Context Navigation

mitkrb.xml@ 9e9cd2a2

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 9e9cd2a2 was 9e9cd2a2, checked in by Bruce Dubbs <bdubbs@…>, 12 years ago

Update book title and copyright date.

Remove portmap and nfs-utils at least until upstream gets their act together.
Stable NIS and NFS headers and functions not currently available from any
source.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8950 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 29.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.6/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "a365e39ff7d39639556c2797a0e1c3f4">
10	<!ENTITY mitkrb-size "12.0 MB">
11	<!ENTITY mitkrb-buildsize "124 MB">
12	<!ENTITY mitkrb-time "1.4 SBU">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para><application>MIT Kerberos V5</application> is a free implementation
33	of Kerberos 5. Kerberos is a network authentication protocol. It
34	centralizes the authentication database and uses kerberized
35	applications to work with servers or services that support Kerberos
36	allowing single logins and encrypted communication over internal
37	networks or the Internet.</para>
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
43	</listitem>
44	<listitem>
45	<para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
46	</listitem>
47	<listitem>
48	<para>Download MD5 sum: &mitkrb-md5sum;</para>
49	</listitem>
50	<listitem>
51	<para>Download size: &mitkrb-size;</para>
52	</listitem>
53	<listitem>
54	<para>Estimated disk space required: &mitkrb-buildsize;</para>
55	</listitem>
56	<listitem>
57	<para>Estimated build time: &mitkrb-time;</para>
58	</listitem>
59	</itemizedlist>
60
61	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
62
63	<bridgehead renderas="sect4">Optional</bridgehead>
64	<para role="optional"><xref linkend="linux-pam"/>
65	(for <command>xdm</command> based logins),
66	<xref linkend="openldap"/>, and
67	<xref linkend="dejagnu"/> (required to run the test suite)</para>
68
69	<note>
70	<para>Some sort of time synchronization facility on your system (like
71	<xref linkend="ntp"/>) is required since Kerberos won't authenticate if
72	there is a time difference between a kerberized client and the
73	KDC server.</para>
74	</note>
75
76	<para condition="html" role="usernotes">User Notes:
77	<ulink url="&blfs-wiki;/mitkrb"/></para>
78
79	</sect2>
80
81	<sect2 role="installation">
82	<title>Installation of MIT Kerberos V5</title>
83
84	<para><application>MIT Kerberos V5</application> is distributed in a
85	TAR file containing a compressed TAR package and a detached PGP
86	<filename class="extension">ASC</filename> file. You'll need to unpack
87	the distribution tar file, then unpack the compressed tar file before
88	starting the build.</para>
89
90	<para>After unpacking the distribution tarball and if you have
91	<xref linkend="gnupg"/> installed, you can
92	authenticate the package with the following command:</para>
93
94	<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
95
96	<para>Build <application>MIT Kerberos V5</application> by running the
97	following commands:</para>
98
99	<screen><userinput>cd src &&
100	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
101	--prefix=/usr \
102	--sysconfdir=/etc/krb5 \
103	--localstatedir=/var/lib \
104	--with-system-et \
105	--with-system-ss \
106	--enable-dns-for-realm \
107	--mandir=/usr/share/man &&
108	make</userinput></screen>
109
110	<para>The regression test suite is designed to be run after the
111	installation has been completed.</para>
112
113	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115	<screen role="root"><userinput>make install &&
116
117	mv -v /usr/bin/ksu /bin &&
118	chmod -v 755 /bin/ksu &&
119	mv -v /usr/lib/libkrb5.so.3* /lib &&
120	mv -v /usr/lib/libk5crypto.so.3* /lib &&
121	mv -v /usr/lib/libkrb5support.so.0* /lib &&
122
123	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
124	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
125	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so&&
126
127	install -m644 -v ../doc/.info /usr/share/info &&
128	for INFOFILE in 425 5-admin 5-install 5-user; do
129	install-info --info-dir=/usr/share/info \
130	/usr/share/info/krb$INFOFILE.info
131	rm ../doc/krb$INFOFILE.info*
132	done &&
133
134	install -m755 -v -d /usr/share/doc/krb5-&mitkrb-version; &&
135	cp -Rv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
136
137	<warning>
138	<para><command>login.krb5</command> does not support
139	<application>Shadow</application> passwords. As a result, when the
140	Kerberos server is unavailable, the default fall through to
141	<filename>/etc/passwd</filename> will not work because
142	the passwords have been moved to <filename>/etc/shadow</filename> during
143	the LFS build process. Entering the following
144	commands without moving the passwords back to
145	<filename>/etc/passwd</filename> could prevent any logins.</para>
146	</warning>
147
148	<para>After considering (and understanding) the above warning, the
149	following commands can be entered as the
150	<systemitem class="username">root</systemitem> user to replace the
151	existing <command>login</command> program with the Kerberized
152	version (after preserving the original) and move the support libraries
153	to a location available when the
154	<filename class='directory'>/usr</filename> filesystem is
155	not mounted:</para>
156
157	<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&
158	install -m755 -v /usr/sbin/login.krb5 /bin/login &&
159
160	mv -v /usr/lib/libdes425.so.3* /lib &&
161	mv -v /usr/lib/libkrb4.so.2* /lib &&
162
163	ln -v -sf ../../lib/libdes425.so.3.0 /usr/lib/libdes425.so &&
164	ln -v -sf ../../lib/libkrb4.so.2.0 /usr/lib/libkrb4.so &&
165
166	ldconfig</userinput></screen>
167
168	<!--
169	<para>If <application>CrackLib</application> is installed, or if any
170	word list has been put in
171	<filename class='directory'>/usr/share/dict</filename>, the following
172	should be entered as the <systemitem class="username">root</systemitem>
173	user:</para>
174
175	<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
176	-->
177
178	<!-- Remove this for now as portmap cannot be built until upstream fixes it
179
180	<para>To test the installation, you must have
181	<xref linkend="dejagnu"/> installed and issue: <command>make
182	check</command>. The RPC layer tests will require a portmap daemon
183	(see <xref linkend="portmap"/>) running and configured to listen on the
184	regular network interface (not localhost). See the <quote>Testing the
185	Build</quote> section of the <filename>krb5-install.html</filename> file
186	in the <filename class='directory'>../doc</filename> directory for complete
187	information on running the regression tests.</para>
188	-->
189	</sect2>
190
191	<sect2 role="commands">
192	<title>Command Explanations</title>
193
194	<para><parameter>--enable-dns-for-realm</parameter>: This parameter allows
195	realms to be resolved using the DNS server.</para>
196
197	<para><parameter>--with-system-et</parameter>: This parameter causes the
198	build to use the system-installed versions of the error-table support
199	software.</para>
200
201	<para><parameter>--with-system-ss</parameter>: This parameter causes the
202	build to use the system-installed versions of the subsystem command-line
203	interface software.</para>
204
205	<para><parameter>--localstatedir=/var/lib</parameter>: This parameter is
206	used so that the Kerberos variable run-time data is located in
207	<filename class='directory'>/var/lib</filename> instead of
208	<filename class='directory'>/usr/var</filename>.</para>
209
210	<!-- <para><parameter>- -enable-static</parameter>: This switch builds static
211	libraries in addition to the shared libraries.</para> -->
212
213	<para><command>mv -v /usr/bin/ksu /bin</command>: Moves the
214	<command>ksu</command> program to the
215	<filename class="directory">/bin</filename> directory so that it is
216	available when the <filename class="directory">/usr</filename>
217	filesystem is not mounted.</para>
218
219	<para><command>mv -v ... /lib && ln -v -sf ...</command>:
220	These libraries are moved to <filename class="directory">/lib</filename> so
221	they are available when the <filename class="directory">/usr</filename>
222	filesystem is not mounted.</para>
223
224	</sect2>
225
226	<sect2 role="configuration">
227	<title>Configuring MIT Kerberos V5</title>
228
229	<sect3 id="krb5-config">
230	<title>Config Files</title>
231
232	<para><filename>/etc/krb5/krb5.conf</filename> and
233	<filename>/var/lib/krb5kdc/kdc.conf</filename></para>
234
235	<indexterm zone="mitkrb krb5-config">
236	<primary sortas="e-etc-krb5-krb5.conf">/etc/krb5/krb5.conf</primary>
237	</indexterm>
238
239	<indexterm zone="mitkrb krb5-config">
240	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
241	</indexterm>
242
243	</sect3>
244
245	<sect3>
246	<title>Configuration Information</title>
247
248	<sect4>
249	<title>Kerberos Configuration</title>
250
251	<tip>
252	<para>You should consider installing some sort of password checking
253	dictionary so that you can configure the installation to only
254	accept strong passwords. A suitable dictionary to use is shown in
255	the <xref linkend="cracklib"/> instructions. Note that only one
256	file can be used, but you can concatenate many files into one. The
257	configuration file shown below assumes you have installed a
258	dictionary to <filename>/usr/share/dict/words</filename>.</para>
259	</tip>
260
261	<para>Create the Kerberos configuration file with the following
262	commands issued by the <systemitem class="username">root</systemitem>
263	user:</para>
264
265	<screen role="root"><userinput>install -v -m755 -d /etc/krb5 &&
266	cat > /etc/krb5/krb5.conf << "EOF"
267	<literal># Begin /etc/krb5/krb5.conf
268
269	[libdefaults]
270	default_realm = <replaceable><LFS.ORG></replaceable>
271	encrypt = true
272
273	[realms]
274	<replaceable><LFS.ORG></replaceable> = {
275	kdc = <replaceable><belgarath.lfs.org></replaceable>
276	admin_server = <replaceable><belgarath.lfs.org></replaceable>
277	dict_file = /usr/share/dict/words
278	}
279
280	[domain_realm]
281	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
282
283	[logging]
284	kdc = SYSLOG[:INFO[:AUTH]]
285	admin_server = SYSLOG[INFO[:AUTH]]
286	default = SYSLOG[[:SYS]]
287
288	# End /etc/krb5/krb5.conf</literal>
289	EOF</userinput></screen>
290
291	<para>You will need to substitute your domain and proper hostname
292	for the occurrences of the <replaceable><belgarath></replaceable> and
293	<replaceable><lfs.org></replaceable> names.</para>
294
295	<para><option>default_realm</option> should be the name of your
296	domain changed to ALL CAPS. This isn't required, but both
297	<application>Heimdal</application> and MIT recommend it.</para>
298
299	<para><option>encrypt = true</option> provides encryption of all
300	traffic between kerberized clients and servers. It's not necessary
301	and can be left off. If you leave it off, you can encrypt all traffic
302	from the client to the server using a switch on the client program
303	instead.</para>
304
305	<para>The <option>[realms]</option> parameters tell the client
306	programs where to look for the KDC authentication services.</para>
307
308	<para>The <option>[domain_realm]</option> section maps a domain to
309	a realm.</para>
310
311	<para>Create the KDC database:</para>
312
313	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
314
315	<para>Now you should populate the database with principles
316	(users). For now, just use your regular login name or
317	<systemitem class="username">root</systemitem>.</para>
318
319	<screen role="root"><userinput>kadmin.local
320	<prompt>kadmin:</prompt> add_policy dict-only
321	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
322
323	<para>The KDC server and any machine running kerberized
324	server daemons must have a host key installed:</para>
325
326	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
327
328	<para>After choosing the defaults when prompted, you will have to
329	export the data to a keytab file:</para>
330
331	<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
332
333	<para>This should have created a file in
334	<filename class="directory">/etc/krb5</filename> named
335	<filename>krb5.keytab</filename> (Kerberos 5). This file should
336	have 600 (<systemitem class="username">root</systemitem> rw only)
337	permissions. Keeping the keytab files from public access is crucial
338	to the overall security of the Kerberos installation.</para>
339
340	<para>Eventually, you'll want to add server daemon principles to the
341	database and extract them to the keytab file. You do this in the same
342	way you created the host principles. Below is an example:</para>
343
344	<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable><belgarath.lfs.org></replaceable>
345	<prompt>kadmin:</prompt> ktadd ftp/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
346
347	<para>Exit the <command>kadmin</command> program (use
348	<command>quit</command> or <command>exit</command>) and return
349	back to the shell prompt. Start the KDC daemon manually, just to
350	test out the installation:</para>
351
352	<screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen>
353
354	<para>Attempt to get a ticket with the following command:</para>
355
356	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
357
358	<para>You will be prompted for the password you created. After you
359	get your ticket, you can list it with the following command:</para>
360
361	<screen><userinput>klist</userinput></screen>
362
363	<para>Information about the ticket should be displayed on the
364	screen.</para>
365
366	<para>To test the functionality of the keytab file, issue the
367	following command:</para>
368
369	<screen><userinput>ktutil
370	<prompt>ktutil:</prompt> rkt /etc/krb5/krb5.keytab
371	<prompt>ktutil:</prompt> l</userinput></screen>
372
373	<para>This should dump a list of the host principal, along with
374	the encryption methods used to access the principal.</para>
375
376	<para>At this point, if everything has been successful so far, you
377	can feel fairly confident in the installation and configuration of
378	the package.</para>
379
380	<para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
381	script included in the <xref linkend="bootscripts"/>
382	package.</para>
383
384	<screen role="root"><userinput>make install-kerberos</userinput></screen>
385
386	</sect4>
387
388	<sect4>
389	<title>Using Kerberized Client Programs</title>
390
391	<para>To use the kerberized client programs (<command>telnet</command>,
392	<command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
393	<command>rlogin</command>), you first must get an authentication ticket.
394	Use the <command>kinit</command> program to get the ticket. After you've
395	acquired the ticket, you can use the kerberized programs to connect to
396	any kerberized server on the network. You will not be prompted for
397	authentication until your ticket expires (default is one day), unless
398	you specify a different user as a command line argument to the
399	program.</para>
400
401	<para>The kerberized programs will connect to non kerberized daemons,
402	warning you that authentication is not encrypted.</para>
403
404	</sect4>
405
406	<sect4>
407	<title>Using Kerberized Server Programs</title>
408
409	<para>Using kerberized server programs (<command>telnetd</command>,
410	<command>kpropd</command>, <command>klogind</command> and
411	<command>kshd</command>) requires two additional configuration steps.
412	First the <filename>/etc/services</filename> file must be updated to
413	include eklogin and krb5_prop. Second, the
414	<filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
415	must be modified for each server that will be activated, usually
416	replacing the server from <xref linkend="inetutils"/>.</para>
417
418	</sect4>
419
420	<sect4>
421	<title>Additional Information</title>
422
423	<para>For additional information consult <ulink
424	url="http://web.mit.edu/kerberos/www/krb5-1.6/#documentation">
425	Documentation for krb-&mitkrb-version;</ulink> on which the above
426	instructions are based.</para>
427
428	</sect4>
429
430	</sect3>
431
432	</sect2>
433
434	<sect2 role="content">
435	<title>Contents</title>
436	<para></para>
437
438	<segmentedlist>
439	<segtitle>Installed Programs</segtitle>
440	<segtitle>Installed Libraries</segtitle>
441	<segtitle>Installed Directories</segtitle>
442
443	<seglistitem>
444	<seg>ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
445	kadmin.local, kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
446	klogind, kpasswd, kprop, kpropd, krb5-config, krb5-send-pr, krb524d,
447	krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
448	rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
449	uuclient, uuserver and v4rcp</seg>
450	<seg>libdes425.so, libgssapi_krb5.so,
451	libgssrpc.so, libk5crypto.so, libkadm5clnt.so, libkadm5srv.so,
452	libkdb5.so, libkdb_ldap.so, libkrb4.so, libkrb5.so and
453	libkrb5support.so</seg>
454	<seg>/etc/krb5, /usr/include/{gssapi,gssrpc,kerberosIV,krb5},
455	/usr/lib/krb5, /usr/share/{doc/krb5-&mitkrb-version;,examples,gnats}
456	and /var/lib/krb5kdc</seg>
457	</seglistitem>
458	</segmentedlist>
459
460	<variablelist>
461	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
462	<?dbfo list-presentation="list"?>
463	<?dbhtml list-presentation="table"?>
464
465	<varlistentry id="ftp-mitkrb">
466	<term><command>ftp</command></term>
467	<listitem>
468	<para>is a kerberized FTP client.</para>
469	<indexterm zone="mitkrb ftp-mitkrb">
470	<primary sortas="b-ftp">ftp</primary>
471	</indexterm>
472	</listitem>
473	</varlistentry>
474
475	<varlistentry id="ftpd-mitkrb">
476	<term><command>ftpd</command></term>
477	<listitem>
478	<para>is a kerberized FTP daemon.</para>
479	<indexterm zone="mitkrb ftpd-mitkrb">
480	<primary sortas="b-ftpd">ftpd</primary>
481	</indexterm>
482	</listitem>
483	</varlistentry>
484
485	<varlistentry id="k5srvutil">
486	<term><command>k5srvutil</command></term>
487	<listitem>
488	<para>is a host keytable manipulation utility.</para>
489	<indexterm zone="mitkrb k5srvutil">
490	<primary sortas="b-k5srvutil">k5srvutil</primary>
491	</indexterm>
492	</listitem>
493	</varlistentry>
494
495	<varlistentry id="kadmin-mitkrb">
496	<term><command>kadmin</command></term>
497	<listitem>
498	<para>is an utility used to make modifications
499	to the Kerberos database.</para>
500	<indexterm zone="mitkrb kadmin-mitkrb">
501	<primary sortas="b-kadmin">kadmin</primary>
502	</indexterm>
503	</listitem>
504	</varlistentry>
505
506	<varlistentry id="kadmind-mitkrb">
507	<term><command>kadmind</command></term>
508	<listitem>
509	<para>is a server for administrative access
510	to a Kerberos database.</para>
511	<indexterm zone="mitkrb kadmind-mitkrb">
512	<primary sortas="b-kadmind">kadmind</primary>
513	</indexterm>
514	</listitem>
515	</varlistentry>
516
517	<varlistentry id="kdb5_util">
518	<term><command>kdb5_util</command></term>
519	<listitem>
520	<para>is the KDC database utility.</para>
521	<indexterm zone="mitkrb kdb5_util">
522	<primary sortas="b-kdb5_util">kdb5_util</primary>
523	</indexterm>
524	</listitem>
525	</varlistentry>
526
527	<varlistentry id="kdestroy-mitkrb">
528	<term><command>kdestroy</command></term>
529	<listitem>
530	<para>removes the current set of tickets.</para>
531	<indexterm zone="mitkrb kdestroy-mitkrb">
532	<primary sortas="b-kdestroy">kdestroy</primary>
533	</indexterm>
534	</listitem>
535	</varlistentry>
536
537	<varlistentry id="kinit-mitkrb">
538	<term><command>kinit</command></term>
539	<listitem>
540	<para>is used to authenticate to the Kerberos server as a
541	principal and acquire a ticket granting ticket that can
542	later be used to obtain tickets for other services.</para>
543	<indexterm zone="mitkrb kinit-mitkrb">
544	<primary sortas="b-kinit">kinit</primary>
545	</indexterm>
546	</listitem>
547	</varlistentry>
548
549	<varlistentry id="klist-mitkrb">
550	<term><command>klist</command></term>
551	<listitem>
552	<para>reads and displays the current tickets in
553	the credential cache.</para>
554	<indexterm zone="mitkrb klist-mitkrb">
555	<primary sortas="b-klist">klist</primary>
556	</indexterm>
557	</listitem>
558	</varlistentry>
559
560	<varlistentry id="klogind">
561	<term><command>klogind</command></term>
562	<listitem>
563	<para>is the server that responds to <command>rlogin</command>
564	requests.</para>
565	<indexterm zone="mitkrb klogind">
566	<primary sortas="b-klogind">klogind</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="kpasswd-mitkrb">
572	<term><command>kpasswd</command></term>
573	<listitem>
574	<para>is a program for changing Kerberos 5 passwords.</para>
575	<indexterm zone="mitkrb kpasswd-mitkrb">
576	<primary sortas="b-kpasswd">kpasswd</primary>
577	</indexterm>
578	</listitem>
579	</varlistentry>
580
581	<varlistentry id="kprop">
582	<term><command>kprop</command></term>
583	<listitem>
584	<para>takes a principal database in a specified format and
585	converts it into a stream of database records.</para>
586	<indexterm zone="mitkrb kprop">
587	<primary sortas="b-kprop">kprop</primary>
588	</indexterm>
589	</listitem>
590	</varlistentry>
591
592	<varlistentry id="kpropd">
593	<term><command>kpropd</command></term>
594	<listitem>
595	<para>receives a database sent by <command>kprop</command>
596	and writes it as a local database.</para>
597	<indexterm zone="mitkrb kpropd">
598	<primary sortas="b-kpropd">kpropd</primary>
599	</indexterm>
600	</listitem>
601	</varlistentry>
602
603	<varlistentry id="krb5-config-prog2">
604	<term><command>krb5-config</command></term>
605	<listitem>
606	<para>gives information on how to link programs against
607	libraries.</para>
608	<indexterm zone="mitkrb krb5-config-prog2">
609	<primary sortas="b-krb5-config">krb5-config</primary>
610	</indexterm>
611	</listitem>
612	</varlistentry>
613
614	<varlistentry id="krb5kdc">
615	<term><command>krb5kdc</command></term>
616	<listitem>
617	<para>is a Kerberos 5 server.</para>
618	<indexterm zone="mitkrb krb5kdc">
619	<primary sortas="b-krb5kdc">krb5kdc</primary>
620	</indexterm>
621	</listitem>
622	</varlistentry>
623
624	<varlistentry id="kshd">
625	<term><command>kshd</command></term>
626	<listitem>
627	<para>is the server that responds to <command>rsh</command>
628	requests.</para>
629	<indexterm zone="mitkrb kshd">
630	<primary sortas="b-kshd">kshd</primary>
631	</indexterm>
632	</listitem>
633	</varlistentry>
634
635	<varlistentry id="ksu">
636	<term><command>ksu</command></term>
637	<listitem>
638	<para>is the super user program using Kerberos protocol.
639	Requires a properly configured
640	<filename class="directory">/etc/shells</filename> and
641	<filename>~/.k5login</filename> containing principals
642	authorized to become super users.</para>
643	<indexterm zone="mitkrb ksu">
644	<primary sortas="b-ksu">ksu</primary>
645	</indexterm>
646	</listitem>
647	</varlistentry>
648
649	<varlistentry id="ktutil-mitkrb">
650	<term><command>ktutil</command></term>
651	<listitem>
652	<para>is a program for managing Kerberos keytabs.</para>
653	<indexterm zone="mitkrb ktutil-mitkrb">
654	<primary sortas="b-ktutil">ktutil</primary>
655	</indexterm>
656	</listitem>
657	</varlistentry>
658
659	<varlistentry id="kvno">
660	<term><command>kvno</command></term>
661	<listitem>
662	<para>prints keyversion numbers of Kerberos principals.</para>
663	<indexterm zone="mitkrb kvno">
664	<primary sortas="b-kvno">kvno</primary>
665	</indexterm>
666	</listitem>
667	</varlistentry>
668
669	<varlistentry id="login.krb5">
670	<term><command>login.krb5</command></term>
671	<listitem>
672	<para>is a kerberized login program.</para>
673	<indexterm zone="mitkrb login">
674	<primary sortas="b-login.krb5">login.krb5</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="rcp-mitkrb">
680	<term><command>rcp</command></term>
681	<listitem>
682	<para>is a kerberized rcp client program.</para>
683	<indexterm zone="mitkrb rcp-mitkrb">
684	<primary sortas="b-rcp">rcp</primary>
685	</indexterm>
686	</listitem>
687	</varlistentry>
688
689	<varlistentry id="rlogin">
690	<term><command>rlogin</command></term>
691	<listitem>
692	<para>is a kerberized rlogin client program.</para>
693	<indexterm zone="mitkrb rlogin">
694	<primary sortas="b-rlogin">rlogin</primary>
695	</indexterm>
696	</listitem>
697	</varlistentry>
698
699	<varlistentry id="rsh-mitkrb">
700	<term><command>rsh</command></term>
701	<listitem>
702	<para>is a kerberized rsh client program.</para>
703	<indexterm zone="mitkrb rsh-mitkrb">
704	<primary sortas="b-rsh">rsh</primary>
705	</indexterm>
706	</listitem>
707	</varlistentry>
708
709	<varlistentry id="telnet-mitkrb">
710	<term><command>telnet</command></term>
711	<listitem>
712	<para>is a kerberized telnet client program.</para>
713	<indexterm zone="mitkrb telnet-mitkrb">
714	<primary sortas="b-telnet">telnet</primary>
715	</indexterm>
716	</listitem>
717	</varlistentry>
718
719	<varlistentry id="telnetd-mitkrb">
720	<term><command>telnetd</command></term>
721	<listitem>
722	<para>is a kerberized telnet server.</para>
723	<indexterm zone="mitkrb telnetd-mitkrb">
724	<primary sortas="b-telnetd">telnetd</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="libgssapi_krb5-mitkrb">
730	<term><filename class='libraryfile'>libgssapi_krb5.so</filename></term>
731	<listitem>
732	<para>contain the Generic Security Service Application
733	Programming Interface (GSSAPI) functions which provides security
734	services to callers in a generic fashion, supportable with a range of
735	underlying mechanisms and technologies and hence allowing source-level
736	portability of applications to different environments.</para>
737	<indexterm zone="mitkrb libgssapi_krb5-mitkrb">
738	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="libkadm5clnt-mitkrb">
744	<term><filename class='libraryfile'>libkadm5clnt.so</filename></term>
745	<listitem>
746	<para>contains the administrative authentication and password
747	checking functions required by Kerberos 5 client-side programs.</para>
748	<indexterm zone="mitkrb libkadm5clnt-mitkrb">
749	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
750	</indexterm>
751	</listitem>
752	</varlistentry>
753
754	<varlistentry id="libkadm5srv-mitkrb">
755	<term><filename class='libraryfile'>libkadm5srv.so</filename></term>
756	<listitem>
757	<para>contain the administrative authentication and password
758	checking functions required by Kerberos 5 servers.</para>
759	<indexterm zone="mitkrb libkadm5srv-mitkrb">
760	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
761	</indexterm>
762	</listitem>
763	</varlistentry>
764
765	<varlistentry id="libkdb5">
766	<term><filename class='libraryfile'>libkdb5.so</filename></term>
767	<listitem>
768	<para>is a Kerberos 5 authentication/authorization database
769	access library.</para>
770	<indexterm zone="mitkrb libkdb5">
771	<primary sortas="c-libkdb5">libkdb5.so</primary>
772	</indexterm>
773	</listitem>
774	</varlistentry>
775
776	<varlistentry id="libkrb5-mitkrb">
777	<term><filename class='libraryfile'>libkrb5.so</filename></term>
778	<listitem>
779	<para>is an all-purpose Kerberos 5 library.</para>
780	<indexterm zone="mitkrb libkrb5-mitkrb">
781	<primary sortas="c-libkrb5">libkrb5.so</primary>
782	</indexterm>
783	</listitem>
784	</varlistentry>
785
786	</variablelist>
787
788	</sect2>
789
790	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ 9e9cd2a2

Download in other formats: