source: postlfs/security/mitkrb.xml@ 9e9cd2a2

10.0 10.1 11.0 11.1 11.2 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 9e9cd2a2 was 9e9cd2a2, checked in by Bruce Dubbs <bdubbs@…>, 11 years ago

Update book title and copyright date.

Remove portmap and nfs-utils at least until upstream gets their act together.
Stable NIS and NFS headers and functions not currently available from any
source.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8950 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 29.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.6/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "a365e39ff7d39639556c2797a0e1c3f4">
10 <!ENTITY mitkrb-size "12.0 MB">
11 <!ENTITY mitkrb-buildsize "124 MB">
12 <!ENTITY mitkrb-time "1.4 SBU">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para><application>MIT Kerberos V5</application> is a free implementation
33 of Kerberos 5. Kerberos is a network authentication protocol. It
34 centralizes the authentication database and uses kerberized
35 applications to work with servers or services that support Kerberos
36 allowing single logins and encrypted communication over internal
37 networks or the Internet.</para>
38
39 <bridgehead renderas="sect3">Package Information</bridgehead>
40 <itemizedlist spacing="compact">
41 <listitem>
42 <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
43 </listitem>
44 <listitem>
45 <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
46 </listitem>
47 <listitem>
48 <para>Download MD5 sum: &mitkrb-md5sum;</para>
49 </listitem>
50 <listitem>
51 <para>Download size: &mitkrb-size;</para>
52 </listitem>
53 <listitem>
54 <para>Estimated disk space required: &mitkrb-buildsize;</para>
55 </listitem>
56 <listitem>
57 <para>Estimated build time: &mitkrb-time;</para>
58 </listitem>
59 </itemizedlist>
60
61 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
62
63 <bridgehead renderas="sect4">Optional</bridgehead>
64 <para role="optional"><xref linkend="linux-pam"/>
65 (for <command>xdm</command> based logins),
66 <xref linkend="openldap"/>, and
67 <xref linkend="dejagnu"/> (required to run the test suite)</para>
68
69 <note>
70 <para>Some sort of time synchronization facility on your system (like
71 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if
72 there is a time difference between a kerberized client and the
73 KDC server.</para>
74 </note>
75
76 <para condition="html" role="usernotes">User Notes:
77 <ulink url="&blfs-wiki;/mitkrb"/></para>
78
79 </sect2>
80
81 <sect2 role="installation">
82 <title>Installation of MIT Kerberos V5</title>
83
84 <para><application>MIT Kerberos V5</application> is distributed in a
85 TAR file containing a compressed TAR package and a detached PGP
86 <filename class="extension">ASC</filename> file. You'll need to unpack
87 the distribution tar file, then unpack the compressed tar file before
88 starting the build.</para>
89
90 <para>After unpacking the distribution tarball and if you have
91 <xref linkend="gnupg"/> installed, you can
92 authenticate the package with the following command:</para>
93
94<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
95
96 <para>Build <application>MIT Kerberos V5</application> by running the
97 following commands:</para>
98
99<screen><userinput>cd src &amp;&amp;
100./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
101 --prefix=/usr \
102 --sysconfdir=/etc/krb5 \
103 --localstatedir=/var/lib \
104 --with-system-et \
105 --with-system-ss \
106 --enable-dns-for-realm \
107 --mandir=/usr/share/man &amp;&amp;
108make</userinput></screen>
109
110 <para>The regression test suite is designed to be run after the
111 installation has been completed.</para>
112
113 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115<screen role="root"><userinput>make install &amp;&amp;
116
117mv -v /usr/bin/ksu /bin &amp;&amp;
118chmod -v 755 /bin/ksu &amp;&amp;
119mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
120mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
121mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
122
123ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
124ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
125ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so&amp;&amp;
126
127install -m644 -v ../doc/*.info* /usr/share/info &amp;&amp;
128for INFOFILE in 425 5-admin 5-install 5-user; do
129 install-info --info-dir=/usr/share/info \
130 /usr/share/info/krb$INFOFILE.info
131 rm ../doc/krb$INFOFILE.info*
132done &amp;&amp;
133
134install -m755 -v -d /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
135cp -Rv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
136
137 <warning>
138 <para><command>login.krb5</command> does not support
139 <application>Shadow</application> passwords. As a result, when the
140 Kerberos server is unavailable, the default fall through to
141 <filename>/etc/passwd</filename> will not work because
142 the passwords have been moved to <filename>/etc/shadow</filename> during
143 the LFS build process. Entering the following
144 commands without moving the passwords back to
145 <filename>/etc/passwd</filename> could prevent any logins.</para>
146 </warning>
147
148 <para>After considering (and understanding) the above warning, the
149 following commands can be entered as the
150 <systemitem class="username">root</systemitem> user to replace the
151 existing <command>login</command> program with the Kerberized
152 version (after preserving the original) and move the support libraries
153 to a location available when the
154 <filename class='directory'>/usr</filename> filesystem is
155 not mounted:</para>
156
157<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &amp;&amp;
158install -m755 -v /usr/sbin/login.krb5 /bin/login &amp;&amp;
159
160mv -v /usr/lib/libdes425.so.3* /lib &amp;&amp;
161mv -v /usr/lib/libkrb4.so.2* /lib &amp;&amp;
162
163ln -v -sf ../../lib/libdes425.so.3.0 /usr/lib/libdes425.so &amp;&amp;
164ln -v -sf ../../lib/libkrb4.so.2.0 /usr/lib/libkrb4.so &amp;&amp;
165
166ldconfig</userinput></screen>
167
168 <!--
169 <para>If <application>CrackLib</application> is installed, or if any
170 word list has been put in
171 <filename class='directory'>/usr/share/dict</filename>, the following
172 should be entered as the <systemitem class="username">root</systemitem>
173 user:</para>
174
175<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
176 -->
177
178<!-- Remove this for now as portmap cannot be built until upstream fixes it
179
180 <para>To test the installation, you must have
181 <xref linkend="dejagnu"/> installed and issue: <command>make
182 check</command>. The RPC layer tests will require a portmap daemon
183 (see <xref linkend="portmap"/>) running and configured to listen on the
184 regular network interface (not localhost). See the <quote>Testing the
185 Build</quote> section of the <filename>krb5-install.html</filename> file
186 in the <filename class='directory'>../doc</filename> directory for complete
187 information on running the regression tests.</para>
188-->
189 </sect2>
190
191 <sect2 role="commands">
192 <title>Command Explanations</title>
193
194 <para><parameter>--enable-dns-for-realm</parameter>: This parameter allows
195 realms to be resolved using the DNS server.</para>
196
197 <para><parameter>--with-system-et</parameter>: This parameter causes the
198 build to use the system-installed versions of the error-table support
199 software.</para>
200
201 <para><parameter>--with-system-ss</parameter>: This parameter causes the
202 build to use the system-installed versions of the subsystem command-line
203 interface software.</para>
204
205 <para><parameter>--localstatedir=/var/lib</parameter>: This parameter is
206 used so that the Kerberos variable run-time data is located in
207 <filename class='directory'>/var/lib</filename> instead of
208 <filename class='directory'>/usr/var</filename>.</para>
209
210 <!-- <para><parameter>- -enable-static</parameter>: This switch builds static
211 libraries in addition to the shared libraries.</para> -->
212
213 <para><command>mv -v /usr/bin/ksu /bin</command>: Moves the
214 <command>ksu</command> program to the
215 <filename class="directory">/bin</filename> directory so that it is
216 available when the <filename class="directory">/usr</filename>
217 filesystem is not mounted.</para>
218
219 <para><command>mv -v ... /lib &amp;&amp; ln -v -sf ...</command>:
220 These libraries are moved to <filename class="directory">/lib</filename> so
221 they are available when the <filename class="directory">/usr</filename>
222 filesystem is not mounted.</para>
223
224 </sect2>
225
226 <sect2 role="configuration">
227 <title>Configuring MIT Kerberos V5</title>
228
229 <sect3 id="krb5-config">
230 <title>Config Files</title>
231
232 <para><filename>/etc/krb5/krb5.conf</filename> and
233 <filename>/var/lib/krb5kdc/kdc.conf</filename></para>
234
235 <indexterm zone="mitkrb krb5-config">
236 <primary sortas="e-etc-krb5-krb5.conf">/etc/krb5/krb5.conf</primary>
237 </indexterm>
238
239 <indexterm zone="mitkrb krb5-config">
240 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
241 </indexterm>
242
243 </sect3>
244
245 <sect3>
246 <title>Configuration Information</title>
247
248 <sect4>
249 <title>Kerberos Configuration</title>
250
251 <tip>
252 <para>You should consider installing some sort of password checking
253 dictionary so that you can configure the installation to only
254 accept strong passwords. A suitable dictionary to use is shown in
255 the <xref linkend="cracklib"/> instructions. Note that only one
256 file can be used, but you can concatenate many files into one. The
257 configuration file shown below assumes you have installed a
258 dictionary to <filename>/usr/share/dict/words</filename>.</para>
259 </tip>
260
261 <para>Create the Kerberos configuration file with the following
262 commands issued by the <systemitem class="username">root</systemitem>
263 user:</para>
264
265<screen role="root"><userinput>install -v -m755 -d /etc/krb5 &amp;&amp;
266cat &gt; /etc/krb5/krb5.conf &lt;&lt; "EOF"
267<literal># Begin /etc/krb5/krb5.conf
268
269[libdefaults]
270 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
271 encrypt = true
272
273[realms]
274 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
275 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
276 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
277 dict_file = /usr/share/dict/words
278 }
279
280[domain_realm]
281 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
282
283[logging]
284 kdc = SYSLOG[:INFO[:AUTH]]
285 admin_server = SYSLOG[INFO[:AUTH]]
286 default = SYSLOG[[:SYS]]
287
288# End /etc/krb5/krb5.conf</literal>
289EOF</userinput></screen>
290
291 <para>You will need to substitute your domain and proper hostname
292 for the occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
293 <replaceable>&lt;lfs.org&gt;</replaceable> names.</para>
294
295 <para><option>default_realm</option> should be the name of your
296 domain changed to ALL CAPS. This isn't required, but both
297 <application>Heimdal</application> and MIT recommend it.</para>
298
299 <para><option>encrypt = true</option> provides encryption of all
300 traffic between kerberized clients and servers. It's not necessary
301 and can be left off. If you leave it off, you can encrypt all traffic
302 from the client to the server using a switch on the client program
303 instead.</para>
304
305 <para>The <option>[realms]</option> parameters tell the client
306 programs where to look for the KDC authentication services.</para>
307
308 <para>The <option>[domain_realm]</option> section maps a domain to
309 a realm.</para>
310
311 <para>Create the KDC database:</para>
312
313<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
314
315 <para>Now you should populate the database with principles
316 (users). For now, just use your regular login name or
317 <systemitem class="username">root</systemitem>.</para>
318
319<screen role="root"><userinput>kadmin.local
320<prompt>kadmin:</prompt> add_policy dict-only
321<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
322
323 <para>The KDC server and any machine running kerberized
324 server daemons must have a host key installed:</para>
325
326<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
327
328 <para>After choosing the defaults when prompted, you will have to
329 export the data to a keytab file:</para>
330
331<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
332
333 <para>This should have created a file in
334 <filename class="directory">/etc/krb5</filename> named
335 <filename>krb5.keytab</filename> (Kerberos 5). This file should
336 have 600 (<systemitem class="username">root</systemitem> rw only)
337 permissions. Keeping the keytab files from public access is crucial
338 to the overall security of the Kerberos installation.</para>
339
340 <para>Eventually, you'll want to add server daemon principles to the
341 database and extract them to the keytab file. You do this in the same
342 way you created the host principles. Below is an example:</para>
343
344<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
345<prompt>kadmin:</prompt> ktadd ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
346
347 <para>Exit the <command>kadmin</command> program (use
348 <command>quit</command> or <command>exit</command>) and return
349 back to the shell prompt. Start the KDC daemon manually, just to
350 test out the installation:</para>
351
352<screen role='root'><userinput>/usr/sbin/krb5kdc &amp;</userinput></screen>
353
354 <para>Attempt to get a ticket with the following command:</para>
355
356<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
357
358 <para>You will be prompted for the password you created. After you
359 get your ticket, you can list it with the following command:</para>
360
361<screen><userinput>klist</userinput></screen>
362
363 <para>Information about the ticket should be displayed on the
364 screen.</para>
365
366 <para>To test the functionality of the keytab file, issue the
367 following command:</para>
368
369<screen><userinput>ktutil
370<prompt>ktutil:</prompt> rkt /etc/krb5/krb5.keytab
371<prompt>ktutil:</prompt> l</userinput></screen>
372
373 <para>This should dump a list of the host principal, along with
374 the encryption methods used to access the principal.</para>
375
376 <para>At this point, if everything has been successful so far, you
377 can feel fairly confident in the installation and configuration of
378 the package.</para>
379
380 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
381 script included in the <xref linkend="bootscripts"/>
382 package.</para>
383
384<screen role="root"><userinput>make install-kerberos</userinput></screen>
385
386 </sect4>
387
388 <sect4>
389 <title>Using Kerberized Client Programs</title>
390
391 <para>To use the kerberized client programs (<command>telnet</command>,
392 <command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
393 <command>rlogin</command>), you first must get an authentication ticket.
394 Use the <command>kinit</command> program to get the ticket. After you've
395 acquired the ticket, you can use the kerberized programs to connect to
396 any kerberized server on the network. You will not be prompted for
397 authentication until your ticket expires (default is one day), unless
398 you specify a different user as a command line argument to the
399 program.</para>
400
401 <para>The kerberized programs will connect to non kerberized daemons,
402 warning you that authentication is not encrypted.</para>
403
404 </sect4>
405
406 <sect4>
407 <title>Using Kerberized Server Programs</title>
408
409 <para>Using kerberized server programs (<command>telnetd</command>,
410 <command>kpropd</command>, <command>klogind</command> and
411 <command>kshd</command>) requires two additional configuration steps.
412 First the <filename>/etc/services</filename> file must be updated to
413 include eklogin and krb5_prop. Second, the
414 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
415 must be modified for each server that will be activated, usually
416 replacing the server from <xref linkend="inetutils"/>.</para>
417
418 </sect4>
419
420 <sect4>
421 <title>Additional Information</title>
422
423 <para>For additional information consult <ulink
424 url="http://web.mit.edu/kerberos/www/krb5-1.6/#documentation">
425 Documentation for krb-&mitkrb-version;</ulink> on which the above
426 instructions are based.</para>
427
428 </sect4>
429
430 </sect3>
431
432 </sect2>
433
434 <sect2 role="content">
435 <title>Contents</title>
436 <para></para>
437
438 <segmentedlist>
439 <segtitle>Installed Programs</segtitle>
440 <segtitle>Installed Libraries</segtitle>
441 <segtitle>Installed Directories</segtitle>
442
443 <seglistitem>
444 <seg>ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
445 kadmin.local, kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
446 klogind, kpasswd, kprop, kpropd, krb5-config, krb5-send-pr, krb524d,
447 krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
448 rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
449 uuclient, uuserver and v4rcp</seg>
450 <seg>libdes425.so, libgssapi_krb5.so,
451 libgssrpc.so, libk5crypto.so, libkadm5clnt.so, libkadm5srv.so,
452 libkdb5.so, libkdb_ldap.so, libkrb4.so, libkrb5.so and
453 libkrb5support.so</seg>
454 <seg>/etc/krb5, /usr/include/{gssapi,gssrpc,kerberosIV,krb5},
455 /usr/lib/krb5, /usr/share/{doc/krb5-&mitkrb-version;,examples,gnats}
456 and /var/lib/krb5kdc</seg>
457 </seglistitem>
458 </segmentedlist>
459
460 <variablelist>
461 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
462 <?dbfo list-presentation="list"?>
463 <?dbhtml list-presentation="table"?>
464
465 <varlistentry id="ftp-mitkrb">
466 <term><command>ftp</command></term>
467 <listitem>
468 <para>is a kerberized FTP client.</para>
469 <indexterm zone="mitkrb ftp-mitkrb">
470 <primary sortas="b-ftp">ftp</primary>
471 </indexterm>
472 </listitem>
473 </varlistentry>
474
475 <varlistentry id="ftpd-mitkrb">
476 <term><command>ftpd</command></term>
477 <listitem>
478 <para>is a kerberized FTP daemon.</para>
479 <indexterm zone="mitkrb ftpd-mitkrb">
480 <primary sortas="b-ftpd">ftpd</primary>
481 </indexterm>
482 </listitem>
483 </varlistentry>
484
485 <varlistentry id="k5srvutil">
486 <term><command>k5srvutil</command></term>
487 <listitem>
488 <para>is a host keytable manipulation utility.</para>
489 <indexterm zone="mitkrb k5srvutil">
490 <primary sortas="b-k5srvutil">k5srvutil</primary>
491 </indexterm>
492 </listitem>
493 </varlistentry>
494
495 <varlistentry id="kadmin-mitkrb">
496 <term><command>kadmin</command></term>
497 <listitem>
498 <para>is an utility used to make modifications
499 to the Kerberos database.</para>
500 <indexterm zone="mitkrb kadmin-mitkrb">
501 <primary sortas="b-kadmin">kadmin</primary>
502 </indexterm>
503 </listitem>
504 </varlistentry>
505
506 <varlistentry id="kadmind-mitkrb">
507 <term><command>kadmind</command></term>
508 <listitem>
509 <para>is a server for administrative access
510 to a Kerberos database.</para>
511 <indexterm zone="mitkrb kadmind-mitkrb">
512 <primary sortas="b-kadmind">kadmind</primary>
513 </indexterm>
514 </listitem>
515 </varlistentry>
516
517 <varlistentry id="kdb5_util">
518 <term><command>kdb5_util</command></term>
519 <listitem>
520 <para>is the KDC database utility.</para>
521 <indexterm zone="mitkrb kdb5_util">
522 <primary sortas="b-kdb5_util">kdb5_util</primary>
523 </indexterm>
524 </listitem>
525 </varlistentry>
526
527 <varlistentry id="kdestroy-mitkrb">
528 <term><command>kdestroy</command></term>
529 <listitem>
530 <para>removes the current set of tickets.</para>
531 <indexterm zone="mitkrb kdestroy-mitkrb">
532 <primary sortas="b-kdestroy">kdestroy</primary>
533 </indexterm>
534 </listitem>
535 </varlistentry>
536
537 <varlistentry id="kinit-mitkrb">
538 <term><command>kinit</command></term>
539 <listitem>
540 <para>is used to authenticate to the Kerberos server as a
541 principal and acquire a ticket granting ticket that can
542 later be used to obtain tickets for other services.</para>
543 <indexterm zone="mitkrb kinit-mitkrb">
544 <primary sortas="b-kinit">kinit</primary>
545 </indexterm>
546 </listitem>
547 </varlistentry>
548
549 <varlistentry id="klist-mitkrb">
550 <term><command>klist</command></term>
551 <listitem>
552 <para>reads and displays the current tickets in
553 the credential cache.</para>
554 <indexterm zone="mitkrb klist-mitkrb">
555 <primary sortas="b-klist">klist</primary>
556 </indexterm>
557 </listitem>
558 </varlistentry>
559
560 <varlistentry id="klogind">
561 <term><command>klogind</command></term>
562 <listitem>
563 <para>is the server that responds to <command>rlogin</command>
564 requests.</para>
565 <indexterm zone="mitkrb klogind">
566 <primary sortas="b-klogind">klogind</primary>
567 </indexterm>
568 </listitem>
569 </varlistentry>
570
571 <varlistentry id="kpasswd-mitkrb">
572 <term><command>kpasswd</command></term>
573 <listitem>
574 <para>is a program for changing Kerberos 5 passwords.</para>
575 <indexterm zone="mitkrb kpasswd-mitkrb">
576 <primary sortas="b-kpasswd">kpasswd</primary>
577 </indexterm>
578 </listitem>
579 </varlistentry>
580
581 <varlistentry id="kprop">
582 <term><command>kprop</command></term>
583 <listitem>
584 <para>takes a principal database in a specified format and
585 converts it into a stream of database records.</para>
586 <indexterm zone="mitkrb kprop">
587 <primary sortas="b-kprop">kprop</primary>
588 </indexterm>
589 </listitem>
590 </varlistentry>
591
592 <varlistentry id="kpropd">
593 <term><command>kpropd</command></term>
594 <listitem>
595 <para>receives a database sent by <command>kprop</command>
596 and writes it as a local database.</para>
597 <indexterm zone="mitkrb kpropd">
598 <primary sortas="b-kpropd">kpropd</primary>
599 </indexterm>
600 </listitem>
601 </varlistentry>
602
603 <varlistentry id="krb5-config-prog2">
604 <term><command>krb5-config</command></term>
605 <listitem>
606 <para>gives information on how to link programs against
607 libraries.</para>
608 <indexterm zone="mitkrb krb5-config-prog2">
609 <primary sortas="b-krb5-config">krb5-config</primary>
610 </indexterm>
611 </listitem>
612 </varlistentry>
613
614 <varlistentry id="krb5kdc">
615 <term><command>krb5kdc</command></term>
616 <listitem>
617 <para>is a Kerberos 5 server.</para>
618 <indexterm zone="mitkrb krb5kdc">
619 <primary sortas="b-krb5kdc">krb5kdc</primary>
620 </indexterm>
621 </listitem>
622 </varlistentry>
623
624 <varlistentry id="kshd">
625 <term><command>kshd</command></term>
626 <listitem>
627 <para>is the server that responds to <command>rsh</command>
628 requests.</para>
629 <indexterm zone="mitkrb kshd">
630 <primary sortas="b-kshd">kshd</primary>
631 </indexterm>
632 </listitem>
633 </varlistentry>
634
635 <varlistentry id="ksu">
636 <term><command>ksu</command></term>
637 <listitem>
638 <para>is the super user program using Kerberos protocol.
639 Requires a properly configured
640 <filename class="directory">/etc/shells</filename> and
641 <filename>~/.k5login</filename> containing principals
642 authorized to become super users.</para>
643 <indexterm zone="mitkrb ksu">
644 <primary sortas="b-ksu">ksu</primary>
645 </indexterm>
646 </listitem>
647 </varlistentry>
648
649 <varlistentry id="ktutil-mitkrb">
650 <term><command>ktutil</command></term>
651 <listitem>
652 <para>is a program for managing Kerberos keytabs.</para>
653 <indexterm zone="mitkrb ktutil-mitkrb">
654 <primary sortas="b-ktutil">ktutil</primary>
655 </indexterm>
656 </listitem>
657 </varlistentry>
658
659 <varlistentry id="kvno">
660 <term><command>kvno</command></term>
661 <listitem>
662 <para>prints keyversion numbers of Kerberos principals.</para>
663 <indexterm zone="mitkrb kvno">
664 <primary sortas="b-kvno">kvno</primary>
665 </indexterm>
666 </listitem>
667 </varlistentry>
668
669 <varlistentry id="login.krb5">
670 <term><command>login.krb5</command></term>
671 <listitem>
672 <para>is a kerberized login program.</para>
673 <indexterm zone="mitkrb login">
674 <primary sortas="b-login.krb5">login.krb5</primary>
675 </indexterm>
676 </listitem>
677 </varlistentry>
678
679 <varlistentry id="rcp-mitkrb">
680 <term><command>rcp</command></term>
681 <listitem>
682 <para>is a kerberized rcp client program.</para>
683 <indexterm zone="mitkrb rcp-mitkrb">
684 <primary sortas="b-rcp">rcp</primary>
685 </indexterm>
686 </listitem>
687 </varlistentry>
688
689 <varlistentry id="rlogin">
690 <term><command>rlogin</command></term>
691 <listitem>
692 <para>is a kerberized rlogin client program.</para>
693 <indexterm zone="mitkrb rlogin">
694 <primary sortas="b-rlogin">rlogin</primary>
695 </indexterm>
696 </listitem>
697 </varlistentry>
698
699 <varlistentry id="rsh-mitkrb">
700 <term><command>rsh</command></term>
701 <listitem>
702 <para>is a kerberized rsh client program.</para>
703 <indexterm zone="mitkrb rsh-mitkrb">
704 <primary sortas="b-rsh">rsh</primary>
705 </indexterm>
706 </listitem>
707 </varlistentry>
708
709 <varlistentry id="telnet-mitkrb">
710 <term><command>telnet</command></term>
711 <listitem>
712 <para>is a kerberized telnet client program.</para>
713 <indexterm zone="mitkrb telnet-mitkrb">
714 <primary sortas="b-telnet">telnet</primary>
715 </indexterm>
716 </listitem>
717 </varlistentry>
718
719 <varlistentry id="telnetd-mitkrb">
720 <term><command>telnetd</command></term>
721 <listitem>
722 <para>is a kerberized telnet server.</para>
723 <indexterm zone="mitkrb telnetd-mitkrb">
724 <primary sortas="b-telnetd">telnetd</primary>
725 </indexterm>
726 </listitem>
727 </varlistentry>
728
729 <varlistentry id="libgssapi_krb5-mitkrb">
730 <term><filename class='libraryfile'>libgssapi_krb5.so</filename></term>
731 <listitem>
732 <para>contain the Generic Security Service Application
733 Programming Interface (GSSAPI) functions which provides security
734 services to callers in a generic fashion, supportable with a range of
735 underlying mechanisms and technologies and hence allowing source-level
736 portability of applications to different environments.</para>
737 <indexterm zone="mitkrb libgssapi_krb5-mitkrb">
738 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
739 </indexterm>
740 </listitem>
741 </varlistentry>
742
743 <varlistentry id="libkadm5clnt-mitkrb">
744 <term><filename class='libraryfile'>libkadm5clnt.so</filename></term>
745 <listitem>
746 <para>contains the administrative authentication and password
747 checking functions required by Kerberos 5 client-side programs.</para>
748 <indexterm zone="mitkrb libkadm5clnt-mitkrb">
749 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
750 </indexterm>
751 </listitem>
752 </varlistentry>
753
754 <varlistentry id="libkadm5srv-mitkrb">
755 <term><filename class='libraryfile'>libkadm5srv.so</filename></term>
756 <listitem>
757 <para>contain the administrative authentication and password
758 checking functions required by Kerberos 5 servers.</para>
759 <indexterm zone="mitkrb libkadm5srv-mitkrb">
760 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
761 </indexterm>
762 </listitem>
763 </varlistentry>
764
765 <varlistentry id="libkdb5">
766 <term><filename class='libraryfile'>libkdb5.so</filename></term>
767 <listitem>
768 <para>is a Kerberos 5 authentication/authorization database
769 access library.</para>
770 <indexterm zone="mitkrb libkdb5">
771 <primary sortas="c-libkdb5">libkdb5.so</primary>
772 </indexterm>
773 </listitem>
774 </varlistentry>
775
776 <varlistentry id="libkrb5-mitkrb">
777 <term><filename class='libraryfile'>libkrb5.so</filename></term>
778 <listitem>
779 <para>is an all-purpose Kerberos 5 library.</para>
780 <indexterm zone="mitkrb libkrb5-mitkrb">
781 <primary sortas="c-libkrb5">libkrb5.so</primary>
782 </indexterm>
783 </listitem>
784 </varlistentry>
785
786 </variablelist>
787
788 </sect2>
789
790</sect1>
Note: See TracBrowser for help on using the repository browser.