Context Navigation

mitkrb.xml@ 9084c2eb

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 9084c2eb was 9084c2eb, checked in by Manuel Canales Esparcia <manuel@…>, 18 years ago

Typo fix. Postlfs.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5383 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "617e0071fa5b74ab4116f064678af551">
10	<!ENTITY mitkrb-size "6.4 MB">
11	<!ENTITY mitkrb-buildsize "TBD MB">
12	<!ENTITY mitkrb-time "TBD SBU">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	<keywordset>
22	<keyword role="package">krb5-&mitkrb-version;-signed.tar</keyword>
23	<keyword role="ftpdir">krb5</keyword>
24	</keywordset>
25	</sect1info>
26
27	<title>MIT Krb5-&mitkrb-version;</title>
28
29	<indexterm zone="mitkrb">
30	<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
31	</indexterm>
32
33	<sect2 role="package">
34	<title>Introduction to MIT Krb5</title>
35
36	<para><application>MIT krb5</application> is a free implementation of
37	Kerberos 5. Kerberos is a network authentication protocol. It
38	centralizes the authentication database and uses kerberized
39	applications to work with servers or services that support Kerberos
40	allowing single logins and encrypted communication over internal
41	networks or the Internet.</para>
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
47	</listitem>
48	<listitem>
49	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
50	</listitem>
51	<listitem>
52	<para>Download MD5 sum: &mitkrb-md5sum;</para>
53	</listitem>
54	<listitem>
55	<para>Download size: &mitkrb-size;</para>
56	</listitem>
57	<listitem>
58	<para>Estimated disk space required: &mitkrb-buildsize;</para>
59	</listitem>
60	<listitem>
61	<para>Estimated build time: &mitkrb-time;</para>
62	</listitem>
63	</itemizedlist>
64
65	<bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
66
67	<bridgehead renderas="sect4">Optional</bridgehead>
68	<para role="optional"><xref linkend="xinetd"/> (services servers only),
69	<xref linkend="linux-pam"/> (for <command>xdm</command> based logins) and
70	<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
71	password database)</para>
72
73	<note>
74	<para>Some sort of time synchronization facility on your system (like
75	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
76	there is a time difference between a kerberized client and the
77	KDC server.</para>
78	</note>
79
80	</sect2>
81
82	<sect2 role="installation">
83	<title>Installation of MIT Krb5</title>
84
85
86	<!-- <note><para>The instructions for MIT Krb5 have not yet been validated by
87	the BLFS Editors. Until this section is updated, the Editors reccomend
88	using <xref linkend='heimdal'/> to implement the functionality of this
89	package.</para></note> -->
90
91
92	<para><application>MIT krb5</application> is distributed in a
93	TAR file containing a compressed TAR package and a detached PGP
94	<filename class="extension">ASC</filename> file.</para>
95
96	<para>If you have installed <xref linkend="gnupg"/>, you can
97	authenticate the package with the following command:</para>
98
99	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
100
101	<para>Build <application>MIT krb5</application> by running the
102	following commands:</para>
103
104	<screen><userinput>cd src &&
105	./configure --prefix=/usr --sysconfdir=/etc \
106	--localstatedir=/var/lib --enable-dns \
107	--enable-static --mandir=/usr/share/man &&
108	make</userinput></screen>
109
110	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
111
112	<screen role="root"><userinput>make install &&
113	mv -v /usr/bin/ksu /bin &&
114	mv -v /usr/lib/libkrb5.so.3* /lib &&
115	mv -v /usr/lib/libkrb4.so.2* /lib &&
116	mv -v /usr/lib/libdes425.so.3* /lib &&
117	mv -v /usr/lib/libk5crypto.so.3* /lib &&
118	mv -v /usr/lib/libcom_err.so.3* /lib &&
119	ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
120	ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
121	ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
122	ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
123	ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
124	ldconfig</userinput></screen>
125
126	<warning>
127	<para><command>login.krb5</command> does not support
128	<application>shadow</application> passwords. As a result, when the
129	Kerberos server is unavailable, the default fall through to
130	<filename>/etc/password</filename> will not work because
131	the passwords have been moved to <filename>/etc/shadow</filename> during
132	the LFS build process. Entering the following
133	commands without moving the passwords back to
134	<filename>/etc/password</filename> could prevent any logins.</para>
135	</warning>
136
137	<para>If <application>Linux-Pam</application> is not installed and
138	you understand the above warning, the following can be entered as the
139	<systemitem class="username">root</systemitem> user:</para>
140
141	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
142	cp -v /usr/sbin/login.krb5 /bin/login</userinput></screen>
143
144	<para>If <application>CrackLib</application> is installed, or if any
145	word list has been put in
146	<filename class='directory'>/usr/share/dict</filename>, the following
147	should be entered as the <systemitem class="username">root</systemitem>
148	user:</para>
149
150	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
151
152	</sect2>
153
154	<sect2 role="commands">
155	<title>Command Explanations</title>
156
157	<para><parameter>--enable-dns</parameter>: This switch allows
158	realms to be resolved using the DNS server.</para>
159
160	<para><parameter>--enable-static</parameter>: This switch builds static
161	libraries in addition to the shared libraries.</para>
162
163	<para><command>mv -v /bin/login /bin/login.shadow &&
164	cp -v /usr/sbin/login.krb5 /bin/login &&
165	mv -v /usr/bin/ksu /bin</command>: Preserves
166	<application>Shadow</application>'s <command>login</command>
167	command, moves <command>ksu</command> and <command>login</command> to
168	the <filename class="directory">/bin</filename> directory.</para>
169
170	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
171	The <command>login</command> and <command>ksu</command> programs
172	are linked against these libraries, therefore these libraries are moved
173	to <filename class="directory">/lib</filename> to allow logins without
174	mounting <filename class="directory">/usr</filename>.</para>
175
176	</sect2>
177
178	<sect2 role="configuration">
179	<title>Configuring MIT Krb5</title>
180
181	<sect3 id="krb5-config">
182	<title>Config Files</title>
183
184	<para><filename>/etc/krb5.conf</filename> and
185	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
186
187	<indexterm zone="mitkrb krb5-config">
188	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
189	</indexterm>
190
191	<indexterm zone="mitkrb krb5-config">
192	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
193	</indexterm>
194
195	</sect3>
196
197	<sect3>
198	<title>Configuration Information</title>
199
200	<sect4>
201	<title>Kerberos Configuration</title>
202
203	<para>Create the Kerberos configuration file with the following
204	command:</para>
205
206	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
207	<literal># Begin /etc/krb5.conf
208
209	[libdefaults]
210	default_realm = <replaceable>[LFS.ORG]</replaceable>
211	encrypt = true
212
213	[realms]
214	<replaceable>[LFS.ORG]</replaceable> = {
215	kdc = <replaceable>[belgarath.lfs.org]</replaceable>
216	admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
217	}
218
219	[domain_realm]
220	.<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
221
222	[logging]
223	kdc = SYSLOG[:INFO[:AUTH]]
224	admin_server = SYSLOG[INFO[:AUTH]]
225	default = SYSLOG[[:SYS]]
226
227	# End /etc/krb5.conf</literal>
228	EOF</userinput></screen>
229
230	<para>You will need to substitute your domain and proper hostname
231	for the occurances of the <replaceable>[belgarath]</replaceable> and
232	<replaceable>[lfs.org]</replaceable> names.</para>
233
234	<para><option>default_realm</option> should be the name of your
235	domain changed to ALL CAPS. This isn't required, but both
236	<application>Heimdal</application> and MIT recommend it.</para>
237
238	<para><option>encrypt = true</option> provides encryption of all
239	traffic between kerberized clients and servers. It's not necessary
240	and can be left off. If you leave it off, you can encrypt all traffic
241	from the client to the server using a switch on the client program
242	instead.</para>
243
244	<para>The <option>[realms]</option> parameters tell the client
245	programs where to look for the KDC authentication services.</para>
246
247	<para>The <option>[domain_realm]</option> section maps a domain to
248	a realm.</para>
249
250	<para>Create the KDC database:</para>
251
252	<screen role="root"><userinput>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s</userinput></screen>
253
254	<para>Now you should populate the database with principles
255	(users). For now, just use your regular login name or
256	<systemitem class="username">root</systemitem>.</para>
257
258	<screen role="root"><userinput>kadmin.local
259	<prompt>kadmin:</prompt> add_policy dict-only
260	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>[loginname]</replaceable></userinput></screen>
261
262	<para>The KDC server and any machine running kerberized
263	server daemons must have a host key installed:</para>
264
265	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
266
267	<para>After choosing the defaults when prompted, you will have to
268	export the data to a keytab file:</para>
269
270	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
271
272	<para>This should have created a file in
273	<filename class="directory">/etc</filename> named
274	<filename>krb5.keytab</filename> (Kerberos 5). This file should
275	have 600 (<systemitem class="username">root</systemitem> rw only)
276	permissions. Keeping the keytab files from public access is crucial
277	to the overall security of the Kerberos installation.</para>
278
279	<para>Eventually, you'll want to add server daemon principles to the
280	database and extract them to the keytab file. You do this in the same
281	way you created the host principles. Below is an example:</para>
282
283	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable>
284	<prompt>kadmin:</prompt> ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
285
286	<para>Exit the <command>kadmin</command> program (use
287	<command>quit</command> or <command>exit</command>) and return
288	back to the shell prompt. Start the KDC daemon manually, just to
289	test out the installation:</para>
290
291	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
292
293	<para>Attempt to get a ticket with the following command:</para>
294
295	<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
296
297	<para>You will be prompted for the password you created. After you
298	get your ticket, you can list it with the following command:</para>
299
300	<screen><userinput>klist</userinput></screen>
301
302	<para>Information about the ticket should be displayed on the
303	screen.</para>
304
305	<para>To test the functionality of the keytab file, issue the
306	following command:</para>
307
308	<screen><userinput>ktutil
309	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
310	<prompt>ktutil:</prompt> l</userinput></screen>
311
312	<para>This should dump a list of the host principal, along with
313	the encryption methods used to access the principal.</para>
314
315	<para>At this point, if everything has been successful so far, you
316	can feel fairly confident in the installation and configuration of
317	the package.</para>
318
319	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
320	script included in the <xref linkend="intro-important-bootscripts"/>
321	package.</para>
322
323	<screen role="root"><userinput>make install-kerberos</userinput></screen>
324
325	</sect4>
326
327	<sect4>
328	<title>Using Kerberized Client Programs</title>
329
330	<para>To use the kerberized client programs (<command>telnet</command>,
331	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
332	<command>rlogin</command>), you first must get an authentication ticket.
333	Use the <command>kinit</command> program to get the ticket. After you've
334	acquired the ticket, you can use the kerberized programs to connect to
335	any kerberized server on the network. You will not be prompted for
336	authentication until your ticket expires (default is one day), unless
337	you specify a different user as a command line argument to the
338	program.</para>
339
340	<para>The kerberized programs will connect to non kerberized daemons,
341	warning you that authentication is not encrypted.</para>
342
343	</sect4>
344
345	<sect4>
346	<title>Using Kerberized Server Programs</title>
347
348	<para>Using kerberized server programs (<command>telnetd</command>,
349	<command>kpropd</command>, <command>klogind</command> and
350	<command>kshd</command>) requires two additional configuration steps.
351	First the <filename>/etc/services</filename> file must be updated to
352	include eklogin and krb5_prop. Second, the
353	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
354	must be modified for each server that will be activated, usually
355	replacing the server from <xref linkend="inetutils"/>.</para>
356
357	</sect4>
358
359	<sect4>
360	<title>Additional Information</title>
361
362	<para>For additional information consult <ulink
363	url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
364	Documentation for krb-&mitkrb-version;</ulink> on which the above
365	instructions are based.</para>
366
367	</sect4>
368
369	</sect3>
370
371	</sect2>
372
373	<sect2 role="content">
374	<title>Contents</title>
375	<para></para>
376
377	<segmentedlist>
378	<segtitle>Installed Programs</segtitle>
379	<segtitle>Installed Libraries</segtitle>
380	<segtitle>Installed Directories</segtitle>
381
382	<seglistitem>
383	<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
384	kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
385	klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
386	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
387	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
388	uuclient, uuserver, v5passwd, and v5passwdd</seg>
389	<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a],
390	libgssrpc.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a],
391	libkdb5.[so,a], libkrb5.[so,a], and libkrb4.[so,a]</seg>
392	<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
393	</seglistitem>
394	</segmentedlist>
395
396	<variablelist>
397	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
398	<?dbfo list-presentation="list"?>
399	<?dbhtml list-presentation="table"?>
400
401	<varlistentry id="compile_et">
402	<term><command>compile_et</command></term>
403	<listitem>
404	<para>converts the table listing error-code names into a
405	C source file.</para>
406	<indexterm zone="mitkrb compile_et">
407	<primary sortas="b-compile_et">compile_et</primary>
408	</indexterm>
409	</listitem>
410	</varlistentry>
411
412	<varlistentry id="ftp-mitkrb">
413	<term><command>ftp</command></term>
414	<listitem>
415	<para>is a kerberized FTP client.</para>
416	<indexterm zone="mitkrb ftp">
417	<primary sortas="b-ftp">ftp</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="ftpd-mitkrb">
423	<term><command>ftpd</command></term>
424	<listitem>
425	<para>is a kerberized FTP daemon.</para>
426	<indexterm zone="mitkrb ftpd">
427	<primary sortas="b-ftpd">ftpd</primary>
428	</indexterm>
429	</listitem>
430	</varlistentry>
431
432	<varlistentry id="k5srvutil">
433	<term><command>k5srvutil</command></term>
434	<listitem>
435	<para>is a host keytable manipulation utility.</para>
436	<indexterm zone="mitkrb k5srvutil">
437	<primary sortas="b-k5srvutil">k5srvutil</primary>
438	</indexterm>
439	</listitem>
440	</varlistentry>
441
442	<varlistentry id="kadmin-mitkrb">
443	<term><command>kadmin</command></term>
444	<listitem>
445	<para>is an utility used to make modifications
446	to the Kerberos database.</para>
447	<indexterm zone="mitkrb kadmin-mitkrb">
448	<primary sortas="b-kadmin">kadmin</primary>
449	</indexterm>
450	</listitem>
451	</varlistentry>
452
453	<varlistentry id="kadmind-mitkrb">
454	<term><command>kadmind</command></term>
455	<listitem>
456	<para>is a server for administrative access
457	to a Kerberos database.</para>
458	<indexterm zone="mitkrb kadmind-mitkrb">
459	<primary sortas="b-kadmind">kadmind</primary>
460	</indexterm>
461	</listitem>
462	</varlistentry>
463
464	<varlistentry id="kdb5_util">
465	<term><command>kdb5_util</command></term>
466	<listitem>
467	<para>is the KDC database utility.</para>
468	<indexterm zone="mitkrb kdb5_util">
469	<primary sortas="b-kdb5_util">kdb5_util</primary>
470	</indexterm>
471	</listitem>
472	</varlistentry>
473
474	<varlistentry id="kdestroy-mitkrb">
475	<term><command>kdestroy</command></term>
476	<listitem>
477	<para>removes the current set of tickets.</para>
478	<indexterm zone="mitkrb kdestroy-mitkrb">
479	<primary sortas="b-kdestroy">kdestroy</primary>
480	</indexterm>
481	</listitem>
482	</varlistentry>
483
484	<varlistentry id="kinit-mitkrb">
485	<term><command>kinit</command></term>
486	<listitem>
487	<para>is used to authenticate to the Kerberos server as a
488	principal and acquire a ticket granting ticket that can
489	later be used to obtain tickets for other services.</para>
490	<indexterm zone="mitkrb kinit-mitkrb">
491	<primary sortas="b-kinit">kinit</primary>
492	</indexterm>
493	</listitem>
494	</varlistentry>
495
496	<varlistentry id="klist-mitkrb">
497	<term><command>klist</command></term>
498	<listitem>
499	<para>reads and displays the current tickets in
500	the credential cache.</para>
501	<indexterm zone="mitkrb klist-mitkrb">
502	<primary sortas="b-klist">klist</primary>
503	</indexterm>
504	</listitem>
505	</varlistentry>
506
507	<varlistentry id="klogind">
508	<term><command>klogind</command></term>
509	<listitem>
510	<para>is the server that responds to <command>rlogin</command>
511	requests.</para>
512	<indexterm zone="mitkrb klogind">
513	<primary sortas="b-klogind">klogind</primary>
514	</indexterm>
515	</listitem>
516	</varlistentry>
517
518	<varlistentry id="kpasswd-mitkrb">
519	<term><command>kpasswd</command></term>
520	<listitem>
521	<para>is a program for changing Kerberos 5 passwords.</para>
522	<indexterm zone="mitkrb kpasswd-mitkrb">
523	<primary sortas="b-kpasswd">kpasswd</primary>
524	</indexterm>
525	</listitem>
526	</varlistentry>
527
528	<varlistentry id="kprop">
529	<term><command>kprop</command></term>
530	<listitem>
531	<para>takes a principal database in a specified format and
532	converts it into a stream of database records.</para>
533	<indexterm zone="mitkrb kprop">
534	<primary sortas="b-kprop">kprop</primary>
535	</indexterm>
536	</listitem>
537	</varlistentry>
538
539	<varlistentry id="kpropd">
540	<term><command>kpropd</command></term>
541	<listitem>
542	<para>receives a database sent by <command>kprop</command>
543	and writes it as a local database.</para>
544	<indexterm zone="mitkrb kpropd">
545	<primary sortas="b-kpropd">kpropd</primary>
546	</indexterm>
547	</listitem>
548	</varlistentry>
549
550	<varlistentry id="krb5-config-1">
551	<term><command>krb5-config</command></term>
552	<listitem>
553	<para>gives information on how to link programs against
554	libraries.</para>
555	<indexterm zone="mitkrb krb5-config-prog">
556	<primary sortas="b-krb5-config-1">krb5-config</primary>
557	</indexterm>
558	</listitem>
559	</varlistentry>
560
561	<varlistentry id="krb5kdc">
562	<term><command>krb5kdc</command></term>
563	<listitem>
564	<para>is a Kerberos 5 server.</para>
565	<indexterm zone="mitkrb krb5kdc">
566	<primary sortas="b-krb5kdc">krb5kdc</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="kshd">
572	<term><command>kshd</command></term>
573	<listitem>
574	<para>is the server that responds to <command>rsh</command>
575	requests.</para>
576	<indexterm zone="mitkrb kshd">
577	<primary sortas="b-kshd">kshd</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	<varlistentry id="ksu">
583	<term><command>ksu</command></term>
584	<listitem>
585	<para>is the super user program using Kerberos protocol.
586	Requires a properly configured
587	<filename class="directory">/etc/shells</filename> and
588	<filename>~/.k5login</filename> containing principals
589	authorized to become super users.</para>
590	<indexterm zone="mitkrb ksu">
591	<primary sortas="b-ksu">ksu</primary>
592	</indexterm>
593	</listitem>
594	</varlistentry>
595
596	<varlistentry id="ktutil-mitkrb">
597	<term><command>ktutil</command></term>
598	<listitem>
599	<para>is a program for managing Kerberos keytabs.</para>
600	<indexterm zone="mitkrb ktutil-mitkrb">
601	<primary sortas="b-ktutil">ktutil</primary>
602	</indexterm>
603	</listitem>
604	</varlistentry>
605
606	<varlistentry id="kvno">
607	<term><command>kvno</command></term>
608	<listitem>
609	<para>prints keyversion numbers of Kerberos principals.</para>
610	<indexterm zone="mitkrb kvno">
611	<primary sortas="b-kvno">kvno</primary>
612	</indexterm>
613	</listitem>
614	</varlistentry>
615
616	<varlistentry id="login.krb5">
617	<term><command>login.krb5</command></term>
618	<listitem>
619	<para>is a kerberized login program.</para>
620	<indexterm zone="mitkrb login">
621	<primary sortas="b-login.krb5">login.krb5</primary>
622	</indexterm>
623	</listitem>
624	</varlistentry>
625
626	<varlistentry id="rcp-mitkrb">
627	<term><command>rcp</command></term>
628	<listitem>
629	<para>is a kerberized rcp client program.</para>
630	<indexterm zone="mitkrb rcp">
631	<primary sortas="b-rcp">rcp</primary>
632	</indexterm>
633	</listitem>
634	</varlistentry>
635
636	<varlistentry id="rlogin">
637	<term><command>rlogin</command></term>
638	<listitem>
639	<para>is a kerberized rlogin client program.</para>
640	<indexterm zone="mitkrb rlogin">
641	<primary sortas="b-rlogin">rlogin</primary>
642	</indexterm>
643	</listitem>
644	</varlistentry>
645
646	<varlistentry id="rsh-mitkrb">
647	<term><command>rsh</command></term>
648	<listitem>
649	<para>is a kerberized rsh client program.</para>
650	<indexterm zone="mitkrb rsh">
651	<primary sortas="b-rsh">rsh</primary>
652	</indexterm>
653	</listitem>
654	</varlistentry>
655
656	<varlistentry id="telnet-mitkrb">
657	<term><command>telnet</command></term>
658	<listitem>
659	<para>is a kerberized telnet client program.</para>
660	<indexterm zone="mitkrb telnet">
661	<primary sortas="b-telnet">telnet</primary>
662	</indexterm>
663	</listitem>
664	</varlistentry>
665
666	<varlistentry id="telnetd-mitkrb">
667	<term><command>telnetd</command></term>
668	<listitem>
669	<para>is a kerberized telnet server.</para>
670	<indexterm zone="mitkrb telnetd">
671	<primary sortas="b-telnetd">telnetd</primary>
672	</indexterm>
673	</listitem>
674	</varlistentry>
675
676	<varlistentry id="libcom_err">
677	<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
678	<listitem>
679	<para>implements the Kerberos library error code.</para>
680	<indexterm zone="mitkrb libcom_err">
681	<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
682	</indexterm>
683	</listitem>
684	</varlistentry>
685
686	<varlistentry id="libgssapi-mitkrb">
687	<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
688	<listitem>
689	<para>contain the Generic Security Service Application
690	Programming Interface (GSSAPI) functions which provides security
691	services to callers in a generic fashion, supportable with a range of
692	underlying mechanisms and technologies and hence allowing source-level
693	portability of applications to different environments.</para>
694	<indexterm zone="mitkrb libgssapi">
695	<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
696	</indexterm>
697	</listitem>
698	</varlistentry>
699
700	<varlistentry id="libkadm5clnt-mitkrb">
701	<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
702	<listitem>
703	<para>contains the administrative authentication and password
704	checking functions required by Kerberos 5 client-side programs.</para>
705	<indexterm zone="mitkrb libkadm5clnt">
706	<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
707	</indexterm>
708	</listitem>
709	</varlistentry>
710
711	<varlistentry id="libkadm5srv-mitkrb">
712	<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
713	<listitem>
714	<para>contain the administrative authentication and password
715	checking functions required by Kerberos 5 servers.</para>
716	<indexterm zone="mitkrb libkadm5srv">
717	<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
718	</indexterm>
719	</listitem>
720	</varlistentry>
721
722	<varlistentry id="libkdb5">
723	<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
724	<listitem>
725	<para>is a Kerberos 5 authentication/authorization database
726	access library.</para>
727	<indexterm zone="mitkrb libkdb5">
728	<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
729	</indexterm>
730	</listitem>
731	</varlistentry>
732
733	<varlistentry id="libkrb5-mitkrb">
734	<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
735	<listitem>
736	<para>is an all-purpose Kerberos 5 library.</para>
737	<indexterm zone="mitkrb libkrb5">
738	<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	</variablelist>
744
745	</sect2>
746
747	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 9084c2eb

Download in other formats: