Context Navigation

mitkrb.xml@ 98dd5b8

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 98dd5b8 was 98dd5b8, checked in by Krejzi <krejzi@…>, 12 years ago

MIT Kerberos 1.10.3.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10517 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 25.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.10/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "a31eaa949d663cccca6b790af4573368">
10	<!ENTITY mitkrb-size "11 MB">
11	<!ENTITY mitkrb-buildsize "120 MB (Additional 20 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.4 SBU (additional 2.0 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs71_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (required to run the testsuite),
82	<xref linkend="keyutils"/>,
83	<xref linkend="openldap"/> and
84	<xref linkend="python2"/> (used during the testsuite).
85	</para>
86
87	<note>
88	<para>
89	Some sort of time synchronization facility on your system (like
90	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
91	if there is a time difference between a kerberized client and the
92	KDC server.
93	</para>
94	</note>
95
96	<para condition="html" role="usernotes">User Notes:
97	<ulink url="&blfs-wiki;/mitkrb"/>
98	</para>
99	</sect2>
100
101	<sect2 role="installation">
102	<title>Installation of MIT Kerberos V5</title>
103
104	<para>
105	<application>MIT Kerberos V5</application> is distributed in a
106	TAR file containing a compressed TAR package and a detached PGP
107	<filename class="extension">ASC</filename> file. You'll need to unpack
108	the distribution tar file, then unpack the compressed tar file before
109	starting the build.
110	</para>
111
112	<para>
113	After unpacking the distribution tarball and if you have
114	<xref linkend="gnupg"/> installed, you can
115	authenticate the package with the following command:
116	</para>
117
118	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
119
120	<para>
121	Build <application>MIT Kerberos V5</application> by running the
122	following commands:
123	</para>
124
125	<screen><userinput>cd src &&
126	sed -i -e 's/^YYSTYPE yylval/&={0}/' lib/krb5/krb/deltat.c &&
127	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
128	--prefix=/usr \
129	--localstatedir=/var/lib \
130	--with-system-et \
131	--with-system-ss \
132	--enable-dns-for-realm &&
133	make</userinput></screen>
134
135	<para>
136	The regression test suite is designed to be run after the
137	installation has been completed.
138	</para>
139
140	<para>
141	Now, as the <systemitem class="username">root</systemitem> user:
142	</para>
143
144	<screen role="root"><userinput>make install &&
145
146	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit \
147	kadm5clnt kadm5srv_mit kadm5srv kdb5 krb5 \
148	krb5support verto-k5ev verto ; do
149	chmod -v 755 /usr/lib/lib$LIBRARY.so..
150	done &&
151
152	mv -v /usr/lib/libkrb5.so.3* /lib &&
153	mv -v /usr/lib/libk5crypto.so.3* /lib &&
154	mv -v /usr/lib/libkrb5support.so.0* /lib &&
155
156	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
157	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
158	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
159
160	mv -v /usr/bin/ksu /bin &&
161	chmod -v 755 /bin/ksu &&
162
163	install -m644 -v ../doc/*.info /usr/share/info &&
164
165	for INFOFILE in admin install user; do
166	install-info --info-dir=/usr/share/info \
167	/usr/share/info/krb5-$INFOFILE.info
168	rm ../doc/krb5-$INFOFILE.info
169	done &&
170
171	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
172	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
173
174	unset LIBRARY INFOFILE</userinput></screen>
175
176	<para>
177	To test the installation, you must have <xref linkend="dejagnu"/>
178	installed and issue: <command>make check</command>.
179	</para>
180
181	</sect2>
182
183	<sect2 role="commands">
184	<title>Command Explanations</title>
185
186	<para>
187	<command>sed ... lib/krb5/krb/deltat.c</command>: This sed
188	fixes a problem when building with GCC 4.7.
189	</para>
190
191	<para>
192	<option>--enable-dns-for-realm</option>: This parameter allows
193	realms to be resolved using the DNS server.
194	</para>
195
196	<para>
197	<option>--with-system-et</option>: This switch causes the build
198	to use the system-installed versions of the error-table support
199	software.
200	</para>
201
202	<para>
203	<option>--with-system-ss</option>: This switch causes the build
204	to use the system-installed versions of the subsystem command-line
205	interface software.
206	</para>
207
208	<para>
209	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
210	used so that the Kerberos variable run-time data is located in
211	<filename class="directory">/var/lib</filename> instead of
212	<filename class="directory">/usr/var</filename>.
213	</para>
214
215	<para>
216	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
217	<command>ksu</command> program to the
218	<filename class="directory">/bin</filename> directory so that it is
219	available when the <filename class="directory">/usr</filename>
220	filesystem is not mounted.
221	</para>
222
223	<para>
224	<option>--with-ldap</option>: Use this switch if you want to compile
225	<application>OpenLDAP</application> database backend module.
226	</para>
227
228	</sect2>
229
230	<sect2 role="configuration">
231	<title>Configuring MIT Kerberos V5</title>
232
233	<sect3 id="krb5-config">
234	<title>Config Files</title>
235
236	<para>
237	<filename>/etc/krb5.conf</filename> and
238	<filename>/var/lib/krb5kdc/kdc.conf</filename>
239	</para>
240
241	<indexterm zone="mitkrb krb5-config">
242	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
243	</indexterm>
244
245	<indexterm zone="mitkrb krb5-config">
246	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
247	</indexterm>
248
249	</sect3>
250
251	<sect3>
252	<title>Configuration Information</title>
253
254	<sect4>
255	<title>Kerberos Configuration</title>
256
257	<tip>
258	<para>
259	You should consider installing some sort of password checking
260	dictionary so that you can configure the installation to only
261	accept strong passwords. A suitable dictionary to use is shown in
262	the <xref linkend="cracklib"/> instructions. Note that only one
263	file can be used, but you can concatenate many files into one. The
264	configuration file shown below assumes you have installed a
265	dictionary to <filename>/usr/share/dict/words</filename>.
266	</para>
267	</tip>
268
269	<para>
270	Create the Kerberos configuration file with the following
271	commands issued by the <systemitem class="username">root</systemitem>
272	user:
273	</para>
274
275	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
276	<literal># Begin /etc/krb5.conf
277
278	[libdefaults]
279	default_realm = <replaceable><LFS.ORG></replaceable>
280	encrypt = true
281
282	[realms]
283	<replaceable><LFS.ORG></replaceable> = {
284	kdc = <replaceable><belgarath.lfs.org></replaceable>
285	admin_server = <replaceable><belgarath.lfs.org></replaceable>
286	dict_file = /usr/share/dict/words
287	}
288
289	[domain_realm]
290	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
291
292	[logging]
293	kdc = SYSLOG[:INFO[:AUTH]]
294	admin_server = SYSLOG[INFO[:AUTH]]
295	default = SYSLOG[[:SYS]]
296
297	# End /etc/krb5.conf</literal>
298	EOF</userinput></screen>
299
300	<para>
301	You will need to substitute your domain and proper hostname for the
302	occurrences of the <replaceable><belgarath></replaceable> and
303	<replaceable><lfs.org></replaceable> names.
304	</para>
305
306	<para>
307	<option>default_realm</option> should be the name of your
308	domain changed to ALL CAPS. This isn't required, but both
309	<application>Heimdal</application> and MIT recommend it.
310	</para>
311
312	<para>
313	<option>encrypt = true</option> provides encryption of all traffic
314	between kerberized clients and servers. It's not necessary and can
315	be left off. If you leave it off, you can encrypt all traffic from
316	the client to the server using a switch on the client program
317	instead.
318	</para>
319
320	<para>
321	The <option>[realms]</option> parameters tell the client programs
322	where to look for the KDC authentication services.
323	</para>
324
325	<para>
326	The <option>[domain_realm]</option> section maps a domain to a realm.
327	</para>
328
329	<para>
330	Create the KDC database:
331	</para>
332
333	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
334
335	<para>
336	Now you should populate the database with principles
337	(users). For now, just use your regular login name or
338	<systemitem class="username">root</systemitem>.
339	</para>
340
341	<screen role="root"><userinput>kadmin.local
342	<prompt>kadmin:</prompt> add_policy dict-only
343	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
344
345	<para>
346	The KDC server and any machine running kerberized
347	server daemons must have a host key installed:
348	</para>
349
350	<screen role="root"><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
351
352	<para>
353	After choosing the defaults when prompted, you will have to
354	export the data to a keytab file:
355	</para>
356
357	<screen role="root"><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
358
359	<para>
360	This should have created a file in
361	<filename class="directory">/etc</filename> named
362	<filename>krb5.keytab</filename> (Kerberos 5). This file should
363	have 600 (<systemitem class="username">root</systemitem> rw only)
364	permissions. Keeping the keytab files from public access is crucial
365	to the overall security of the Kerberos installation.
366	</para>
367
368	<para>
369	Exit the <command>kadmin</command> program (use
370	<command>quit</command> or <command>exit</command>) and return
371	back to the shell prompt. Start the KDC daemon manually, just to
372	test out the installation:
373	</para>
374
375	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
376
377	<para>
378	Attempt to get a ticket with the following command:
379	</para>
380
381	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
382
383	<para>
384	You will be prompted for the password you created. After you
385	get your ticket, you can list it with the following command:
386	</para>
387
388	<screen><userinput>klist</userinput></screen>
389
390	<para>
391	Information about the ticket should be displayed on the
392	screen.
393	</para>
394
395	<para>
396	To test the functionality of the keytab file, issue the
397	following command:
398	</para>
399
400	<screen><userinput>ktutil
401	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
402	<prompt>ktutil:</prompt> l</userinput></screen>
403
404	<para>
405	This should dump a list of the host principal, along with
406	the encryption methods used to access the principal.
407	</para>
408
409	<para>
410	At this point, if everything has been successful so far, you
411	can feel fairly confident in the installation and configuration of
412	the package.
413	</para>
414
415	</sect4>
416
417	<sect4>
418	<title>Additional Information</title>
419
420	<para>
421	For additional information consult <ulink
422	url="http://web.mit.edu/kerberos/www/krb5-1.10/#documentation">
423	Documentation for krb-&mitkrb-version;</ulink> on which the above
424	instructions are based.
425	</para>
426
427	</sect4>
428
429	</sect3>
430
431	<sect3 id="mitkrb-init">
432	<title>Init Script</title>
433
434	<para>
435	If you want to start <application>Kerberos</application> services
436	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
437	script included in the <xref linkend="bootscripts"/> package using
438	the following command:
439	</para>
440
441	<indexterm zone="mitkrb mitkrb-init">
442	<primary sortas="f-krb5">krb5</primary>
443	</indexterm>
444
445	<screen role="root"><userinput>make install-krb5</userinput></screen>
446
447	</sect3>
448
449	</sect2>
450
451	<sect2 role="content">
452
453	<title>Contents</title>
454	<para></para>
455
456	<segmentedlist>
457	<segtitle>Installed Programs</segtitle>
458	<segtitle>Installed Libraries</segtitle>
459	<segtitle>Installed Directories</segtitle>
460
461	<seglistitem>
462	<seg>
463	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
464	kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
465	kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr,
466	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
467	sserver, uuclient and uuserver
468	</seg>
469	<seg>
470	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
471	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so,
472	libkrb5.so, libkrb5support.so, libverto-k5ev.so and
473	libverto.so
474	</seg>
475	<seg>
476	/usr/include/{gssapi,gssrpc,kadm5,krb5},
477	/usr/lib/krb5,
478	/usr/share/doc/krb5-&mitkrb-version;,
479	/usr/share/examples/krb5 and
480	/var/lib/krb5kdc
481	</seg>
482	</seglistitem>
483	</segmentedlist>
484
485	<variablelist>
486	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
487	<?dbfo list-presentation="list"?>
488	<?dbhtml list-presentation="table"?>
489
490	<varlistentry id="k5srvutil">
491	<term><command>k5srvutil</command></term>
492	<listitem>
493	<para>
494	is a host keytable manipulation utility.
495	</para>
496	<indexterm zone="mitkrb k5srvutil">
497	<primary sortas="b-k5srvutil">k5srvutil</primary>
498	</indexterm>
499	</listitem>
500	</varlistentry>
501
502	<varlistentry id="kadmin">
503	<term><command>kadmin</command></term>
504	<listitem>
505	<para>
506	is an utility used to make modifications
507	to the Kerberos database.
508	</para>
509	<indexterm zone="mitkrb kadmin">
510	<primary sortas="b-kadmin">kadmin</primary>
511	</indexterm>
512	</listitem>
513	</varlistentry>
514
515	<varlistentry id="kadmind">
516	<term><command>kadmind</command></term>
517	<listitem>
518	<para>
519	is a server for administrative access
520	to a Kerberos database.
521	</para>
522	<indexterm zone="mitkrb kadmind">
523	<primary sortas="b-kadmind">kadmind</primary>
524	</indexterm>
525	</listitem>
526	</varlistentry>
527
528	<varlistentry id="kdb5_util">
529	<term><command>kdb5_util</command></term>
530	<listitem>
531	<para>
532	is the KDC database utility.
533	</para>
534	<indexterm zone="mitkrb kdb5_util">
535	<primary sortas="b-kdb5_util">kdb5_util</primary>
536	</indexterm>
537	</listitem>
538	</varlistentry>
539
540	<varlistentry id="kdestroy">
541	<term><command>kdestroy</command></term>
542	<listitem>
543	<para>
544	removes the current set of tickets.
545	</para>
546	<indexterm zone="mitkrb kdestroy">
547	<primary sortas="b-kdestroy">kdestroy</primary>
548	</indexterm>
549	</listitem>
550	</varlistentry>
551
552	<varlistentry id="kinit">
553	<term><command>kinit</command></term>
554	<listitem>
555	<para>
556	is used to authenticate to the Kerberos server as a
557	principal and acquire a ticket granting ticket that can
558	later be used to obtain tickets for other services.
559	</para>
560	<indexterm zone="mitkrb kinit">
561	<primary sortas="b-kinit">kinit</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="klist">
567	<term><command>klist</command></term>
568	<listitem>
569	<para>
570	reads and displays the current tickets in
571	the credential cache.
572	</para>
573	<indexterm zone="mitkrb klist">
574	<primary sortas="b-klist">klist</primary>
575	</indexterm>
576	</listitem>
577	</varlistentry>
578
579	<varlistentry id="kpasswd">
580	<term><command>kpasswd</command></term>
581	<listitem>
582	<para>
583	is a program for changing Kerberos 5 passwords.
584	</para>
585	<indexterm zone="mitkrb kpasswd">
586	<primary sortas="b-kpasswd">kpasswd</primary>
587	</indexterm>
588	</listitem>
589	</varlistentry>
590
591	<varlistentry id="kprop">
592	<term><command>kprop</command></term>
593	<listitem>
594	<para>
595	takes a principal database in a specified format and
596	converts it into a stream of database records.
597	</para>
598	<indexterm zone="mitkrb kprop">
599	<primary sortas="b-kprop">kprop</primary>
600	</indexterm>
601	</listitem>
602	</varlistentry>
603
604	<varlistentry id="kpropd">
605	<term><command>kpropd</command></term>
606	<listitem>
607	<para>
608	receives a database sent by <command>kprop</command>
609	and writes it as a local database.
610	</para>
611	<indexterm zone="mitkrb kpropd">
612	<primary sortas="b-kpropd">kpropd</primary>
613	</indexterm>
614	</listitem>
615	</varlistentry>
616
617	<varlistentry id="krb5-config-prog2">
618	<term><command>krb5-config</command></term>
619	<listitem>
620	<para>
621	gives information on how to link programs against
622	libraries.
623	</para>
624	<indexterm zone="mitkrb krb5-config-prog2">
625	<primary sortas="b-krb5-config">krb5-config</primary>
626	</indexterm>
627	</listitem>
628	</varlistentry>
629
630	<varlistentry id="krb5kdc">
631	<term><command>krb5kdc</command></term>
632	<listitem>
633	<para>
634	is the <application>Kerberos 5</application> server.
635	</para>
636	<indexterm zone="mitkrb krb5kdc">
637	<primary sortas="b-krb5kdc">krb5kdc</primary>
638	</indexterm>
639	</listitem>
640	</varlistentry>
641
642	<varlistentry id="ksu">
643	<term><command>ksu</command></term>
644	<listitem>
645	<para>
646	is the super user program using Kerberos protocol.
647	Requires a properly configured
648	<filename>/etc/shells</filename> and
649	<filename>~/.k5login</filename> containing principals
650	authorized to become super users.
651	</para>
652	<indexterm zone="mitkrb ksu">
653	<primary sortas="b-ksu">ksu</primary>
654	</indexterm>
655	</listitem>
656	</varlistentry>
657
658	<varlistentry id="kswitch">
659	<term><command>kswitch</command></term>
660	<listitem>
661	<para>
662	makes the specified credential cache the
663	primary cache for the collection, if a cache
664	collection is available.
665	</para>
666	<indexterm zone="mitkrb kswitch">
667	<primary sortas="b-kswitch">kswitch</primary>
668	</indexterm>
669	</listitem>
670	</varlistentry>
671
672	<varlistentry id="ktutil">
673	<term><command>ktutil</command></term>
674	<listitem>
675	<para>
676	is a program for managing Kerberos keytabs.
677	</para>
678	<indexterm zone="mitkrb ktutil">
679	<primary sortas="b-ktutil">ktutil</primary>
680	</indexterm>
681	</listitem>
682	</varlistentry>
683
684	<varlistentry id="kvno">
685	<term><command>kvno</command></term>
686	<listitem>
687	<para>
688	prints keyversion numbers of Kerberos principals.
689	</para>
690	<indexterm zone="mitkrb kvno">
691	<primary sortas="b-kvno">kvno</primary>
692	</indexterm>
693	</listitem>
694	</varlistentry>
695
696	<varlistentry id="sclient">
697	<term><command>sclient</command></term>
698	<listitem>
699	<para>
700	used to contact a sample server and authenticate to it
701	using Kerberos 5 tickets, then display the server's
702	response.
703	</para>
704	<indexterm zone="mitkrb sclient">
705	<primary sortas="b-sclient">sclient</primary>
706	</indexterm>
707	</listitem>
708	</varlistentry>
709
710	<varlistentry id="sserver">
711	<term><command>sserver</command></term>
712	<listitem>
713	<para>
714	is the sample Kerberos 5 server.
715	</para>
716	<indexterm zone="mitkrb sserver">
717	<primary sortas="b-sserver">sserver</primary>
718	</indexterm>
719	</listitem>
720	</varlistentry>
721
722	<varlistentry id="libgssapi_krb5">
723	<term><filename class='libraryfile'>libgssapi_krb5.so</filename></term>
724	<listitem>
725	<para>
726	contain the Generic Security Service Application Programming
727	Interface (GSSAPI) functions which provides security services
728	to callers in a generic fashion, supportable with a range of
729	underlying mechanisms and technologies and hence allowing
730	source-level portability of applications to different
731	environments.
732	</para>
733	<indexterm zone="mitkrb libgssapi_krb5">
734	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
735	</indexterm>
736	</listitem>
737	</varlistentry>
738
739	<varlistentry id="libkadm5clnt">
740	<term><filename class='libraryfile'>libkadm5clnt.so</filename></term>
741	<listitem>
742	<para>
743	contains the administrative authentication and password checking
744	functions required by Kerberos 5 client-side programs.
745	</para>
746	<indexterm zone="mitkrb libkadm5clnt">
747	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
748	</indexterm>
749	</listitem>
750	</varlistentry>
751
752	<varlistentry id="libkadm5srv">
753	<term><filename class='libraryfile'>libkadm5srv.so</filename></term>
754	<listitem>
755	<para>
756	contain the administrative authentication and password
757	checking functions required by Kerberos 5 servers.
758	</para>
759	<indexterm zone="mitkrb libkadm5srv">
760	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
761	</indexterm>
762	</listitem>
763	</varlistentry>
764
765	<varlistentry id="libkdb5">
766	<term><filename class='libraryfile'>libkdb5.so</filename></term>
767	<listitem>
768	<para>
769	is a Kerberos 5 authentication/authorization database
770	access library.
771	</para>
772	<indexterm zone="mitkrb libkdb5">
773	<primary sortas="c-libkdb5">libkdb5.so</primary>
774	</indexterm>
775	</listitem>
776	</varlistentry>
777
778	<varlistentry id="libkrb5">
779	<term><filename class='libraryfile'>libkrb5.so</filename></term>
780	<listitem>
781	<para>
782	is an all-purpose <application>Kerberos 5</application> library.
783	</para>
784	<indexterm zone="mitkrb libkrb5">
785	<primary sortas="c-libkrb5">libkrb5.so</primary>
786	</indexterm>
787	</listitem>
788	</varlistentry>
789
790	</variablelist>
791
792	</sect2>
793
794	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 98dd5b8

Download in other formats: