/lib</filename> to allow logins without
189	mounting <filename class="directory">/usr</filename>.</para>
190
191	</sect2>
192
193	<sect2 role="configuration">
194	<title>Configuring MIT Krb5</title>
195
196	<sect3 id="krb5-config">
197	<title>Config Files</title>
198
199	<para><filename>/etc/krb5.conf</filename> and
200	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
201
202	<indexterm zone="mitkrb krb5-config">
203	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
204	</indexterm>
205
206	<indexterm zone="mitkrb krb5-config">
207	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
208	</indexterm>
209
210	</sect3>
211
212	<sect3>
213	<title>Configuration Information</title>
214
215	<sect4>
216	<title>Kerberos Configuration</title>
217
218	<para>Create the Kerberos configuration file with the following
219	command:</para>
220
221	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
222	<literal># Begin /etc/krb5.conf
223
224	[libdefaults]
225	default_realm = <replaceable><LFS.ORG></replaceable>
226	encrypt = true
227
228	[realms]
229	<replaceable><LFS.ORG></replaceable> = {
230	kdc = <replaceable><belgarath.lfs.org></replaceable>
231	admin_server = <replaceable><belgarath.lfs.org></replaceable>
232	}
233
234	[domain_realm]
235	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
236
237	[logging]
238	kdc = SYSLOG[:INFO[:AUTH]]
239	admin_server = SYSLOG[INFO[:AUTH]]
240	default = SYSLOG[[:SYS]]
241
242	# End /etc/krb5.conf</literal>
243	EOF</userinput></screen>
244
245	<para>You will need to substitute your domain and proper hostname
246	for the occurances of the <replaceable><belgarath></replaceable> and
247	<replaceable><lfs.org></replaceable> names.</para>
248
249	<para><option>default_realm</option> should be the name of your
250	domain changed to ALL CAPS. This isn't required, but both
251	<application>Heimdal</application> and MIT recommend it.</para>
252
253	<para><option>encrypt = true</option> provides encryption of all
254	traffic between kerberized clients and servers. It's not necessary
255	and can be left off. If you leave it off, you can encrypt all traffic
256	from the client to the server using a switch on the client program
257	instead.</para>
258
259	<para>The <option>[realms]</option> parameters tell the client
260	programs where to look for the KDC authentication services.</para>
261
262	<para>The <option>[domain_realm]</option> section maps a domain to
263	a realm.</para>
264
265	<para>Create the KDC database:</para>
266
267	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
268
269	<para>Now you should populate the database with principles
270	(users). For now, just use your regular login name or
271	<systemitem class="username">root</systemitem>.</para>
272
273	<screen role="root"><userinput>kadmin.local
274	<prompt>kadmin:</prompt> add_policy dict-only
275	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
276
277	<para>The KDC server and any machine running kerberized
278	server daemons must have a host key installed:</para>
279
280	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
281
282	<para>After choosing the defaults when prompted, you will have to
283	export the data to a keytab file:</para>
284
285	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
286
287	<para>This should have created a file in
288	<filename class="directory">/etc</filename> named
289	<filename>krb5.keytab</filename> (Kerberos 5). This file should
290	have 600 (<systemitem class="username">root</systemitem> rw only)
291	permissions. Keeping the keytab files from public access is crucial
292	to the overall security of the Kerberos installation.</para>
293
294	<para>Eventually, you'll want to add server daemon principles to the
295	database and extract them to the keytab file. You do this in the same
296	way you created the host principles. Below is an example:</para>
297
298	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable><belgarath.lfs.org></replaceable>
299	<prompt>kadmin:</prompt> ktadd ftp/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
300
301	<para>Exit the <command>kadmin</command> program (use
302	<command>quit</command> or <command>exit</command>) and return
303	back to the shell prompt. Start the KDC daemon manually, just to
304	test out the installation:</para>
305
306	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
307
308	<para>Attempt to get a ticket with the following command:</para>
309
310	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
311
312	<para>You will be prompted for the password you created. After you
313	get your ticket, you can list it with the following command:</para>
314
315	<screen><userinput>klist</userinput></screen>
316
317	<para>Information about the ticket should be displayed on the
318	screen.</para>
319
320	<para>To test the functionality of the keytab file, issue the
321	following command:</para>
322
323	<screen><userinput>ktutil
324	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
325	<prompt>ktutil:</prompt> l</userinput></screen>
326
327	<para>This should dump a list of the host principal, along with
328	the encryption methods used to access the principal.</para>
329
330	<para>At this point, if everything has been successful so far, you
331	can feel fairly confident in the installation and configuration of
332	the package.</para>
333
334	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
335	script included in the <xref linkend="bootscripts"/>
336	package.</para>
337
338	<screen role="root"><userinput>make install-kerberos</userinput></screen>
339
340	</sect4>
341
342	<sect4>
343	<title>Using Kerberized Client Programs</title>
344
345	<para>To use the kerberized client programs (<command>telnet</command>,
346	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
347	<command>rlogin</command>), you first must get an authentication ticket.
348	Use the <command>kinit</command> program to get the ticket. After you've
349	acquired the ticket, you can use the kerberized programs to connect to
350	any kerberized server on the network. You will not be prompted for
351	authentication until your ticket expires (default is one day), unless
352	you specify a different user as a command line argument to the
353	program.</para>
354
355	<para>The kerberized programs will connect to non kerberized daemons,
356	warning you that authentication is not encrypted.</para>
357
358	</sect4>
359
360	<sect4>
361	<title>Using Kerberized Server Programs</title>
362
363	<para>Using kerberized server programs (<command>telnetd</command>,
364	<command>kpropd</command>, <command>klogind</command> and
365	<command>kshd</command>) requires two additional configuration steps.
366	First the <filename>/etc/services</filename> file must be updated to
367	include eklogin and krb5_prop. Second, the
368	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
369	must be modified for each server that will be activated, usually
370	replacing the server from <xref linkend="inetutils"/>.</para>
371
372	</sect4>
373
374	<sect4>
375	<title>Additional Information</title>
376
377	<para>For additional information consult <ulink
378	url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
379	Documentation for krb-&mitkrb-version;</ulink> on which the above
380	instructions are based.</para>
381
382	</sect4>
383
384	</sect3>
385
386	</sect2>
387
388	<sect2 role="content">
389	<title>Contents</title>
390	<para></para>
391
392	<segmentedlist>
393	<segtitle>Installed Programs</segtitle>
394	<segtitle>Installed Libraries</segtitle>
395	<segtitle>Installed Directories</segtitle>
396
397	<seglistitem>
398	<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
399	kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
400	klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
401	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
402	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
403	uuclient, uuserver, v5passwd, and v5passwdd</seg>
404	<seg>libcom_err.{so,a}, libdes425.{so,a}, libgssapi.{so,a},
405	libgssrpc.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a},
406	libkdb5.{so,a}, libkrb5.{so,a}, and libkrb4.{so,a}</seg>
407	<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
408	</seglistitem>
409	</segmentedlist>
410
411	<variablelist>
412	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
413	<?dbfo list-presentation="list"?>
414	<?dbhtml list-presentation="table"?>
415
416	<varlistentry id="compile_et">
417	<term><command>compile_et</command></term>
418	<listitem>
419	<para>converts the table listing error-code names into a
420	C source file.</para>
421	<indexterm zone="mitkrb compile_et">
422	<primary sortas="b-compile_et">compile_et</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="ftp-mitkrb">
428	<term><command>ftp</command></term>
429	<listitem>
430	<para>is a kerberized FTP client.</para>
431	<indexterm zone="mitkrb ftp">
432	<primary sortas="b-ftp">ftp</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="ftpd-mitkrb">
438	<term><command>ftpd</command></term>
439	<listitem>
440	<para>is a kerberized FTP daemon.</para>
441	<indexterm zone="mitkrb ftpd">
442	<primary sortas="b-ftpd">ftpd</primary>
443	</indexterm>
444	</listitem>
445	</varlistentry>
446
447	<varlistentry id="k5srvutil">
448	<term><command>k5srvutil</command></term>
449	<listitem>
450	<para>is a host keytable manipulation utility.</para>
451	<indexterm zone="mitkrb k5srvutil">
452	<primary sortas="b-k5srvutil">k5srvutil</primary>
453	</indexterm>
454	</listitem>
455	</varlistentry>
456
457	<varlistentry id="kadmin-mitkrb">
458	<term><command>kadmin</command></term>
459	<listitem>
460	<para>is an utility used to make modifications
461	to the Kerberos database.</para>
462	<indexterm zone="mitkrb kadmin-mitkrb">
463	<primary sortas="b-kadmin">kadmin</primary>
464	</indexterm>
465	</listitem>
466	</varlistentry>
467
468	<varlistentry id="kadmind-mitkrb">
469	<term><command>kadmind</command></term>
470	<listitem>
471	<para>is a server for administrative access
472	to a Kerberos database.</para>
473	<indexterm zone="mitkrb kadmind-mitkrb">
474	<primary sortas="b-kadmind">kadmind</primary>
475	</indexterm>
476	</listitem>
477	</varlistentry>
478
479	<varlistentry id="kdb5_util">
480	<term><command>kdb5_util</command></term>
481	<listitem>
482	<para>is the KDC database utility.</para>
483	<indexterm zone="mitkrb kdb5_util">
484	<primary sortas="b-kdb5_util">kdb5_util</primary>
485	</indexterm>
486	</listitem>
487	</varlistentry>
488
489	<varlistentry id="kdestroy-mitkrb">
490	<term><command>kdestroy</command></term>
491	<listitem>
492	<para>removes the current set of tickets.</para>
493	<indexterm zone="mitkrb kdestroy-mitkrb">
494	<primary sortas="b-kdestroy">kdestroy</primary>
495	</indexterm>
496	</listitem>
497	</varlistentry>
498
499	<varlistentry id="kinit-mitkrb">
500	<term><command>kinit</command></term>
501	<listitem>
502	<para>is used to authenticate to the Kerberos server as a
503	principal and acquire a ticket granting ticket that can
504	later be used to obtain tickets for other services.</para>
505	<indexterm zone="mitkrb kinit-mitkrb">
506	<primary sortas="b-kinit">kinit</primary>
507	</indexterm>
508	</listitem>
509	</varlistentry>
510
511	<varlistentry id="klist-mitkrb">
512	<term><command>klist</command></term>
513	<listitem>
514	<para>reads and displays the current tickets in
515	the credential cache.</para>
516	<indexterm zone="mitkrb klist-mitkrb">
517	<primary sortas="b-klist">klist</primary>
518	</indexterm>
519	</listitem>
520	</varlistentry>
521
522	<varlistentry id="klogind">
523	<term><command>klogind</command></term>
524	<listitem>
525	<para>is the server that responds to <command>rlogin</command>
526	requests.</para>
527	<indexterm zone="mitkrb klogind">
528	<primary sortas="b-klogind">klogind</primary>
529	</indexterm>
530	</listitem>
531	</varlistentry>
532
533	<varlistentry id="kpasswd-mitkrb">
534	<term><command>kpasswd</command></term>
535	<listitem>
536	<para>is a program for changing Kerberos 5 passwords.</para>
537	<indexterm zone="mitkrb kpasswd-mitkrb">
538	<primary sortas="b-kpasswd">kpasswd</primary>
539	</indexterm>
540	</listitem>
541	</varlistentry>
542
543	<varlistentry id="kprop">
544	<term><command>kprop</command></term>
545	<listitem>
546	<para>takes a principal database in a specified format and
547	converts it into a stream of database records.</para>
548	<indexterm zone="mitkrb kprop">
549	<primary sortas="b-kprop">kprop</primary>
550	</indexterm>
551	</listitem>
552	</varlistentry>
553
554	<varlistentry id="kpropd">
555	<term><command>kpropd</command></term>
556	<listitem>
557	<para>receives a database sent by <command>kprop</command>
558	and writes it as a local database.</para>
559	<indexterm zone="mitkrb kpropd">
560	<primary sortas="b-kpropd">kpropd</primary>
561	</indexterm>
562	</listitem>
563	</varlistentry>
564
565	<varlistentry id="krb5-config-1">
566	<term><command>krb5-config</command></term>
567	<listitem>
568	<para>gives information on how to link programs against
569	libraries.</para>
570	<indexterm zone="mitkrb krb5-config-prog">
571	<primary sortas="b-krb5-config-1">krb5-config</primary>
572	</indexterm>
573	</listitem>
574	</varlistentry>
575
576	<varlistentry id="krb5kdc">
577	<term><command>krb5kdc</command></term>
578	<listitem>
579	<para>is a Kerberos 5 server.</para>
580	<indexterm zone="mitkrb krb5kdc">
581	<primary sortas="b-krb5kdc">krb5kdc</primary>
582	</indexterm>
583	</listitem>
584	</varlistentry>
585
586	<varlistentry id="kshd">
587	<term><command>kshd</command></term>
588	<listitem>
589	<para>is the server that responds to <command>rsh</command>
590	requests.</para>
591	<indexterm zone="mitkrb kshd">
592	<primary sortas="b-kshd">kshd</primary>
593	</indexterm>
594	</listitem>
595	</varlistentry>
596
597	<varlistentry id="ksu">
598	<term><command>ksu</command></term>
599	<listitem>
600	<para>is the super user program using Kerberos protocol.
601	Requires a properly configured
602	<filename class="directory">/etc/shells</filename> and
603	<filename>~/.k5login</filename> containing principals
604	authorized to become super users.</para>
605	<indexterm zone="mitkrb ksu">
606	<primary sortas="b-ksu">ksu</primary>
607	</indexterm>
608	</listitem>
609	</varlistentry>
610
611	<varlistentry id="ktutil-mitkrb">
612	<term><command>ktutil</command></term>
613	<listitem>
614	<para>is a program for managing Kerberos keytabs.</para>
615	<indexterm zone="mitkrb ktutil-mitkrb">
616	<primary sortas="b-ktutil">ktutil</primary>
617	</indexterm>
618	</listitem>
619	</varlistentry>
620
621	<varlistentry id="kvno">
622	<term><command>kvno</command></term>
623	<listitem>
624	<para>prints keyversion numbers of Kerberos principals.</para>
625	<indexterm zone="mitkrb kvno">
626	<primary sortas="b-kvno">kvno</primary>
627	</indexterm>
628	</listitem>
629	</varlistentry>
630
631	<varlistentry id="login.krb5">
632	<term><command>login.krb5</command></term>
633	<listitem>
634	<para>is a kerberized login program.</para>
635	<indexterm zone="mitkrb login">
636	<primary sortas="b-login.krb5">login.krb5</primary>
637	</indexterm>
638	</listitem>
639	</varlistentry>
640
641	<varlistentry id="rcp-mitkrb">
642	<term><command>rcp</command></term>
643	<listitem>
644	<para>is a kerberized rcp client program.</para>
645	<indexterm zone="mitkrb rcp">
646	<primary sortas="b-rcp">rcp</primary>
647	</indexterm>
648	</listitem>
649	</varlistentry>
650
651	<varlistentry id="rlogin">
652	<term><command>rlogin</command></term>
653	<listitem>
654	<para>is a kerberized rlogin client program.</para>
655	<indexterm zone="mitkrb rlogin">
656	<primary sortas="b-rlogin">rlogin</primary>
657	</indexterm>
658	</listitem>
659	</varlistentry>
660
661	<varlistentry id="rsh-mitkrb">
662	<term><command>rsh</command></term>
663	<listitem>
664	<para>is a kerberized rsh client program.</para>
665	<indexterm zone="mitkrb rsh">
666	<primary sortas="b-rsh">rsh</primary>
667	</indexterm>
668	</listitem>
669	</varlistentry>
670
671	<varlistentry id="telnet-mitkrb">
672	<term><command>telnet</command></term>
673	<listitem>
674	<para>is a kerberized telnet client program.</para>
675	<indexterm zone="mitkrb telnet">
676	<primary sortas="b-telnet">telnet</primary>
677	</indexterm>
678	</listitem>
679	</varlistentry>
680
681	<varlistentry id="telnetd-mitkrb">
682	<term><command>telnetd</command></term>
683	<listitem>
684	<para>is a kerberized telnet server.</para>
685	<indexterm zone="mitkrb telnetd">
686	<primary sortas="b-telnetd">telnetd</primary>
687	</indexterm>
688	</listitem>
689	</varlistentry>
690
691	<varlistentry id="libcom_err">
692	<term><filename class='libraryfile'>libcom_err.{so,a}</filename></term>
693	<listitem>
694	<para>implements the Kerberos library error code.</para>
695	<indexterm zone="mitkrb libcom_err">
696	<primary sortas="c-libcom_err">libcom_err.{so,a}</primary>
697	</indexterm>
698	</listitem>
699	</varlistentry>
700
701	<varlistentry id="libgssapi-mitkrb">
702	<term><filename class='libraryfile'>libgssapi.{so,a}</filename></term>
703	<listitem>
704	<para>contain the Generic Security Service Application
705	Programming Interface (GSSAPI) functions which provides security
706	services to callers in a generic fashion, supportable with a range of
707	underlying mechanisms and technologies and hence allowing source-level
708	portability of applications to different environments.</para>
709	<indexterm zone="mitkrb libgssapi">
710	<primary sortas="c-libgssapi">libgssapi.{so,a}</primary>
711	</indexterm>
712	</listitem>
713	</varlistentry>
714
715	<varlistentry id="libkadm5clnt-mitkrb">
716	<term><filename class='libraryfile'>libkadm5clnt.{so,a}</filename></term>
717	<listitem>
718	<para>contains the administrative authentication and password
719	checking functions required by Kerberos 5 client-side programs.</para>
720	<indexterm zone="mitkrb libkadm5clnt">
721	<primary sortas="c-libkadm5clnt">libkadm5clnt.{so,a}</primary>
722	</indexterm>
723	</listitem>
724	</varlistentry>
725
726	<varlistentry id="libkadm5srv-mitkrb">
727	<term><filename class='libraryfile'>libkadm5srv.{so,a}</filename></term>
728	<listitem>
729	<para>contain the administrative authentication and password
730	checking functions required by Kerberos 5 servers.</para>
731	<indexterm zone="mitkrb libkadm5srv">
732	<primary sortas="c-libkadm5srv">libkadm5srv.{so,a}</primary>
733	</indexterm>
734	</listitem>
735	</varlistentry>
736
737	<varlistentry id="libkdb5">
738	<term><filename class='libraryfile'>libkdb5.{so,a}</filename></term>
739	<listitem>
740	<para>is a Kerberos 5 authentication/authorization database
741	access library.</para>
742	<indexterm zone="mitkrb libkdb5">
743	<primary sortas="c-libkdb5">libkdb5.{so,a}</primary>
744	</indexterm>
745	</listitem>
746	</varlistentry>
747
748	<varlistentry id="libkrb5-mitkrb">
749	<term><filename class='libraryfile'>libkrb5.{so,a}</filename></term>
750	<listitem>
751	<para>is an all-purpose Kerberos 5 library.</para>
752	<indexterm zone="mitkrb libkrb5">
753	<primary sortas="c-libkrb5">libkrb5.{so,a}</primary>
754	</indexterm>
755	</listitem>
756	</varlistentry>
757
758	</variablelist>
759
760	</sect2>
761
762	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 84da85a

Download in other formats: