source: postlfs/security/mitkrb.xml@ 9f0a469

11.0 11.1 11.2 lazarus qt5new trunk upgradedb xry111/intltool xry111/soup3 xry111/test-20220226
Last change on this file since 9f0a469 was 9f0a469, checked in by Xi Ruoyao <xry111@…>, 19 months ago

krb5: remove unneeded chmod commands

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24321 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 31.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "https://kerberos.org/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "81257292f8243f735654d4fd5d1fef6a">
10 <!ENTITY mitkrb-size "8.3 MB">
11 <!ENTITY mitkrb-buildsize "138 MB (add 24 MB for tests)">
12 <!ENTITY mitkrb-time "0.8 SBU (add 1.4 SBU for tests)">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para>
33 <application>MIT Kerberos V5</application> is a free implementation
34 of Kerberos 5. Kerberos is a network authentication protocol. It
35 centralizes the authentication database and uses kerberized
36 applications to work with servers or services that support Kerberos
37 allowing single logins and encrypted communication over internal
38 networks or the Internet.
39 </para>
40
41 &lfs101_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &mitkrb-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &mitkrb-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &mitkrb-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &mitkrb-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <!-- <xref linkend="dejagnu"/> (for full test coverage), -->
82 <xref linkend="bind-utils"/>,
83 <xref linkend="gnupg2"/> (to authenticate the package),
84 <xref linkend="keyutils"/>,
85 <xref linkend="openldap"/>,<!-- Seems so that mit has its own
86 implementation of rpc now.
87 <xref linkend="rpcbind"/> (used during the testsuite),-->
88 <xref linkend="valgrind"/> (used during the testsuite),
89 <xref linkend="yasm"/>,
90 <ulink url="http://thrysoee.dk/editline/">libedit</ulink>,
91 <ulink url="https://cmocka.org/">cmocka</ulink>,
92 <ulink url="https://pypi.org/project/pyrad/">pyrad</ulink>, and
93 <ulink url="https://cwrap.org/resolv_wrapper.html">resolv_wrapper</ulink>
94 </para>
95
96 <note>
97 <para>
98 Some sort of time synchronization facility on your system (like
99 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
100 if there is a time difference between a kerberized client and the
101 KDC server.
102 </para>
103 </note>
104
105 <para condition="html" role="usernotes">User Notes:
106 <ulink url="&blfs-wiki;/mitkrb"/>
107 </para>
108 </sect2>
109
110 <sect2 role="installation">
111 <title>Installation of MIT Kerberos V5</title>
112
113 <para>
114 Build <application>MIT Kerberos V5</application> by running the
115 following commands:
116 </para>
117
118<screen><userinput>cd src &amp;&amp;
119
120sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp &amp;&amp;
121sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &amp;&amp;
122sed -i '/t_iprop.py/d' tests/Makefile.in &amp;&amp;
123
124./configure --prefix=/usr \
125 --sysconfdir=/etc \
126 --localstatedir=/var/lib \
127 --runstatedir=/run \
128 --with-system-et \
129 --with-system-ss \
130 --with-system-verto=no \
131 --enable-dns-for-realm &amp;&amp;
132make</userinput></screen>
133
134 <para>
135 To test the build, issue as the <systemitem
136 class="username">root</systemitem> user: <command>make -k -j1 check</command>.
137 <!-- You need at least <xref link end="tcl"/>, which is used to drive the
138 testsuite. Furthermore, <xref link end="dejagnu"/> must be available for
139 some of the tests to run.--> If you have a former version of MIT Kerberos V5
140 installed, it may happen that the test suite may pick up the installed
141 versions of the libraries, rather than the newly built ones. If so, it is
142 better to run the tests after the installation.
143 <!-- Note: on my laptop -j8 fails but -j1 passes -->
144 </para>
145
146 <para>
147 Now, as the <systemitem class="username">root</systemitem> user:
148 </para>
149
150<screen role="root"><userinput>make install &amp;&amp;
151
152mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
153mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
154mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
155
156ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
157ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
158ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &amp;&amp;
159
160mv -v /usr/bin/ksu /bin &amp;&amp;
161chmod -v 755 /bin/ksu &amp;&amp;
162
163install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
164cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
165
166 </sect2>
167
168 <sect2 role="commands">
169 <title>Command Explanations</title>
170
171 <para>
172 The first <command>sed</command> increases the width of the virtual
173 terminal used for some tests to prevent some spurious text in the output
174 which is taken as a failure. The second <command>sed</command> removes a
175 test that is known to fail. The third <command>sed</command> removes a
176 test that is known to hang.
177 </para>
178
179 <para>
180 <parameter>--localstatedir=/var/lib</parameter>: This option is
181 used so that the Kerberos variable runtime data is located in
182 <filename class="directory">/var/lib</filename> instead of
183 <filename class="directory">/usr/var</filename>.
184 </para>
185
186 <para>
187 <parameter>--runstatedir=/run</parameter>: This option is used so that
188 the Kerberos runtime state information is located in
189 <filename class="directory">/run</filename> instead of the deprecated
190 <filename class="directory">/var/run</filename>.
191 </para>
192
193 <para>
194 <parameter>--with-system-et</parameter>: This switch causes the build
195 to use the system-installed versions of the error-table support
196 software.
197 </para>
198
199 <para>
200 <parameter>--with-system-ss</parameter>: This switch causes the build
201 to use the system-installed versions of the subsystem command-line
202 interface software.
203 </para>
204
205 <para>
206 <parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
207 the package: it does not recognize its own verto library installed
208 previously. This is not a problem, if reinstalling the same version,
209 but if you are updating, the old library is used as system's one,
210 instead of installing the new version.
211 </para>
212
213 <para>
214 <parameter>--enable-dns-for-realm</parameter>: This switch allows
215 realms to be resolved using the DNS server.
216 </para>
217
218 <para>
219 <option>--with-ldap</option>: Use this switch if you want to compile the
220 <application>OpenLDAP</application> database backend module.
221 </para>
222
223 <para>
224 <command>mv -v /usr/lib/libk... /lib </command> and
225 <command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
226 Move critical libraries to the
227 <filename class="directory">/lib</filename> directory so that they are
228 available when the <filename class="directory">/usr</filename>
229 filesystem is not mounted.
230 </para>
231
232 <para>
233 <command>find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;</command>:
234 This command changes the permisison of installed libraries.
235 </para>
236
237 <para>
238 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
239 <command>ksu</command> program to the
240 <filename class="directory">/bin</filename> directory so that it is
241 available when the <filename class="directory">/usr</filename>
242 filesystem is not mounted.
243 </para>
244
245 </sect2>
246
247 <sect2 role="configuration">
248 <title>Configuring MIT Kerberos V5</title>
249
250 <sect3 id="krb5-config">
251 <title>Config Files</title>
252
253 <para>
254 <filename>/etc/krb5.conf</filename> and
255 <filename>/var/lib/krb5kdc/kdc.conf</filename>
256 </para>
257
258 <indexterm zone="mitkrb krb5-config">
259 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
260 </indexterm>
261
262 <indexterm zone="mitkrb krb5-config">
263 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
264 </indexterm>
265
266 </sect3>
267
268 <sect3>
269 <title>Configuration Information</title>
270
271 <sect4>
272 <title>Kerberos Configuration</title>
273
274 <tip>
275 <para>
276 You should consider installing some sort of password checking
277 dictionary so that you can configure the installation to only
278 accept strong passwords. A suitable dictionary to use is shown in
279 the <xref linkend="cracklib"/> instructions. Note that only one
280 file can be used, but you can concatenate many files into one. The
281 configuration file shown below assumes you have installed a
282 dictionary to <filename>/usr/share/dict/words</filename>.
283 </para>
284 </tip>
285
286 <para>
287 Create the Kerberos configuration file with the following
288 commands issued by the <systemitem class="username">root</systemitem>
289 user:
290 </para>
291
292<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
293<literal># Begin /etc/krb5.conf
294
295[libdefaults]
296 default_realm = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
297 encrypt = true
298
299[realms]
300 <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> = {
301 kdc = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
302 admin_server = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
303 dict_file = /usr/share/dict/words
304 }
305
306[domain_realm]
307 .<replaceable>&lt;example.org&gt;</replaceable> = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
308
309[logging]
310 kdc = SYSLOG:INFO:AUTH
311 admin_server = SYSLOG:INFO:AUTH
312 default = SYSLOG:DEBUG:DAEMON
313
314# End /etc/krb5.conf</literal>
315EOF</userinput></screen>
316
317 <para>
318 You will need to substitute your domain and proper hostname for the
319 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
320 <replaceable>&lt;example.org&gt;</replaceable> names.
321 </para>
322
323 <para>
324 <option>default_realm</option> should be the name of your
325 domain changed to ALL CAPS. This isn't required, but both
326 <application>Heimdal</application> and MIT recommend it.
327 </para>
328
329 <para>
330 <option>encrypt = true</option> provides encryption of all traffic
331 between kerberized clients and servers. It's not necessary and can
332 be left off. If you leave it off, you can encrypt all traffic from
333 the client to the server using a switch on the client program
334 instead.
335 </para>
336
337 <para>
338 The <option>[realms]</option> parameters tell the client programs
339 where to look for the KDC authentication services.
340 </para>
341
342 <para>
343 The <option>[domain_realm]</option> section maps a domain to a realm.
344 </para>
345
346 <para>
347 Create the KDC database:
348 </para>
349
350<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> -s</userinput></screen>
351
352 <para>
353 Now you should populate the database with principals
354 (users). For now, just use your regular login name or
355 <systemitem class="username">root</systemitem>.
356 </para>
357
358<screen role="root"><userinput>kadmin.local
359<prompt>kadmin.local:</prompt> add_policy dict-only
360<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
361
362 <para>
363 The KDC server and any machine running kerberized
364 server daemons must have a host key installed:
365 </para>
366
367<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
368
369 <para>
370 After choosing the defaults when prompted, you will have to
371 export the data to a keytab file:
372 </para>
373
374<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
375
376 <para>
377 This should have created a file in
378 <filename class="directory">/etc</filename> named
379 <filename>krb5.keytab</filename> (Kerberos 5). This file should
380 have 600 (<systemitem class="username">root</systemitem> rw only)
381 permissions. Keeping the keytab files from public access is crucial
382 to the overall security of the Kerberos installation.
383 </para>
384
385 <para>
386 Exit the <command>kadmin</command> program (use
387 <command>quit</command> or <command>exit</command>) and return
388 back to the shell prompt. Start the KDC daemon manually, just to
389 test out the installation:
390 </para>
391
392<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
393
394 <para>
395 Attempt to get a ticket with the following command:
396 </para>
397
398<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
399
400 <para>
401 You will be prompted for the password you created. After you
402 get your ticket, you can list it with the following command:
403 </para>
404
405<screen><userinput>klist</userinput></screen>
406
407 <para>
408 Information about the ticket should be displayed on the
409 screen.
410 </para>
411
412 <para>
413 To test the functionality of the keytab file, issue the
414 following command as the
415 <systemitem class="username">root</systemitem> user:
416 </para>
417
418<screen role="root"><userinput>ktutil
419<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
420<prompt>ktutil:</prompt> l</userinput></screen>
421
422 <para>
423 This should dump a list of the host principal, along with
424 the encryption methods used to access the principal.
425 </para>
426
427 <para>
428 Create an empty ACL file that can be modified later:
429 </para>
430
431<screen role="root"><userinput>touch /var/lib/krb5kdc/kadm5.acl</userinput></screen>
432
433 <para>
434 At this point, if everything has been successful so far, you
435 can feel fairly confident in the installation and configuration of
436 the package.
437 </para>
438
439 </sect4>
440
441 <sect4>
442 <title>Additional Information</title>
443
444 <para>
445 For additional information consult the <ulink
446 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
447 documentation for krb5-&mitkrb-version;</ulink> on which the above
448 instructions are based.
449 </para>
450
451 </sect4>
452
453 </sect3>
454
455 <sect3 id="mitkrb-init">
456 <title><phrase revision="sysv">Init Script</phrase>
457 <phrase revision="systemd">Systemd Unit</phrase></title>
458
459 <para revision="sysv">
460 If you want to start <application>Kerberos</application> services
461 at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
462 script included in the <xref linkend="bootscripts"/> package using
463 the following command:
464 </para>
465
466 <para revision="systemd">
467 If you want to start <application>Kerberos</application> services
468 at boot, install the <filename>krb5.service</filename> unit included in
469 the <xref linkend="systemd-units"/> package using the following command:
470 </para>
471
472 <indexterm zone="mitkrb mitkrb-init">
473 <primary sortas="f-krb5">krb5</primary>
474 </indexterm>
475
476<screen role="root"><userinput>make install-krb5</userinput></screen>
477
478 </sect3>
479
480 </sect2>
481
482 <sect2 role="content">
483
484 <title>Contents</title>
485
486 <segmentedlist>
487 <segtitle>Installed Programs</segtitle>
488 <segtitle>Installed Libraries</segtitle>
489 <segtitle>Installed Directories</segtitle>
490
491 <seglistitem>
492 <seg>
493 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
494 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
495 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5-send-pr, krb5kdc,
496 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
497 sserver, uuclient, and uuserver
498 </seg>
499 <seg>
500 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
501 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
502 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
503 libverto.so, and some plugins under the /usr/lib/krb5 tree
504 </seg>
505 <seg>
506 /usr/include/{gssapi,gssrpc,kadm5,krb5},
507 /usr/lib/krb5,
508 /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
509 /var/lib/krb5kdc, and
510 /run/krb5kdc
511 </seg>
512 </seglistitem>
513 </segmentedlist>
514
515 <variablelist>
516 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
517 <?dbfo list-presentation="list"?>
518 <?dbhtml list-presentation="table"?>
519
520 <varlistentry id="gss-client">
521 <term><command>gss-client</command></term>
522 <listitem>
523 <para>
524 is a GSSAPI test client
525 </para>
526 <indexterm zone="mitkrb gss-client">
527 <primary sortas="b-gss-client">gss-client</primary>
528 </indexterm>
529 </listitem>
530 </varlistentry>
531
532 <varlistentry id="gss-server">
533 <term><command>gss-server</command></term>
534 <listitem>
535 <para>
536 is a GSSAPI test server
537 </para>
538 <indexterm zone="mitkrb gss-server">
539 <primary sortas="b-gss-server">gss-server</primary>
540 </indexterm>
541 </listitem>
542 </varlistentry>
543
544 <varlistentry id="k5srvutil">
545 <term><command>k5srvutil</command></term>
546 <listitem>
547 <para>
548 is a host keytable manipulation utility
549 </para>
550 <indexterm zone="mitkrb k5srvutil">
551 <primary sortas="b-k5srvutil">k5srvutil</primary>
552 </indexterm>
553 </listitem>
554 </varlistentry>
555
556 <varlistentry id="kadmin">
557 <term><command>kadmin</command></term>
558 <listitem>
559 <para>
560 is an utility used to make modifications
561 to the Kerberos database
562 </para>
563 <indexterm zone="mitkrb kadmin">
564 <primary sortas="b-kadmin">kadmin</primary>
565 </indexterm>
566 </listitem>
567 </varlistentry>
568
569 <varlistentry id="kadmin.local">
570 <term><command>kadmin.local</command></term>
571 <listitem>
572 <para>
573 is an utility similar to <command>kadmin</command>, but if the
574 database is db2, the local client <command>kadmin.local</command>,
575 is intended to run directly on the master KDC without Kerberos
576 authentication
577 </para>
578 <indexterm zone="mitkrb kadmin.local">
579 <primary sortas="b-kadmin.local">kadmin.local</primary>
580 </indexterm>
581 </listitem>
582 </varlistentry>
583
584 <varlistentry id="kadmind">
585 <term><command>kadmind</command></term>
586 <listitem>
587 <para>
588 is a server for administrative access
589 to a Kerberos database
590 </para>
591 <indexterm zone="mitkrb kadmind">
592 <primary sortas="b-kadmind">kadmind</primary>
593 </indexterm>
594 </listitem>
595 </varlistentry>
596
597 <varlistentry id="kdb5_ldap_util">
598 <term><command>kdb5_ldap_util (optional)</command></term>
599 <listitem>
600 <para>
601 allows an administrator to manage realms, Kerberos services
602 and ticket policies
603 </para>
604 <indexterm zone="mitkrb kdb5_ldap_util">
605 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
606 </indexterm>
607 </listitem>
608 </varlistentry>
609
610 <varlistentry id="kdb5_util">
611 <term><command>kdb5_util</command></term>
612 <listitem>
613 <para>
614 is the KDC database utility
615 </para>
616 <indexterm zone="mitkrb kdb5_util">
617 <primary sortas="b-kdb5_util">kdb5_util</primary>
618 </indexterm>
619 </listitem>
620 </varlistentry>
621
622 <varlistentry id="kdestroy">
623 <term><command>kdestroy</command></term>
624 <listitem>
625 <para>
626 removes the current set of tickets
627 </para>
628 <indexterm zone="mitkrb kdestroy">
629 <primary sortas="b-kdestroy">kdestroy</primary>
630 </indexterm>
631 </listitem>
632 </varlistentry>
633
634 <varlistentry id="kinit">
635 <term><command>kinit</command></term>
636 <listitem>
637 <para>
638 is used to authenticate to the Kerberos server as a
639 principal and acquire a ticket granting ticket that can
640 later be used to obtain tickets for other services
641 </para>
642 <indexterm zone="mitkrb kinit">
643 <primary sortas="b-kinit">kinit</primary>
644 </indexterm>
645 </listitem>
646 </varlistentry>
647
648 <varlistentry id="klist">
649 <term><command>klist</command></term>
650 <listitem>
651 <para>
652 reads and displays the current tickets in
653 the credential cache
654 </para>
655 <indexterm zone="mitkrb klist">
656 <primary sortas="b-klist">klist</primary>
657 </indexterm>
658 </listitem>
659 </varlistentry>
660
661 <varlistentry id="kpasswd">
662 <term><command>kpasswd</command></term>
663 <listitem>
664 <para>
665 is a program for changing Kerberos 5 passwords
666 </para>
667 <indexterm zone="mitkrb kpasswd">
668 <primary sortas="b-kpasswd">kpasswd</primary>
669 </indexterm>
670 </listitem>
671 </varlistentry>
672
673 <varlistentry id="kprop">
674 <term><command>kprop</command></term>
675 <listitem>
676 <para>
677 takes a principal database in a specified format and
678 converts it into a stream of database records
679 </para>
680 <indexterm zone="mitkrb kprop">
681 <primary sortas="b-kprop">kprop</primary>
682 </indexterm>
683 </listitem>
684 </varlistentry>
685
686 <varlistentry id="kpropd">
687 <term><command>kpropd</command></term>
688 <listitem>
689 <para>
690 receives a database sent by <command>kprop</command>
691 and writes it as a local database
692 </para>
693 <indexterm zone="mitkrb kpropd">
694 <primary sortas="b-kpropd">kpropd</primary>
695 </indexterm>
696 </listitem>
697 </varlistentry>
698
699 <varlistentry id="kproplog">
700 <term><command>kproplog</command></term>
701 <listitem>
702 <para>
703 displays the contents of the KDC database update log to standard
704 output
705 </para>
706 <indexterm zone="mitkrb kproplog">
707 <primary sortas="b-kproplog">kproplog</primary>
708 </indexterm>
709 </listitem>
710 </varlistentry>
711
712 <varlistentry id="krb5-config-prog2">
713 <term><command>krb5-config</command></term>
714 <listitem>
715 <para>
716 gives information on how to link programs against
717 libraries
718 </para>
719 <indexterm zone="mitkrb krb5-config-prog2">
720 <primary sortas="b-krb5-config">krb5-config</primary>
721 </indexterm>
722 </listitem>
723 </varlistentry>
724
725 <varlistentry id="krb5kdc">
726 <term><command>krb5kdc</command></term>
727 <listitem>
728 <para>
729 is the <application>Kerberos 5</application> server
730 </para>
731 <indexterm zone="mitkrb krb5kdc">
732 <primary sortas="b-krb5kdc">krb5kdc</primary>
733 </indexterm>
734 </listitem>
735 </varlistentry>
736
737 <varlistentry id="krb5-send-pr">
738 <term><command>krb5-send-pr</command></term>
739 <listitem>
740 <para>
741 sends a problem report (PR) to a central support site
742 </para>
743 <indexterm zone="mitkrb krb5-send-pr">
744 <primary sortas="b-krb-send-pr">krb5-send-pr</primary>
745 </indexterm>
746 </listitem>
747 </varlistentry>
748
749 <varlistentry id="ksu">
750 <term><command>ksu</command></term>
751 <listitem>
752 <para>
753 is the super user program using Kerberos protocol.
754 Requires a properly configured
755 <filename>/etc/shells</filename> and
756 <filename>~/.k5login</filename> containing principals
757 authorized to become super users
758 </para>
759 <indexterm zone="mitkrb ksu">
760 <primary sortas="b-ksu">ksu</primary>
761 </indexterm>
762 </listitem>
763 </varlistentry>
764
765 <varlistentry id="kswitch">
766 <term><command>kswitch</command></term>
767 <listitem>
768 <para>
769 makes the specified credential cache the
770 primary cache for the collection, if a cache
771 collection is available
772 </para>
773 <indexterm zone="mitkrb kswitch">
774 <primary sortas="b-kswitch">kswitch</primary>
775 </indexterm>
776 </listitem>
777 </varlistentry>
778
779 <varlistentry id="ktutil">
780 <term><command>ktutil</command></term>
781 <listitem>
782 <para>
783 is a program for managing Kerberos keytabs
784 </para>
785 <indexterm zone="mitkrb ktutil">
786 <primary sortas="b-ktutil">ktutil</primary>
787 </indexterm>
788 </listitem>
789 </varlistentry>
790
791 <varlistentry id="kvno">
792 <term><command>kvno</command></term>
793 <listitem>
794 <para>
795 prints keyversion numbers of Kerberos principals
796 </para>
797 <indexterm zone="mitkrb kvno">
798 <primary sortas="b-kvno">kvno</primary>
799 </indexterm>
800 </listitem>
801 </varlistentry>
802
803 <varlistentry id="sclient">
804 <term><command>sclient</command></term>
805 <listitem>
806 <para>
807 is used to contact a sample server and authenticate to it
808 using Kerberos 5 tickets, then display the server's
809 response
810 </para>
811 <indexterm zone="mitkrb sclient">
812 <primary sortas="b-sclient">sclient</primary>
813 </indexterm>
814 </listitem>
815 </varlistentry>
816
817 <varlistentry id="sim_client">
818 <term><command>sim_client</command></term>
819 <listitem>
820 <para>
821 is a simple UDP-based sample client program, for
822 demonstration
823 </para>
824 <indexterm zone="mitkrb sim_client">
825 <primary sortas="b-sim_client">sim_client</primary>
826 </indexterm>
827 </listitem>
828 </varlistentry>
829
830 <varlistentry id="sim_server">
831 <term><command>sim_server</command></term>
832 <listitem>
833 <para>
834 is a simple UDP-based server application, for
835 demonstration
836 </para>
837 <indexterm zone="mitkrb sim_server">
838 <primary sortas="b-sim_server">sim_server</primary>
839 </indexterm>
840 </listitem>
841 </varlistentry>
842
843 <varlistentry id="sserver">
844 <term><command>sserver</command></term>
845 <listitem>
846 <para>
847 is the sample Kerberos 5 server
848 </para>
849 <indexterm zone="mitkrb sserver">
850 <primary sortas="b-sserver">sserver</primary>
851 </indexterm>
852 </listitem>
853 </varlistentry>
854
855 <varlistentry id="uuclient">
856 <term><command>uuclient</command></term>
857 <listitem>
858 <para>
859 is another sample client
860 </para>
861 <indexterm zone="mitkrb uuclient">
862 <primary sortas="b-uuclient">uuclient</primary>
863 </indexterm>
864 </listitem>
865 </varlistentry>
866
867 <varlistentry id="uuserver">
868 <term><command>uuserver</command></term>
869 <listitem>
870 <para>
871 is another sample server
872 </para>
873 <indexterm zone="mitkrb uuserver">
874 <primary sortas="b-uuserver">uuserver</primary>
875 </indexterm>
876 </listitem>
877 </varlistentry>
878
879
880 <varlistentry id="libgssapi_krb5">
881 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
882 <listitem>
883 <para>
884 contains the Generic Security Service Application Programming
885 Interface (GSSAPI) functions which provides security services
886 to callers in a generic fashion, supportable with a range of
887 underlying mechanisms and technologies and hence allowing
888 source-level portability of applications to different
889 environments
890 </para>
891 <indexterm zone="mitkrb libgssapi_krb5">
892 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
893 </indexterm>
894 </listitem>
895 </varlistentry>
896
897 <varlistentry id="libkadm5clnt">
898 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
899 <listitem>
900 <para>
901 contains the administrative authentication and password checking
902 functions required by Kerberos 5 client-side programs
903 </para>
904 <indexterm zone="mitkrb libkadm5clnt">
905 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
906 </indexterm>
907 </listitem>
908 </varlistentry>
909
910 <varlistentry id="libkadm5srv">
911 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
912 <listitem>
913 <para>
914 contains the administrative authentication and password
915 checking functions required by Kerberos 5 servers
916 </para>
917 <indexterm zone="mitkrb libkadm5srv">
918 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
919 </indexterm>
920 </listitem>
921 </varlistentry>
922
923 <varlistentry id="libkdb5">
924 <term><filename class="libraryfile">libkdb5.so</filename></term>
925 <listitem>
926 <para>
927 is a Kerberos 5 authentication/authorization database
928 access library
929 </para>
930 <indexterm zone="mitkrb libkdb5">
931 <primary sortas="c-libkdb5">libkdb5.so</primary>
932 </indexterm>
933 </listitem>
934 </varlistentry>
935
936 <varlistentry id="libkrad">
937 <term><filename class="libraryfile">libkrad.so</filename></term>
938 <listitem>
939 <para>
940 contains the internal support library for RADIUS functionality
941 </para>
942 <indexterm zone="mitkrb libkrad">
943 <primary sortas="c-libkrad">libkrad.so</primary>
944 </indexterm>
945 </listitem>
946 </varlistentry>
947
948 <varlistentry id="libkrb5">
949 <term><filename class="libraryfile">libkrb5.so</filename></term>
950 <listitem>
951 <para>
952 is an all-purpose <application>Kerberos 5</application> library
953 </para>
954 <indexterm zone="mitkrb libkrb5">
955 <primary sortas="c-libkrb5">libkrb5.so</primary>
956 </indexterm>
957 </listitem>
958 </varlistentry>
959
960 </variablelist>
961
962 </sect2>
963
964</sect1>
Note: See TracBrowser for help on using the repository browser.