Context Navigation

source: postlfs/security/mitkrb.xml@ 894d7107

Visit:

12.0 12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 894d7107 was 1e82e2cb, checked in by Xi Ruoyao <xry111@…>, 11 months ago
mitkrb: Simplify doc installation
Property mode set to `100644`
File size: 31.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "https://kerberos.org/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "304b335236d86a7e8effec31bd782baf">
10	<!ENTITY mitkrb-size "8.2 MB">
11	<!ENTITY mitkrb-buildsize "95 MB (add 15 MB for tests)">
12	<!ENTITY mitkrb-time "0.3 SBU (Using parallelism=4; add 1.0 SBU for tests)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18
19	<title>MIT Kerberos V5-&mitkrb-version;</title>
20
21	<indexterm zone="mitkrb">
22	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to MIT Kerberos V5</title>
27
28	<para>
29	<application>MIT Kerberos V5</application> is a free implementation
30	of Kerberos 5. Kerberos is a network authentication protocol. It
31	centralizes the authentication database and uses kerberized
32	applications to work with servers or services that support Kerberos
33	allowing single logins and encrypted communication over internal
34	networks or the Internet.
35	</para>
36
37	&lfs113_checked;
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>
43	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
44	</para>
45	</listitem>
46	<listitem>
47	<para>
48	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
49	</para>
50	</listitem>
51	<listitem>
52	<para>
53	Download MD5 sum: &mitkrb-md5sum;
54	</para>
55	</listitem>
56	<listitem>
57	<para>
58	Download size: &mitkrb-size;
59	</para>
60	</listitem>
61	<listitem>
62	<para>
63	Estimated disk space required: &mitkrb-buildsize;
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Estimated build time: &mitkrb-time;
69	</para>
70	</listitem>
71	</itemizedlist>
72	<!--
73	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
74	<itemizedlist spacing="compact">
75	<listitem>
76	<para>
77	Required patch:
78	<ulink url="&patch-root;/mitkrb-&mitkrb-version;-openssl3_fixes-1.patch"/>
79	</para>
80	</listitem>
81	</itemizedlist>
82	-->
83	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
84
85	<bridgehead renderas="sect4">Optional</bridgehead>
86	<para role="optional">
87	<xref linkend="bind-utils"/>,
88	<xref linkend="gnupg2"/> (to authenticate the package),
89	<xref linkend="keyutils"/>,
90	<xref linkend="openldap"/>,<!-- Seems so that mit has its own
91	implementation of rpc now.
92	<xref linkend="rpcbind"/> (used during the test suite),-->
93	<xref linkend="valgrind"/> (used during the test suite),
94	<xref linkend="yasm"/>,
95	<ulink url="https://thrysoee.dk/editline/">libedit</ulink>,
96	<ulink url="https://cmocka.org/">cmocka</ulink>,
97	<ulink url="https://pypi.org/project/kdcproxy/">kdcproxy</ulink>,
98	<ulink url="https://pypi.org/project/pyrad/">pyrad</ulink>, and
99	<ulink url="https://cwrap.org/resolv_wrapper.html">resolv_wrapper</ulink>
100	</para>
101
102	<note>
103	<para>
104	Some sort of time synchronization facility on your system (like
105	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
106	if there is a time difference between a kerberized client and the
107	KDC server.
108	</para>
109	</note>
110
111	</sect2>
112
113	<sect2 role="installation">
114	<title>Installation of MIT Kerberos V5</title>
115	<!--
116	<para>
117	Next, fix several issues identified by OpenSSL-3:
118	</para>
119
120	<screen><userinput remap="pre">patch -Np1 -i ../mitkrb-&mitkrb-version;-openssl3_fixes-1.patch</userinput></screen>
121	-->
122	<para>
123	Build <application>MIT Kerberos V5</application> by running the
124	following commands:
125	</para>
126
127	<screen><userinput>cd src &&
128	<!-- dejagnu is not used anymore for tests
129	sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp &&
130	-->
131	sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &&
132	<!--sed -i '/t_kadm5.py/d' lib/kadm5/Makefile.in &&-->
133
134	./configure --prefix=/usr \
135	--sysconfdir=/etc \
136	--localstatedir=/var/lib \
137	--runstatedir=/run \
138	--with-system-et \
139	--with-system-ss \
140	--with-system-verto=no \
141	--enable-dns-for-realm &&
142	make</userinput></screen>
143
144	<para>
145	To test the build, issue: <command>make -j1 -k check</command>.
146	<!-- You need at least <xref link end="tcl"/>, which is used to drive the
147	test suite. Furthermore, <xref link end="dejagnu"/> must be available for
148	some of the tests to run. If you have a former version of MIT Kerberos V5
149	installed, it may happen that the test suite may pick up the installed
150	versions of the libraries, rather than the newly built ones. If so, it is
151	better to run the tests after the installation. -->Some tests may fail with
152	the latest version of dejagnu and glibc. Some tests may hang for a
153	long time and fail if the system is not connected to a network.
154	<!-- Note: on my laptop -j8 fails but -j1 passes
155	For version 1.21, -j1 no longer needs to be specified and the
156	time for the tests was reduced considerably. -bdubbs
157	But on one of my machines (4 cores) -j4 fails and -j1 passes...
158	I guess the test suite is just too fragile. -xry111
159	-->
160	</para>
161
162	<para>
163	Now, as the <systemitem class="username">root</systemitem> user:
164	</para>
165
166	<screen role="root"><userinput>make install &&
167	cp -vfr ../doc -T /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
168
169	</sect2>
170
171	<sect2 role="commands">
172	<title>Command Explanations</title>
173
174	<para>
175	The <command>sed</command> command removes a
176	test that is known to fail.
177	</para>
178
179	<para>
180	<parameter>--localstatedir=/var/lib</parameter>: This option is
181	used so that the Kerberos variable runtime data is located in
182	<filename class="directory">/var/lib</filename> instead of
183	<filename class="directory">/usr/var</filename>.
184	</para>
185
186	<para>
187	<parameter>--runstatedir=/run</parameter>: This option is used so that
188	the Kerberos runtime state information is located in
189	<filename class="directory">/run</filename> instead of the deprecated
190	<filename class="directory">/var/run</filename>.
191	</para>
192
193	<para>
194	<parameter>--with-system-et</parameter>: This switch causes the build
195	to use the system-installed versions of the error-table support
196	software.
197	</para>
198
199	<para>
200	<parameter>--with-system-ss</parameter>: This switch causes the build
201	to use the system-installed versions of the subsystem command-line
202	interface software.
203	</para>
204
205	<para>
206	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
207	the package: it does not recognize its own verto library installed
208	previously. This is not a problem, if reinstalling the same version,
209	but if you are updating, the old library is used as system's one,
210	instead of installing the new version.
211	</para>
212
213	<para>
214	<parameter>--enable-dns-for-realm</parameter>: This switch allows
215	realms to be resolved using the DNS server.
216	</para>
217
218	<para>
219	<option>--with-ldap</option>: Use this switch if you want to compile the
220	<application>OpenLDAP</application> database backend module.
221	</para>
222
223	</sect2>
224
225	<sect2 role="configuration">
226	<title>Configuring MIT Kerberos V5</title>
227
228	<sect3 id="krb5-config">
229	<title>Config Files</title>
230
231	<para>
232	<filename>/etc/krb5.conf</filename> and
233	<filename>/var/lib/krb5kdc/kdc.conf</filename>
234	</para>
235
236	<indexterm zone="mitkrb krb5-config">
237	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
238	</indexterm>
239
240	<indexterm zone="mitkrb krb5-config">
241	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
242	</indexterm>
243
244	</sect3>
245
246	<sect3>
247	<title>Configuration Information</title>
248
249	<sect4>
250	<title>Kerberos Configuration</title>
251
252	<tip>
253	<para>
254	You should consider installing some sort of password checking
255	dictionary so that you can configure the installation to only
256	accept strong passwords. A suitable dictionary to use is shown in
257	the <xref linkend="cracklib"/> instructions. Note that only one
258	file can be used, but you can concatenate many files into one. The
259	configuration file shown below assumes you have installed a
260	dictionary to <filename>/usr/share/dict/words</filename>.
261	</para>
262	</tip>
263
264	<para>
265	Create the Kerberos configuration file with the following
266	commands issued by the <systemitem class="username">root</systemitem>
267	user:
268	</para>
269
270	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
271	<literal># Begin /etc/krb5.conf
272
273	[libdefaults]
274	default_realm = <replaceable><EXAMPLE.ORG></replaceable>
275	encrypt = true
276
277	[realms]
278	<replaceable><EXAMPLE.ORG></replaceable> = {
279	kdc = <replaceable><belgarath.example.org></replaceable>
280	admin_server = <replaceable><belgarath.example.org></replaceable>
281	dict_file = /usr/share/dict/words
282	}
283
284	[domain_realm]
285	.<replaceable><example.org></replaceable> = <replaceable><EXAMPLE.ORG></replaceable>
286
287	[logging]
288	kdc = SYSLOG:INFO:AUTH
289	admin_server = SYSLOG:INFO:AUTH
290	default = SYSLOG:DEBUG:DAEMON
291
292	# End /etc/krb5.conf</literal>
293	EOF</userinput></screen>
294
295	<para>
296	You will need to substitute your domain and proper hostname for the
297	occurrences of the <replaceable><belgarath></replaceable> and
298	<replaceable><example.org></replaceable> names.
299	</para>
300
301	<para>
302	<option>default_realm</option> should be the name of your
303	domain changed to ALL CAPS. This isn't required, but both
304	<application>Heimdal</application> and MIT recommend it.
305	</para>
306
307	<para>
308	<option>encrypt = true</option> provides encryption of all traffic
309	between kerberized clients and servers. It's not necessary and can
310	be left off. If you leave it off, you can encrypt all traffic from
311	the client to the server using a switch on the client program
312	instead.
313	</para>
314
315	<para>
316	The <option>[realms]</option> parameters tell the client programs
317	where to look for the KDC authentication services.
318	</para>
319
320	<para>
321	The <option>[domain_realm]</option> section maps a domain to a realm.
322	</para>
323
324	<para>
325	Create the KDC database:
326	</para>
327
328	<screen role="root"><userinput>kdb5_util create -r <replaceable><EXAMPLE.ORG></replaceable> -s</userinput></screen>
329
330	<para>
331	Now you should populate the database with principals
332	(users). For now, just use your regular login name or
333	<systemitem class="username">root</systemitem>.
334	</para>
335
336	<screen role="root"><userinput>kadmin.local
337	<prompt>kadmin.local:</prompt> add_policy dict-only
338	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
339
340	<para>
341	The KDC server and any machine running kerberized
342	server daemons must have a host key installed:
343	</para>
344
345	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
346
347	<para>
348	After choosing the defaults when prompted, you will have to
349	export the data to a keytab file:
350	</para>
351
352	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
353
354	<para>
355	This should have created a file in
356	<filename class="directory">/etc</filename> named
357	<filename>krb5.keytab</filename> (Kerberos 5). This file should
358	have 600 (<systemitem class="username">root</systemitem> rw only)
359	permissions. Keeping the keytab files from public access is crucial
360	to the overall security of the Kerberos installation.
361	</para>
362
363	<para>
364	Exit the <command>kadmin</command> program (use
365	<command>quit</command> or <command>exit</command>) and return
366	back to the shell prompt. Start the KDC daemon manually, just to
367	test out the installation:
368	</para>
369
370	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
371
372	<para>
373	Attempt to get a ticket with the following command:
374	</para>
375
376	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
377
378	<para>
379	You will be prompted for the password you created. After you
380	get your ticket, you can list it with the following command:
381	</para>
382
383	<screen><userinput>klist</userinput></screen>
384
385	<para>
386	Information about the ticket should be displayed on the
387	screen.
388	</para>
389
390	<para>
391	To test the functionality of the keytab file, issue the
392	following command as the
393	<systemitem class="username">root</systemitem> user:
394	</para>
395
396	<screen role="root"><userinput>ktutil
397	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
398	<prompt>ktutil:</prompt> l</userinput></screen>
399
400	<para>
401	This should dump a list of the host principal, along with
402	the encryption methods used to access the principal.
403	</para>
404
405	<para>
406	Create an empty ACL file that can be modified later:
407	</para>
408
409	<screen role="root"><userinput>touch /var/lib/krb5kdc/kadm5.acl</userinput></screen>
410
411	<para>
412	At this point, if everything has been successful so far, you
413	can feel fairly confident in the installation and configuration of
414	the package.
415	</para>
416
417	</sect4>
418
419	<sect4>
420	<title>Additional Information</title>
421
422	<para>
423	For additional information consult the <ulink
424	url="https://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
425	documentation for krb5-&mitkrb-version;</ulink> on which the above
426	instructions are based.
427	</para>
428
429	</sect4>
430
431	</sect3>
432
433	<sect3 id="mitkrb-init">
434	<title><phrase revision="sysv">Init Script</phrase>
435	<phrase revision="systemd">Systemd Unit</phrase></title>
436
437	<para revision="sysv">
438	If you want to start <application>Kerberos</application> services
439	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
440	script included in the <xref linkend="bootscripts"/> package using
441	the following command:
442	</para>
443
444	<para revision="systemd">
445	If you want to start <application>Kerberos</application> services
446	at boot, install the <filename>krb5.service</filename> unit included in
447	the <xref linkend="systemd-units"/> package using the following command:
448	</para>
449
450	<indexterm zone="mitkrb mitkrb-init">
451	<primary sortas="f-krb5">krb5</primary>
452	</indexterm>
453
454	<screen role="root"><userinput>make install-krb5</userinput></screen>
455
456	</sect3>
457
458	</sect2>
459
460	<sect2 role="content">
461
462	<title>Contents</title>
463
464	<segmentedlist>
465	<segtitle>Installed Programs</segtitle>
466	<segtitle>Installed Libraries</segtitle>
467	<segtitle>Installed Directories</segtitle>
468
469	<seglistitem>
470	<seg>
471	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
472	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
473	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5-send-pr, krb5kdc,
474	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
475	sserver, uuclient, and uuserver
476	</seg>
477	<seg>
478	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
479	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
480	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
481	libverto.so, and some plugins under the /usr/lib/krb5 tree
482	</seg>
483	<seg>
484	/usr/include/{gssapi,gssrpc,kadm5,krb5},
485	/usr/lib/krb5,
486	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
487	/var/lib/krb5kdc, and
488	/run/krb5kdc
489	</seg>
490	</seglistitem>
491	</segmentedlist>
492
493	<variablelist>
494	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
495	<?dbfo list-presentation="list"?>
496	<?dbhtml list-presentation="table"?>
497
498	<varlistentry id="gss-client">
499	<term><command>gss-client</command></term>
500	<listitem>
501	<para>
502	is a GSSAPI test client
503	</para>
504	<indexterm zone="mitkrb gss-client">
505	<primary sortas="b-gss-client">gss-client</primary>
506	</indexterm>
507	</listitem>
508	</varlistentry>
509
510	<varlistentry id="gss-server">
511	<term><command>gss-server</command></term>
512	<listitem>
513	<para>
514	is a GSSAPI test server
515	</para>
516	<indexterm zone="mitkrb gss-server">
517	<primary sortas="b-gss-server">gss-server</primary>
518	</indexterm>
519	</listitem>
520	</varlistentry>
521
522	<varlistentry id="k5srvutil">
523	<term><command>k5srvutil</command></term>
524	<listitem>
525	<para>
526	is a host keytable manipulation utility
527	</para>
528	<indexterm zone="mitkrb k5srvutil">
529	<primary sortas="b-k5srvutil">k5srvutil</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="kadmin">
535	<term><command>kadmin</command></term>
536	<listitem>
537	<para>
538	is an utility used to make modifications
539	to the Kerberos database
540	</para>
541	<indexterm zone="mitkrb kadmin">
542	<primary sortas="b-kadmin">kadmin</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="kadmin.local">
548	<term><command>kadmin.local</command></term>
549	<listitem>
550	<para>
551	is an utility similar to <command>kadmin</command>, but if the
552	database is db2, the local client <command>kadmin.local</command>,
553	is intended to run directly on the master KDC without Kerberos
554	authentication
555	</para>
556	<indexterm zone="mitkrb kadmin.local">
557	<primary sortas="b-kadmin.local">kadmin.local</primary>
558	</indexterm>
559	</listitem>
560	</varlistentry>
561
562	<varlistentry id="kadmind">
563	<term><command>kadmind</command></term>
564	<listitem>
565	<para>
566	is a server for administrative access
567	to a Kerberos database
568	</para>
569	<indexterm zone="mitkrb kadmind">
570	<primary sortas="b-kadmind">kadmind</primary>
571	</indexterm>
572	</listitem>
573	</varlistentry>
574
575	<varlistentry id="kdb5_ldap_util">
576	<term><command>kdb5_ldap_util (optional)</command></term>
577	<listitem>
578	<para>
579	allows an administrator to manage realms, Kerberos services
580	and ticket policies
581	</para>
582	<indexterm zone="mitkrb kdb5_ldap_util">
583	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
584	</indexterm>
585	</listitem>
586	</varlistentry>
587
588	<varlistentry id="kdb5_util">
589	<term><command>kdb5_util</command></term>
590	<listitem>
591	<para>
592	is the KDC database utility
593	</para>
594	<indexterm zone="mitkrb kdb5_util">
595	<primary sortas="b-kdb5_util">kdb5_util</primary>
596	</indexterm>
597	</listitem>
598	</varlistentry>
599
600	<varlistentry id="kdestroy">
601	<term><command>kdestroy</command></term>
602	<listitem>
603	<para>
604	removes the current set of tickets
605	</para>
606	<indexterm zone="mitkrb kdestroy">
607	<primary sortas="b-kdestroy">kdestroy</primary>
608	</indexterm>
609	</listitem>
610	</varlistentry>
611
612	<varlistentry id="kinit">
613	<term><command>kinit</command></term>
614	<listitem>
615	<para>
616	is used to authenticate to the Kerberos server as a
617	principal and acquire a ticket granting ticket that can
618	later be used to obtain tickets for other services
619	</para>
620	<indexterm zone="mitkrb kinit">
621	<primary sortas="b-kinit">kinit</primary>
622	</indexterm>
623	</listitem>
624	</varlistentry>
625
626	<varlistentry id="klist">
627	<term><command>klist</command></term>
628	<listitem>
629	<para>
630	reads and displays the current tickets in
631	the credential cache
632	</para>
633	<indexterm zone="mitkrb klist">
634	<primary sortas="b-klist">klist</primary>
635	</indexterm>
636	</listitem>
637	</varlistentry>
638
639	<varlistentry id="kpasswd">
640	<term><command>kpasswd</command></term>
641	<listitem>
642	<para>
643	is a program for changing Kerberos 5 passwords
644	</para>
645	<indexterm zone="mitkrb kpasswd">
646	<primary sortas="b-kpasswd">kpasswd</primary>
647	</indexterm>
648	</listitem>
649	</varlistentry>
650
651	<varlistentry id="kprop">
652	<term><command>kprop</command></term>
653	<listitem>
654	<para>
655	takes a principal database in a specified format and
656	converts it into a stream of database records
657	</para>
658	<indexterm zone="mitkrb kprop">
659	<primary sortas="b-kprop">kprop</primary>
660	</indexterm>
661	</listitem>
662	</varlistentry>
663
664	<varlistentry id="kpropd">
665	<term><command>kpropd</command></term>
666	<listitem>
667	<para>
668	receives a database sent by <command>kprop</command>
669	and writes it as a local database
670	</para>
671	<indexterm zone="mitkrb kpropd">
672	<primary sortas="b-kpropd">kpropd</primary>
673	</indexterm>
674	</listitem>
675	</varlistentry>
676
677	<varlistentry id="kproplog">
678	<term><command>kproplog</command></term>
679	<listitem>
680	<para>
681	displays the contents of the KDC database update log to standard
682	output
683	</para>
684	<indexterm zone="mitkrb kproplog">
685	<primary sortas="b-kproplog">kproplog</primary>
686	</indexterm>
687	</listitem>
688	</varlistentry>
689
690	<varlistentry id="krb5-config-prog2">
691	<term><command>krb5-config</command></term>
692	<listitem>
693	<para>
694	gives information on how to link programs against
695	libraries
696	</para>
697	<indexterm zone="mitkrb krb5-config-prog2">
698	<primary sortas="b-krb5-config">krb5-config</primary>
699	</indexterm>
700	</listitem>
701	</varlistentry>
702
703	<varlistentry id="krb5kdc">
704	<term><command>krb5kdc</command></term>
705	<listitem>
706	<para>
707	is the <application>Kerberos 5</application> server
708	</para>
709	<indexterm zone="mitkrb krb5kdc">
710	<primary sortas="b-krb5kdc">krb5kdc</primary>
711	</indexterm>
712	</listitem>
713	</varlistentry>
714
715	<varlistentry id="krb5-send-pr">
716	<term><command>krb5-send-pr</command></term>
717	<listitem>
718	<para>
719	sends a problem report (PR) to a central support site
720	</para>
721	<indexterm zone="mitkrb krb5-send-pr">
722	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
723	</indexterm>
724	</listitem>
725	</varlistentry>
726
727	<varlistentry id="ksu">
728	<term><command>ksu</command></term>
729	<listitem>
730	<para>
731	is the super user program using Kerberos protocol.
732	Requires a properly configured
733	<filename>/etc/shells</filename> and
734	<filename>~/.k5login</filename> containing principals
735	authorized to become super users
736	</para>
737	<indexterm zone="mitkrb ksu">
738	<primary sortas="b-ksu">ksu</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="kswitch">
744	<term><command>kswitch</command></term>
745	<listitem>
746	<para>
747	makes the specified credential cache the
748	primary cache for the collection, if a cache
749	collection is available
750	</para>
751	<indexterm zone="mitkrb kswitch">
752	<primary sortas="b-kswitch">kswitch</primary>
753	</indexterm>
754	</listitem>
755	</varlistentry>
756
757	<varlistentry id="ktutil">
758	<term><command>ktutil</command></term>
759	<listitem>
760	<para>
761	is a program for managing Kerberos keytabs
762	</para>
763	<indexterm zone="mitkrb ktutil">
764	<primary sortas="b-ktutil">ktutil</primary>
765	</indexterm>
766	</listitem>
767	</varlistentry>
768
769	<varlistentry id="kvno">
770	<term><command>kvno</command></term>
771	<listitem>
772	<para>
773	prints keyversion numbers of Kerberos principals
774	</para>
775	<indexterm zone="mitkrb kvno">
776	<primary sortas="b-kvno">kvno</primary>
777	</indexterm>
778	</listitem>
779	</varlistentry>
780
781	<varlistentry id="sclient">
782	<term><command>sclient</command></term>
783	<listitem>
784	<para>
785	is used to contact a sample server and authenticate to it
786	using Kerberos 5 tickets, then display the server's
787	response
788	</para>
789	<indexterm zone="mitkrb sclient">
790	<primary sortas="b-sclient">sclient</primary>
791	</indexterm>
792	</listitem>
793	</varlistentry>
794
795	<varlistentry id="sim_client">
796	<term><command>sim_client</command></term>
797	<listitem>
798	<para>
799	is a simple UDP-based sample client program, for
800	demonstration
801	</para>
802	<indexterm zone="mitkrb sim_client">
803	<primary sortas="b-sim_client">sim_client</primary>
804	</indexterm>
805	</listitem>
806	</varlistentry>
807
808	<varlistentry id="sim_server">
809	<term><command>sim_server</command></term>
810	<listitem>
811	<para>
812	is a simple UDP-based server application, for
813	demonstration
814	</para>
815	<indexterm zone="mitkrb sim_server">
816	<primary sortas="b-sim_server">sim_server</primary>
817	</indexterm>
818	</listitem>
819	</varlistentry>
820
821	<varlistentry id="sserver">
822	<term><command>sserver</command></term>
823	<listitem>
824	<para>
825	is the sample Kerberos 5 server
826	</para>
827	<indexterm zone="mitkrb sserver">
828	<primary sortas="b-sserver">sserver</primary>
829	</indexterm>
830	</listitem>
831	</varlistentry>
832
833	<varlistentry id="uuclient">
834	<term><command>uuclient</command></term>
835	<listitem>
836	<para>
837	is another sample client
838	</para>
839	<indexterm zone="mitkrb uuclient">
840	<primary sortas="b-uuclient">uuclient</primary>
841	</indexterm>
842	</listitem>
843	</varlistentry>
844
845	<varlistentry id="uuserver">
846	<term><command>uuserver</command></term>
847	<listitem>
848	<para>
849	is another sample server
850	</para>
851	<indexterm zone="mitkrb uuserver">
852	<primary sortas="b-uuserver">uuserver</primary>
853	</indexterm>
854	</listitem>
855	</varlistentry>
856
857
858	<varlistentry id="libgssapi_krb5">
859	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
860	<listitem>
861	<para>
862	contains the Generic Security Service Application Programming
863	Interface (GSSAPI) functions which provides security services
864	to callers in a generic fashion, supportable with a range of
865	underlying mechanisms and technologies and hence allowing
866	source-level portability of applications to different
867	environments
868	</para>
869	<indexterm zone="mitkrb libgssapi_krb5">
870	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
871	</indexterm>
872	</listitem>
873	</varlistentry>
874
875	<varlistentry id="libkadm5clnt">
876	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
877	<listitem>
878	<para>
879	contains the administrative authentication and password checking
880	functions required by Kerberos 5 client-side programs
881	</para>
882	<indexterm zone="mitkrb libkadm5clnt">
883	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
884	</indexterm>
885	</listitem>
886	</varlistentry>
887
888	<varlistentry id="libkadm5srv">
889	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
890	<listitem>
891	<para>
892	contains the administrative authentication and password
893	checking functions required by Kerberos 5 servers
894	</para>
895	<indexterm zone="mitkrb libkadm5srv">
896	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
897	</indexterm>
898	</listitem>
899	</varlistentry>
900
901	<varlistentry id="libkdb5">
902	<term><filename class="libraryfile">libkdb5.so</filename></term>
903	<listitem>
904	<para>
905	is a Kerberos 5 authentication/authorization database
906	access library
907	</para>
908	<indexterm zone="mitkrb libkdb5">
909	<primary sortas="c-libkdb5">libkdb5.so</primary>
910	</indexterm>
911	</listitem>
912	</varlistentry>
913
914	<varlistentry id="libkrad">
915	<term><filename class="libraryfile">libkrad.so</filename></term>
916	<listitem>
917	<para>
918	contains the internal support library for RADIUS functionality
919	</para>
920	<indexterm zone="mitkrb libkrad">
921	<primary sortas="c-libkrad">libkrad.so</primary>
922	</indexterm>
923	</listitem>
924	</varlistentry>
925
926	<varlistentry id="libkrb5">
927	<term><filename class="libraryfile">libkrb5.so</filename></term>
928	<listitem>
929	<para>
930	is an all-purpose <application>Kerberos 5</application> library
931	</para>
932	<indexterm zone="mitkrb libkrb5">
933	<primary sortas="c-libkrb5">libkrb5.so</primary>
934	</indexterm>
935	</listitem>
936	</varlistentry>
937
938	</variablelist>
939
940	</sect2>
941
942	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: