Context Navigation

mitkrb.xml@ 907a269

Visit:

12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since 907a269 was 14891a90, checked in by Xi Ruoyao <xry111@…>, 12 months ago

treewide: More "User Notes" clean up

Remove links to pages w/o real contents.

Property mode set to 100644

File size: 31.1 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "https://kerberos.org/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "304b335236d86a7e8effec31bd782baf">
10	<!ENTITY mitkrb-size "8.2 MB">
11	<!ENTITY mitkrb-buildsize "95 MB (add 15 MB for tests)">
12	<!ENTITY mitkrb-time "0.3 SBU (Using parallelism=4; add 1.0 SBU for tests)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18
19	<title>MIT Kerberos V5-&mitkrb-version;</title>
20
21	<indexterm zone="mitkrb">
22	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to MIT Kerberos V5</title>
27
28	<para>
29	<application>MIT Kerberos V5</application> is a free implementation
30	of Kerberos 5. Kerberos is a network authentication protocol. It
31	centralizes the authentication database and uses kerberized
32	applications to work with servers or services that support Kerberos
33	allowing single logins and encrypted communication over internal
34	networks or the Internet.
35	</para>
36
37	&lfs113_checked;
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>
43	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
44	</para>
45	</listitem>
46	<listitem>
47	<para>
48	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
49	</para>
50	</listitem>
51	<listitem>
52	<para>
53	Download MD5 sum: &mitkrb-md5sum;
54	</para>
55	</listitem>
56	<listitem>
57	<para>
58	Download size: &mitkrb-size;
59	</para>
60	</listitem>
61	<listitem>
62	<para>
63	Estimated disk space required: &mitkrb-buildsize;
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Estimated build time: &mitkrb-time;
69	</para>
70	</listitem>
71	</itemizedlist>
72	<!--
73	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
74	<itemizedlist spacing="compact">
75	<listitem>
76	<para>
77	Required patch:
78	<ulink url="&patch-root;/mitkrb-&mitkrb-version;-openssl3_fixes-1.patch"/>
79	</para>
80	</listitem>
81	</itemizedlist>
82	-->
83	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
84
85	<bridgehead renderas="sect4">Optional</bridgehead>
86	<para role="optional">
87	<xref linkend="bind-utils"/>,
88	<xref linkend="gnupg2"/> (to authenticate the package),
89	<xref linkend="keyutils"/>,
90	<xref linkend="openldap"/>,<!-- Seems so that mit has its own
91	implementation of rpc now.
92	<xref linkend="rpcbind"/> (used during the test suite),-->
93	<xref linkend="valgrind"/> (used during the test suite),
94	<xref linkend="yasm"/>,
95	<ulink url="https://thrysoee.dk/editline/">libedit</ulink>,
96	<ulink url="https://cmocka.org/">cmocka</ulink>,
97	<ulink url="https://pypi.org/project/kdcproxy/">kdcproxy</ulink>,
98	<ulink url="https://pypi.org/project/pyrad/">pyrad</ulink>, and
99	<ulink url="https://cwrap.org/resolv_wrapper.html">resolv_wrapper</ulink>
100	</para>
101
102	<note>
103	<para>
104	Some sort of time synchronization facility on your system (like
105	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
106	if there is a time difference between a kerberized client and the
107	KDC server.
108	</para>
109	</note>
110
111	</sect2>
112
113	<sect2 role="installation">
114	<title>Installation of MIT Kerberos V5</title>
115	<!--
116	<para>
117	Next, fix several issues identified by OpenSSL-3:
118	</para>
119
120	<screen><userinput remap="pre">patch -Np1 -i ../mitkrb-&mitkrb-version;-openssl3_fixes-1.patch</userinput></screen>
121	-->
122	<para>
123	Build <application>MIT Kerberos V5</application> by running the
124	following commands:
125	</para>
126
127	<screen><userinput>cd src &&
128	<!-- dejagnu is not used anymore for tests
129	sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp &&
130	-->
131	sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &&
132	<!--sed -i '/t_kadm5.py/d' lib/kadm5/Makefile.in &&-->
133
134	./configure --prefix=/usr \
135	--sysconfdir=/etc \
136	--localstatedir=/var/lib \
137	--runstatedir=/run \
138	--with-system-et \
139	--with-system-ss \
140	--with-system-verto=no \
141	--enable-dns-for-realm &&
142	make</userinput></screen>
143
144	<para>
145	To test the build, issue: <command>make -j1 -k check</command>.
146	<!-- You need at least <xref link end="tcl"/>, which is used to drive the
147	test suite. Furthermore, <xref link end="dejagnu"/> must be available for
148	some of the tests to run. If you have a former version of MIT Kerberos V5
149	installed, it may happen that the test suite may pick up the installed
150	versions of the libraries, rather than the newly built ones. If so, it is
151	better to run the tests after the installation. -->Some tests may fail with
152	the latest version of dejagnu and glibc. Some tests may hang for a
153	long time and fail if the system is not connected to a network.
154	<!-- Note: on my laptop -j8 fails but -j1 passes
155	For version 1.21, -j1 no longer needs to be specified and the
156	time for the tests was reduced considerably. -bdubbs
157	But on one of my machines (4 cores) -j4 fails and -j1 passes...
158	I guess the test suite is just too fragile. -xry111
159	-->
160	</para>
161
162	<para>
163	Now, as the <systemitem class="username">root</systemitem> user:
164	</para>
165
166	<screen role="root"><userinput>make install &&
167
168	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
169	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
170
171	</sect2>
172
173	<sect2 role="commands">
174	<title>Command Explanations</title>
175
176	<para>
177	The <command>sed</command> command removes a
178	test that is known to fail.
179	</para>
180
181	<para>
182	<parameter>--localstatedir=/var/lib</parameter>: This option is
183	used so that the Kerberos variable runtime data is located in
184	<filename class="directory">/var/lib</filename> instead of
185	<filename class="directory">/usr/var</filename>.
186	</para>
187
188	<para>
189	<parameter>--runstatedir=/run</parameter>: This option is used so that
190	the Kerberos runtime state information is located in
191	<filename class="directory">/run</filename> instead of the deprecated
192	<filename class="directory">/var/run</filename>.
193	</para>
194
195	<para>
196	<parameter>--with-system-et</parameter>: This switch causes the build
197	to use the system-installed versions of the error-table support
198	software.
199	</para>
200
201	<para>
202	<parameter>--with-system-ss</parameter>: This switch causes the build
203	to use the system-installed versions of the subsystem command-line
204	interface software.
205	</para>
206
207	<para>
208	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
209	the package: it does not recognize its own verto library installed
210	previously. This is not a problem, if reinstalling the same version,
211	but if you are updating, the old library is used as system's one,
212	instead of installing the new version.
213	</para>
214
215	<para>
216	<parameter>--enable-dns-for-realm</parameter>: This switch allows
217	realms to be resolved using the DNS server.
218	</para>
219
220	<para>
221	<option>--with-ldap</option>: Use this switch if you want to compile the
222	<application>OpenLDAP</application> database backend module.
223	</para>
224
225	</sect2>
226
227	<sect2 role="configuration">
228	<title>Configuring MIT Kerberos V5</title>
229
230	<sect3 id="krb5-config">
231	<title>Config Files</title>
232
233	<para>
234	<filename>/etc/krb5.conf</filename> and
235	<filename>/var/lib/krb5kdc/kdc.conf</filename>
236	</para>
237
238	<indexterm zone="mitkrb krb5-config">
239	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
240	</indexterm>
241
242	<indexterm zone="mitkrb krb5-config">
243	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
244	</indexterm>
245
246	</sect3>
247
248	<sect3>
249	<title>Configuration Information</title>
250
251	<sect4>
252	<title>Kerberos Configuration</title>
253
254	<tip>
255	<para>
256	You should consider installing some sort of password checking
257	dictionary so that you can configure the installation to only
258	accept strong passwords. A suitable dictionary to use is shown in
259	the <xref linkend="cracklib"/> instructions. Note that only one
260	file can be used, but you can concatenate many files into one. The
261	configuration file shown below assumes you have installed a
262	dictionary to <filename>/usr/share/dict/words</filename>.
263	</para>
264	</tip>
265
266	<para>
267	Create the Kerberos configuration file with the following
268	commands issued by the <systemitem class="username">root</systemitem>
269	user:
270	</para>
271
272	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
273	<literal># Begin /etc/krb5.conf
274
275	[libdefaults]
276	default_realm = <replaceable><EXAMPLE.ORG></replaceable>
277	encrypt = true
278
279	[realms]
280	<replaceable><EXAMPLE.ORG></replaceable> = {
281	kdc = <replaceable><belgarath.example.org></replaceable>
282	admin_server = <replaceable><belgarath.example.org></replaceable>
283	dict_file = /usr/share/dict/words
284	}
285
286	[domain_realm]
287	.<replaceable><example.org></replaceable> = <replaceable><EXAMPLE.ORG></replaceable>
288
289	[logging]
290	kdc = SYSLOG:INFO:AUTH
291	admin_server = SYSLOG:INFO:AUTH
292	default = SYSLOG:DEBUG:DAEMON
293
294	# End /etc/krb5.conf</literal>
295	EOF</userinput></screen>
296
297	<para>
298	You will need to substitute your domain and proper hostname for the
299	occurrences of the <replaceable><belgarath></replaceable> and
300	<replaceable><example.org></replaceable> names.
301	</para>
302
303	<para>
304	<option>default_realm</option> should be the name of your
305	domain changed to ALL CAPS. This isn't required, but both
306	<application>Heimdal</application> and MIT recommend it.
307	</para>
308
309	<para>
310	<option>encrypt = true</option> provides encryption of all traffic
311	between kerberized clients and servers. It's not necessary and can
312	be left off. If you leave it off, you can encrypt all traffic from
313	the client to the server using a switch on the client program
314	instead.
315	</para>
316
317	<para>
318	The <option>[realms]</option> parameters tell the client programs
319	where to look for the KDC authentication services.
320	</para>
321
322	<para>
323	The <option>[domain_realm]</option> section maps a domain to a realm.
324	</para>
325
326	<para>
327	Create the KDC database:
328	</para>
329
330	<screen role="root"><userinput>kdb5_util create -r <replaceable><EXAMPLE.ORG></replaceable> -s</userinput></screen>
331
332	<para>
333	Now you should populate the database with principals
334	(users). For now, just use your regular login name or
335	<systemitem class="username">root</systemitem>.
336	</para>
337
338	<screen role="root"><userinput>kadmin.local
339	<prompt>kadmin.local:</prompt> add_policy dict-only
340	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
341
342	<para>
343	The KDC server and any machine running kerberized
344	server daemons must have a host key installed:
345	</para>
346
347	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
348
349	<para>
350	After choosing the defaults when prompted, you will have to
351	export the data to a keytab file:
352	</para>
353
354	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
355
356	<para>
357	This should have created a file in
358	<filename class="directory">/etc</filename> named
359	<filename>krb5.keytab</filename> (Kerberos 5). This file should
360	have 600 (<systemitem class="username">root</systemitem> rw only)
361	permissions. Keeping the keytab files from public access is crucial
362	to the overall security of the Kerberos installation.
363	</para>
364
365	<para>
366	Exit the <command>kadmin</command> program (use
367	<command>quit</command> or <command>exit</command>) and return
368	back to the shell prompt. Start the KDC daemon manually, just to
369	test out the installation:
370	</para>
371
372	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
373
374	<para>
375	Attempt to get a ticket with the following command:
376	</para>
377
378	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
379
380	<para>
381	You will be prompted for the password you created. After you
382	get your ticket, you can list it with the following command:
383	</para>
384
385	<screen><userinput>klist</userinput></screen>
386
387	<para>
388	Information about the ticket should be displayed on the
389	screen.
390	</para>
391
392	<para>
393	To test the functionality of the keytab file, issue the
394	following command as the
395	<systemitem class="username">root</systemitem> user:
396	</para>
397
398	<screen role="root"><userinput>ktutil
399	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
400	<prompt>ktutil:</prompt> l</userinput></screen>
401
402	<para>
403	This should dump a list of the host principal, along with
404	the encryption methods used to access the principal.
405	</para>
406
407	<para>
408	Create an empty ACL file that can be modified later:
409	</para>
410
411	<screen role="root"><userinput>touch /var/lib/krb5kdc/kadm5.acl</userinput></screen>
412
413	<para>
414	At this point, if everything has been successful so far, you
415	can feel fairly confident in the installation and configuration of
416	the package.
417	</para>
418
419	</sect4>
420
421	<sect4>
422	<title>Additional Information</title>
423
424	<para>
425	For additional information consult the <ulink
426	url="https://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
427	documentation for krb5-&mitkrb-version;</ulink> on which the above
428	instructions are based.
429	</para>
430
431	</sect4>
432
433	</sect3>
434
435	<sect3 id="mitkrb-init">
436	<title><phrase revision="sysv">Init Script</phrase>
437	<phrase revision="systemd">Systemd Unit</phrase></title>
438
439	<para revision="sysv">
440	If you want to start <application>Kerberos</application> services
441	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
442	script included in the <xref linkend="bootscripts"/> package using
443	the following command:
444	</para>
445
446	<para revision="systemd">
447	If you want to start <application>Kerberos</application> services
448	at boot, install the <filename>krb5.service</filename> unit included in
449	the <xref linkend="systemd-units"/> package using the following command:
450	</para>
451
452	<indexterm zone="mitkrb mitkrb-init">
453	<primary sortas="f-krb5">krb5</primary>
454	</indexterm>
455
456	<screen role="root"><userinput>make install-krb5</userinput></screen>
457
458	</sect3>
459
460	</sect2>
461
462	<sect2 role="content">
463
464	<title>Contents</title>
465
466	<segmentedlist>
467	<segtitle>Installed Programs</segtitle>
468	<segtitle>Installed Libraries</segtitle>
469	<segtitle>Installed Directories</segtitle>
470
471	<seglistitem>
472	<seg>
473	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
474	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
475	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5-send-pr, krb5kdc,
476	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
477	sserver, uuclient, and uuserver
478	</seg>
479	<seg>
480	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
481	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
482	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
483	libverto.so, and some plugins under the /usr/lib/krb5 tree
484	</seg>
485	<seg>
486	/usr/include/{gssapi,gssrpc,kadm5,krb5},
487	/usr/lib/krb5,
488	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
489	/var/lib/krb5kdc, and
490	/run/krb5kdc
491	</seg>
492	</seglistitem>
493	</segmentedlist>
494
495	<variablelist>
496	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
497	<?dbfo list-presentation="list"?>
498	<?dbhtml list-presentation="table"?>
499
500	<varlistentry id="gss-client">
501	<term><command>gss-client</command></term>
502	<listitem>
503	<para>
504	is a GSSAPI test client
505	</para>
506	<indexterm zone="mitkrb gss-client">
507	<primary sortas="b-gss-client">gss-client</primary>
508	</indexterm>
509	</listitem>
510	</varlistentry>
511
512	<varlistentry id="gss-server">
513	<term><command>gss-server</command></term>
514	<listitem>
515	<para>
516	is a GSSAPI test server
517	</para>
518	<indexterm zone="mitkrb gss-server">
519	<primary sortas="b-gss-server">gss-server</primary>
520	</indexterm>
521	</listitem>
522	</varlistentry>
523
524	<varlistentry id="k5srvutil">
525	<term><command>k5srvutil</command></term>
526	<listitem>
527	<para>
528	is a host keytable manipulation utility
529	</para>
530	<indexterm zone="mitkrb k5srvutil">
531	<primary sortas="b-k5srvutil">k5srvutil</primary>
532	</indexterm>
533	</listitem>
534	</varlistentry>
535
536	<varlistentry id="kadmin">
537	<term><command>kadmin</command></term>
538	<listitem>
539	<para>
540	is an utility used to make modifications
541	to the Kerberos database
542	</para>
543	<indexterm zone="mitkrb kadmin">
544	<primary sortas="b-kadmin">kadmin</primary>
545	</indexterm>
546	</listitem>
547	</varlistentry>
548
549	<varlistentry id="kadmin.local">
550	<term><command>kadmin.local</command></term>
551	<listitem>
552	<para>
553	is an utility similar to <command>kadmin</command>, but if the
554	database is db2, the local client <command>kadmin.local</command>,
555	is intended to run directly on the master KDC without Kerberos
556	authentication
557	</para>
558	<indexterm zone="mitkrb kadmin.local">
559	<primary sortas="b-kadmin.local">kadmin.local</primary>
560	</indexterm>
561	</listitem>
562	</varlistentry>
563
564	<varlistentry id="kadmind">
565	<term><command>kadmind</command></term>
566	<listitem>
567	<para>
568	is a server for administrative access
569	to a Kerberos database
570	</para>
571	<indexterm zone="mitkrb kadmind">
572	<primary sortas="b-kadmind">kadmind</primary>
573	</indexterm>
574	</listitem>
575	</varlistentry>
576
577	<varlistentry id="kdb5_ldap_util">
578	<term><command>kdb5_ldap_util (optional)</command></term>
579	<listitem>
580	<para>
581	allows an administrator to manage realms, Kerberos services
582	and ticket policies
583	</para>
584	<indexterm zone="mitkrb kdb5_ldap_util">
585	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
586	</indexterm>
587	</listitem>
588	</varlistentry>
589
590	<varlistentry id="kdb5_util">
591	<term><command>kdb5_util</command></term>
592	<listitem>
593	<para>
594	is the KDC database utility
595	</para>
596	<indexterm zone="mitkrb kdb5_util">
597	<primary sortas="b-kdb5_util">kdb5_util</primary>
598	</indexterm>
599	</listitem>
600	</varlistentry>
601
602	<varlistentry id="kdestroy">
603	<term><command>kdestroy</command></term>
604	<listitem>
605	<para>
606	removes the current set of tickets
607	</para>
608	<indexterm zone="mitkrb kdestroy">
609	<primary sortas="b-kdestroy">kdestroy</primary>
610	</indexterm>
611	</listitem>
612	</varlistentry>
613
614	<varlistentry id="kinit">
615	<term><command>kinit</command></term>
616	<listitem>
617	<para>
618	is used to authenticate to the Kerberos server as a
619	principal and acquire a ticket granting ticket that can
620	later be used to obtain tickets for other services
621	</para>
622	<indexterm zone="mitkrb kinit">
623	<primary sortas="b-kinit">kinit</primary>
624	</indexterm>
625	</listitem>
626	</varlistentry>
627
628	<varlistentry id="klist">
629	<term><command>klist</command></term>
630	<listitem>
631	<para>
632	reads and displays the current tickets in
633	the credential cache
634	</para>
635	<indexterm zone="mitkrb klist">
636	<primary sortas="b-klist">klist</primary>
637	</indexterm>
638	</listitem>
639	</varlistentry>
640
641	<varlistentry id="kpasswd">
642	<term><command>kpasswd</command></term>
643	<listitem>
644	<para>
645	is a program for changing Kerberos 5 passwords
646	</para>
647	<indexterm zone="mitkrb kpasswd">
648	<primary sortas="b-kpasswd">kpasswd</primary>
649	</indexterm>
650	</listitem>
651	</varlistentry>
652
653	<varlistentry id="kprop">
654	<term><command>kprop</command></term>
655	<listitem>
656	<para>
657	takes a principal database in a specified format and
658	converts it into a stream of database records
659	</para>
660	<indexterm zone="mitkrb kprop">
661	<primary sortas="b-kprop">kprop</primary>
662	</indexterm>
663	</listitem>
664	</varlistentry>
665
666	<varlistentry id="kpropd">
667	<term><command>kpropd</command></term>
668	<listitem>
669	<para>
670	receives a database sent by <command>kprop</command>
671	and writes it as a local database
672	</para>
673	<indexterm zone="mitkrb kpropd">
674	<primary sortas="b-kpropd">kpropd</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="kproplog">
680	<term><command>kproplog</command></term>
681	<listitem>
682	<para>
683	displays the contents of the KDC database update log to standard
684	output
685	</para>
686	<indexterm zone="mitkrb kproplog">
687	<primary sortas="b-kproplog">kproplog</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="krb5-config-prog2">
693	<term><command>krb5-config</command></term>
694	<listitem>
695	<para>
696	gives information on how to link programs against
697	libraries
698	</para>
699	<indexterm zone="mitkrb krb5-config-prog2">
700	<primary sortas="b-krb5-config">krb5-config</primary>
701	</indexterm>
702	</listitem>
703	</varlistentry>
704
705	<varlistentry id="krb5kdc">
706	<term><command>krb5kdc</command></term>
707	<listitem>
708	<para>
709	is the <application>Kerberos 5</application> server
710	</para>
711	<indexterm zone="mitkrb krb5kdc">
712	<primary sortas="b-krb5kdc">krb5kdc</primary>
713	</indexterm>
714	</listitem>
715	</varlistentry>
716
717	<varlistentry id="krb5-send-pr">
718	<term><command>krb5-send-pr</command></term>
719	<listitem>
720	<para>
721	sends a problem report (PR) to a central support site
722	</para>
723	<indexterm zone="mitkrb krb5-send-pr">
724	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="ksu">
730	<term><command>ksu</command></term>
731	<listitem>
732	<para>
733	is the super user program using Kerberos protocol.
734	Requires a properly configured
735	<filename>/etc/shells</filename> and
736	<filename>~/.k5login</filename> containing principals
737	authorized to become super users
738	</para>
739	<indexterm zone="mitkrb ksu">
740	<primary sortas="b-ksu">ksu</primary>
741	</indexterm>
742	</listitem>
743	</varlistentry>
744
745	<varlistentry id="kswitch">
746	<term><command>kswitch</command></term>
747	<listitem>
748	<para>
749	makes the specified credential cache the
750	primary cache for the collection, if a cache
751	collection is available
752	</para>
753	<indexterm zone="mitkrb kswitch">
754	<primary sortas="b-kswitch">kswitch</primary>
755	</indexterm>
756	</listitem>
757	</varlistentry>
758
759	<varlistentry id="ktutil">
760	<term><command>ktutil</command></term>
761	<listitem>
762	<para>
763	is a program for managing Kerberos keytabs
764	</para>
765	<indexterm zone="mitkrb ktutil">
766	<primary sortas="b-ktutil">ktutil</primary>
767	</indexterm>
768	</listitem>
769	</varlistentry>
770
771	<varlistentry id="kvno">
772	<term><command>kvno</command></term>
773	<listitem>
774	<para>
775	prints keyversion numbers of Kerberos principals
776	</para>
777	<indexterm zone="mitkrb kvno">
778	<primary sortas="b-kvno">kvno</primary>
779	</indexterm>
780	</listitem>
781	</varlistentry>
782
783	<varlistentry id="sclient">
784	<term><command>sclient</command></term>
785	<listitem>
786	<para>
787	is used to contact a sample server and authenticate to it
788	using Kerberos 5 tickets, then display the server's
789	response
790	</para>
791	<indexterm zone="mitkrb sclient">
792	<primary sortas="b-sclient">sclient</primary>
793	</indexterm>
794	</listitem>
795	</varlistentry>
796
797	<varlistentry id="sim_client">
798	<term><command>sim_client</command></term>
799	<listitem>
800	<para>
801	is a simple UDP-based sample client program, for
802	demonstration
803	</para>
804	<indexterm zone="mitkrb sim_client">
805	<primary sortas="b-sim_client">sim_client</primary>
806	</indexterm>
807	</listitem>
808	</varlistentry>
809
810	<varlistentry id="sim_server">
811	<term><command>sim_server</command></term>
812	<listitem>
813	<para>
814	is a simple UDP-based server application, for
815	demonstration
816	</para>
817	<indexterm zone="mitkrb sim_server">
818	<primary sortas="b-sim_server">sim_server</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="sserver">
824	<term><command>sserver</command></term>
825	<listitem>
826	<para>
827	is the sample Kerberos 5 server
828	</para>
829	<indexterm zone="mitkrb sserver">
830	<primary sortas="b-sserver">sserver</primary>
831	</indexterm>
832	</listitem>
833	</varlistentry>
834
835	<varlistentry id="uuclient">
836	<term><command>uuclient</command></term>
837	<listitem>
838	<para>
839	is another sample client
840	</para>
841	<indexterm zone="mitkrb uuclient">
842	<primary sortas="b-uuclient">uuclient</primary>
843	</indexterm>
844	</listitem>
845	</varlistentry>
846
847	<varlistentry id="uuserver">
848	<term><command>uuserver</command></term>
849	<listitem>
850	<para>
851	is another sample server
852	</para>
853	<indexterm zone="mitkrb uuserver">
854	<primary sortas="b-uuserver">uuserver</primary>
855	</indexterm>
856	</listitem>
857	</varlistentry>
858
859
860	<varlistentry id="libgssapi_krb5">
861	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
862	<listitem>
863	<para>
864	contains the Generic Security Service Application Programming
865	Interface (GSSAPI) functions which provides security services
866	to callers in a generic fashion, supportable with a range of
867	underlying mechanisms and technologies and hence allowing
868	source-level portability of applications to different
869	environments
870	</para>
871	<indexterm zone="mitkrb libgssapi_krb5">
872	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
873	</indexterm>
874	</listitem>
875	</varlistentry>
876
877	<varlistentry id="libkadm5clnt">
878	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
879	<listitem>
880	<para>
881	contains the administrative authentication and password checking
882	functions required by Kerberos 5 client-side programs
883	</para>
884	<indexterm zone="mitkrb libkadm5clnt">
885	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
886	</indexterm>
887	</listitem>
888	</varlistentry>
889
890	<varlistentry id="libkadm5srv">
891	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
892	<listitem>
893	<para>
894	contains the administrative authentication and password
895	checking functions required by Kerberos 5 servers
896	</para>
897	<indexterm zone="mitkrb libkadm5srv">
898	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
899	</indexterm>
900	</listitem>
901	</varlistentry>
902
903	<varlistentry id="libkdb5">
904	<term><filename class="libraryfile">libkdb5.so</filename></term>
905	<listitem>
906	<para>
907	is a Kerberos 5 authentication/authorization database
908	access library
909	</para>
910	<indexterm zone="mitkrb libkdb5">
911	<primary sortas="c-libkdb5">libkdb5.so</primary>
912	</indexterm>
913	</listitem>
914	</varlistentry>
915
916	<varlistentry id="libkrad">
917	<term><filename class="libraryfile">libkrad.so</filename></term>
918	<listitem>
919	<para>
920	contains the internal support library for RADIUS functionality
921	</para>
922	<indexterm zone="mitkrb libkrad">
923	<primary sortas="c-libkrad">libkrad.so</primary>
924	</indexterm>
925	</listitem>
926	</varlistentry>
927
928	<varlistentry id="libkrb5">
929	<term><filename class="libraryfile">libkrb5.so</filename></term>
930	<listitem>
931	<para>
932	is an all-purpose <application>Kerberos 5</application> library
933	</para>
934	<indexterm zone="mitkrb libkrb5">
935	<primary sortas="c-libkrb5">libkrb5.so</primary>
936	</indexterm>
937	</listitem>
938	</varlistentry>
939
940	</variablelist>
941
942	</sect2>
943
944	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 907a269

Download in other formats: