Context Navigation

mitkrb.xml@ b238fd9c

Visit:

12.2 gimp3 lazarus trunk xry111/for-12.3 xry111/spidermonkey128

Last change on this file since b238fd9c was b238fd9c, checked in by Xi Ruoyao <xry111@…>, 3 months ago

mitkrb: Add cracklib as optional from which the dict file is used for test

Remove extra empty lines in command.

Add link to the report for the bug causing the known failure.

Property mode set to 100644

File size: 31.7 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "https://kerberos.org/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "beb34d1dfc72ba0571ce72bed03e06eb">
10	<!ENTITY mitkrb-size "8.7 MB">
11	<!ENTITY mitkrb-buildsize "95 MB (add 14 MB for tests)">
12	<!ENTITY mitkrb-time "0.3 SBU (Using parallelism=4; add 1.1 SBU for tests)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18
19	<title>MIT Kerberos V5-&mitkrb-version;</title>
20
21	<indexterm zone="mitkrb">
22	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to MIT Kerberos V5</title>
27
28	<para>
29	<application>MIT Kerberos V5</application> is a free implementation
30	of Kerberos 5. Kerberos is a network authentication protocol. It
31	centralizes the authentication database and uses kerberized
32	applications to work with servers or services that support Kerberos
33	allowing single logins and encrypted communication over internal
34	networks or the Internet.
35	</para>
36
37	&lfs121_checked;
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>
43	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
44	</para>
45	</listitem>
46	<listitem>
47	<para>
48	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
49	</para>
50	</listitem>
51	<listitem>
52	<para>
53	Download MD5 sum: &mitkrb-md5sum;
54	</para>
55	</listitem>
56	<listitem>
57	<para>
58	Download size: &mitkrb-size;
59	</para>
60	</listitem>
61	<listitem>
62	<para>
63	Estimated disk space required: &mitkrb-buildsize;
64	</para>
65	</listitem>
66	<listitem>
67	<para>
68	Estimated build time: &mitkrb-time;
69	</para>
70	</listitem>
71	</itemizedlist>
72	<!--
73	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
74	<itemizedlist spacing="compact">
75	<listitem>
76	<para>
77	Required patch:
78	<ulink url="&patch-root;/mitkrb-&mitkrb-version;-openssl3_fixes-1.patch"/>
79	</para>
80	</listitem>
81	</itemizedlist>
82	-->
83	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
84
85	<bridgehead renderas="sect4">Optional</bridgehead>
86	<para role="optional">
87	<xref linkend="bind-utils"/>,
88	<xref linkend='cracklib'/> (<filename>/usr/share/dict/words</filename>
89	referred by some tests),
90	<xref linkend="gnupg2"/> (to authenticate the package),
91	<xref linkend="keyutils"/>,
92	<xref linkend="openldap"/>,<!-- Seems so that mit has its own
93	implementation of rpc now.
94	<xref linkend="rpcbind"/> (used during the test suite),-->
95	<xref linkend="valgrind"/> (used during the test suite),
96	<xref linkend="yasm"/>,
97	<ulink url="https://thrysoee.dk/editline/">libedit</ulink>,
98	<ulink url="https://cmocka.org/">cmocka</ulink>,
99	<ulink url="https://pypi.org/project/kdcproxy/">kdcproxy</ulink>,
100	<ulink url="https://pypi.org/project/pyrad/">pyrad</ulink>, and
101	<ulink url="https://cwrap.org/resolv_wrapper.html">resolv_wrapper</ulink>
102	</para>
103
104	<note>
105	<para>
106	Some sort of time synchronization facility on your system (like
107	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
108	if there is a time difference between a kerberized client and the
109	KDC server.
110	</para>
111	</note>
112
113	</sect2>
114
115	<sect2 role="installation">
116	<title>Installation of MIT Kerberos V5</title>
117	<!--
118	<para>
119	Next, fix several issues identified by OpenSSL-3:
120	</para>
121
122	<screen><userinput remap="pre">patch -Np1 -i ../mitkrb-&mitkrb-version;-openssl3_fixes-1.patch</userinput></screen>
123	-->
124	<para>
125	Build <application>MIT Kerberos V5</application> by running the
126	following commands:
127	</para>
128
129	<screen><userinput>cd src &&
130	sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &&
131
132	./configure --prefix=/usr \
133	--sysconfdir=/etc \
134	--localstatedir=/var/lib \
135	--runstatedir=/run \
136	--with-system-et \
137	--with-system-ss \
138	--with-system-verto=no \
139	--enable-dns-for-realm \
140	--disable-rpath &&
141	make</userinput></screen>
142
143	<para>
144	To test the build, issue: <command>make -j1 -k check</command>.
145	<!-- You need at least <xref link end="tcl"/>, which is used to drive the
146	test suite. Furthermore, <xref link end="dejagnu"/> must be available for
147	some of the tests to run. If you have a former version of MIT Kerberos V5
148	installed, it may happen that the test suite may pick up the installed
149	versions of the libraries, rather than the newly built ones. If so, it is
150	better to run the tests after the installation. -->Some tests may fail with
151	the latest version of dejagnu and glibc. Some tests may hang for a
152	long time and fail if the system is not connected to a network.
153	One test, <filename>t_kadm5srv</filename>, is known to fail.
154	If <xref linkend='keyutils'/> is installed but
155	<xref linkend='keyutils-test-kernel'/> is not
156	satisfied, some tests will fail complaining
157	<computeroutput>keyctl failed with code 1</computeroutput>.
158	<!-- Note: on my laptop -j8 fails but -j1 passes
159	For version 1.21, -j1 no longer needs to be specified and the
160	time for the tests was reduced considerably. -bdubbs
161	But on one of my machines (4 cores) -j4 fails and -j1 passes...
162	I guess the test suite is just too fragile. -xry111
163	-->
164	</para>
165
166	<para>
167	Now, as the <systemitem class="username">root</systemitem> user:
168	</para>
169
170	<screen role="root"><userinput>make install &&
171	cp -vfr ../doc -T /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
172
173	</sect2>
174
175	<sect2 role="commands">
176	<title>Command Explanations</title>
177
178	<!-- https://krbdev.mit.edu/rt/Ticket/Display.html?id=9129 -->
179	<para>
180	The <command>sed</command> command removes a
181	test that is known to fail.
182	</para>
183
184	<para>
185	<parameter>--localstatedir=/var/lib</parameter>: This option is
186	used so that the Kerberos variable runtime data is located in
187	<filename class="directory">/var/lib</filename> instead of
188	<filename class="directory">/usr/var</filename>.
189	</para>
190
191	<para>
192	<parameter>--runstatedir=/run</parameter>: This option is used so that
193	the Kerberos runtime state information is located in
194	<filename class="directory">/run</filename> instead of the deprecated
195	<filename class="directory">/var/run</filename>.
196	</para>
197
198	<para>
199	<parameter>--with-system-et</parameter>: This switch causes the build
200	to use the system-installed versions of the error-table support
201	software.
202	</para>
203
204	<para>
205	<parameter>--with-system-ss</parameter>: This switch causes the build
206	to use the system-installed versions of the subsystem command-line
207	interface software.
208	</para>
209
210	<para>
211	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
212	the package: it does not recognize its own verto library installed
213	previously. This is not a problem, if reinstalling the same version,
214	but if you are updating, the old library is used as system's one,
215	instead of installing the new version.
216	</para>
217
218	<para>
219	<parameter>--enable-dns-for-realm</parameter>: This switch allows
220	realms to be resolved using the DNS server.
221	</para>
222
223	<!-- libsoup3 FTBFS with rpath enabled if -Dgssapi=enabled (not used by
224	the book) -->
225	<para>
226	<parameter>--disable-rpath</parameter>: This switch prevents
227	hard coding library search paths (rpath) into the binary executable
228	files and shared libraries. This package does not need rpath for an
229	installation into the standard location, and rpath may sometimes cause
230	unwanted effects or even security issues.
231	</para>
232
233	<para>
234	<option>--with-ldap</option>: Use this switch if you want to compile the
235	<application>OpenLDAP</application> database backend module.
236	</para>
237
238	</sect2>
239
240	<sect2 role="configuration">
241	<title>Configuring MIT Kerberos V5</title>
242
243	<sect3 id="krb5-config">
244	<title>Config Files</title>
245
246	<para>
247	<filename>/etc/krb5.conf</filename> and
248	<filename>/var/lib/krb5kdc/kdc.conf</filename>
249	</para>
250
251	<indexterm zone="mitkrb krb5-config">
252	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
253	</indexterm>
254
255	<indexterm zone="mitkrb krb5-config">
256	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
257	</indexterm>
258
259	</sect3>
260
261	<sect3>
262	<title>Configuration Information</title>
263
264	<sect4>
265	<title>Kerberos Configuration</title>
266
267	<tip>
268	<para>
269	You should consider installing some sort of password checking
270	dictionary so that you can configure the installation to only
271	accept strong passwords. A suitable dictionary to use is shown in
272	the <xref linkend="cracklib"/> instructions. Note that only one
273	file can be used, but you can concatenate many files into one. The
274	configuration file shown below assumes you have installed a
275	dictionary to <filename>/usr/share/dict/words</filename>.
276	</para>
277	</tip>
278
279	<para>
280	Create the Kerberos configuration file with the following
281	commands issued by the <systemitem class="username">root</systemitem>
282	user:
283	</para>
284
285	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
286	<literal># Begin /etc/krb5.conf
287
288	[libdefaults]
289	default_realm = <replaceable><EXAMPLE.ORG></replaceable>
290	encrypt = true
291
292	[realms]
293	<replaceable><EXAMPLE.ORG></replaceable> = {
294	kdc = <replaceable><belgarath.example.org></replaceable>
295	admin_server = <replaceable><belgarath.example.org></replaceable>
296	dict_file = /usr/share/dict/words
297	}
298
299	[domain_realm]
300	.<replaceable><example.org></replaceable> = <replaceable><EXAMPLE.ORG></replaceable>
301
302	[logging]
303	kdc = SYSLOG:INFO:AUTH
304	admin_server = SYSLOG:INFO:AUTH
305	default = SYSLOG:DEBUG:DAEMON
306
307	# End /etc/krb5.conf</literal>
308	EOF</userinput></screen>
309
310	<para>
311	You will need to substitute your domain and proper hostname for the
312	occurrences of the <replaceable><belgarath></replaceable> and
313	<replaceable><example.org></replaceable> names.
314	</para>
315
316	<para>
317	<option>default_realm</option> should be the name of your
318	domain changed to ALL CAPS. This isn't required, but both
319	<application>Heimdal</application> and MIT recommend it.
320	</para>
321
322	<para>
323	<option>encrypt = true</option> provides encryption of all traffic
324	between kerberized clients and servers. It's not necessary and can
325	be left off. If you leave it off, you can encrypt all traffic from
326	the client to the server using a switch on the client program
327	instead.
328	</para>
329
330	<para>
331	The <option>[realms]</option> parameters tell the client programs
332	where to look for the KDC authentication services.
333	</para>
334
335	<para>
336	The <option>[domain_realm]</option> section maps a domain to a realm.
337	</para>
338
339	<para>
340	Create the KDC database:
341	</para>
342
343	<screen role="root"><userinput>kdb5_util create -r <replaceable><EXAMPLE.ORG></replaceable> -s</userinput></screen>
344
345	<para>
346	Now you should populate the database with principals
347	(users). For now, just use your regular login name or
348	<systemitem class="username">root</systemitem>.
349	</para>
350
351	<screen role="root"><userinput>kadmin.local
352	<prompt>kadmin.local:</prompt> add_policy dict-only
353	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
354
355	<para>
356	The KDC server and any machine running kerberized
357	server daemons must have a host key installed:
358	</para>
359
360	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
361
362	<para>
363	After choosing the defaults when prompted, you will have to
364	export the data to a keytab file:
365	</para>
366
367	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
368
369	<para>
370	This should have created a file in
371	<filename class="directory">/etc</filename> named
372	<filename>krb5.keytab</filename> (Kerberos 5). This file should
373	have 600 (<systemitem class="username">root</systemitem> rw only)
374	permissions. Keeping the keytab files from public access is crucial
375	to the overall security of the Kerberos installation.
376	</para>
377
378	<para>
379	Exit the <command>kadmin</command> program (use
380	<command>quit</command> or <command>exit</command>) and return
381	back to the shell prompt. Start the KDC daemon manually, just to
382	test out the installation:
383	</para>
384
385	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
386
387	<para>
388	Attempt to get a ticket with the following command:
389	</para>
390
391	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
392
393	<para>
394	You will be prompted for the password you created. After you
395	get your ticket, you can list it with the following command:
396	</para>
397
398	<screen><userinput>klist</userinput></screen>
399
400	<para>
401	Information about the ticket should be displayed on the
402	screen.
403	</para>
404
405	<para>
406	To test the functionality of the keytab file, issue the
407	following command as the
408	<systemitem class="username">root</systemitem> user:
409	</para>
410
411	<screen role="root"><userinput>ktutil
412	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
413	<prompt>ktutil:</prompt> l</userinput></screen>
414
415	<para>
416	This should dump a list of the host principal, along with
417	the encryption methods used to access the principal.
418	</para>
419
420	<para>
421	Create an empty ACL file that can be modified later:
422	</para>
423
424	<screen role="root"><userinput>touch /var/lib/krb5kdc/kadm5.acl</userinput></screen>
425
426	<para>
427	At this point, if everything has been successful so far, you
428	can feel fairly confident in the installation and configuration of
429	the package.
430	</para>
431
432	</sect4>
433
434	<sect4>
435	<title>Additional Information</title>
436
437	<para>
438	For additional information consult the <ulink
439	url="https://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
440	documentation for krb5-&mitkrb-version;</ulink> on which the above
441	instructions are based.
442	</para>
443
444	</sect4>
445
446	</sect3>
447
448	<sect3 id="mitkrb-init">
449	<title><phrase revision="sysv">Init Script</phrase>
450	<phrase revision="systemd">Systemd Unit</phrase></title>
451
452	<para revision="sysv">
453	If you want to start <application>Kerberos</application> services
454	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
455	script included in the <xref linkend="bootscripts"/> package using
456	the following command:
457	</para>
458
459	<para revision="systemd">
460	If you want to start <application>Kerberos</application> services
461	at boot, install the <filename>krb5.service</filename> unit included in
462	the <xref linkend="systemd-units"/> package using the following command:
463	</para>
464
465	<indexterm zone="mitkrb mitkrb-init">
466	<primary sortas="f-krb5">krb5</primary>
467	</indexterm>
468
469	<screen role="root"><userinput>make install-krb5</userinput></screen>
470
471	</sect3>
472
473	</sect2>
474
475	<sect2 role="content">
476
477	<title>Contents</title>
478
479	<segmentedlist>
480	<segtitle>Installed Programs</segtitle>
481	<segtitle>Installed Libraries</segtitle>
482	<segtitle>Installed Directories</segtitle>
483
484	<seglistitem>
485	<seg>
486	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
487	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
488	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5-send-pr, krb5kdc,
489	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
490	sserver, uuclient, and uuserver
491	</seg>
492	<seg>
493	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
494	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
495	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
496	libverto.so, and some plugins under the /usr/lib/krb5 tree
497	</seg>
498	<seg>
499	/usr/include/{gssapi,gssrpc,kadm5,krb5},
500	/usr/lib/krb5,
501	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
502	/var/lib/krb5kdc, and
503	/run/krb5kdc
504	</seg>
505	</seglistitem>
506	</segmentedlist>
507
508	<variablelist>
509	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
510	<?dbfo list-presentation="list"?>
511	<?dbhtml list-presentation="table"?>
512
513	<varlistentry id="gss-client">
514	<term><command>gss-client</command></term>
515	<listitem>
516	<para>
517	is a GSSAPI test client
518	</para>
519	<indexterm zone="mitkrb gss-client">
520	<primary sortas="b-gss-client">gss-client</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="gss-server">
526	<term><command>gss-server</command></term>
527	<listitem>
528	<para>
529	is a GSSAPI test server
530	</para>
531	<indexterm zone="mitkrb gss-server">
532	<primary sortas="b-gss-server">gss-server</primary>
533	</indexterm>
534	</listitem>
535	</varlistentry>
536
537	<varlistentry id="k5srvutil">
538	<term><command>k5srvutil</command></term>
539	<listitem>
540	<para>
541	is a host keytable manipulation utility
542	</para>
543	<indexterm zone="mitkrb k5srvutil">
544	<primary sortas="b-k5srvutil">k5srvutil</primary>
545	</indexterm>
546	</listitem>
547	</varlistentry>
548
549	<varlistentry id="kadmin">
550	<term><command>kadmin</command></term>
551	<listitem>
552	<para>
553	is an utility used to make modifications
554	to the Kerberos database
555	</para>
556	<indexterm zone="mitkrb kadmin">
557	<primary sortas="b-kadmin">kadmin</primary>
558	</indexterm>
559	</listitem>
560	</varlistentry>
561
562	<varlistentry id="kadmin.local">
563	<term><command>kadmin.local</command></term>
564	<listitem>
565	<para>
566	is an utility similar to <command>kadmin</command>, but if the
567	database is db2, the local client <command>kadmin.local</command>,
568	is intended to run directly on the master KDC without Kerberos
569	authentication
570	</para>
571	<indexterm zone="mitkrb kadmin.local">
572	<primary sortas="b-kadmin.local">kadmin.local</primary>
573	</indexterm>
574	</listitem>
575	</varlistentry>
576
577	<varlistentry id="kadmind">
578	<term><command>kadmind</command></term>
579	<listitem>
580	<para>
581	is a server for administrative access
582	to a Kerberos database
583	</para>
584	<indexterm zone="mitkrb kadmind">
585	<primary sortas="b-kadmind">kadmind</primary>
586	</indexterm>
587	</listitem>
588	</varlistentry>
589
590	<varlistentry id="kdb5_ldap_util">
591	<term><command>kdb5_ldap_util (optional)</command></term>
592	<listitem>
593	<para>
594	allows an administrator to manage realms, Kerberos services
595	and ticket policies
596	</para>
597	<indexterm zone="mitkrb kdb5_ldap_util">
598	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
599	</indexterm>
600	</listitem>
601	</varlistentry>
602
603	<varlistentry id="kdb5_util">
604	<term><command>kdb5_util</command></term>
605	<listitem>
606	<para>
607	is the KDC database utility
608	</para>
609	<indexterm zone="mitkrb kdb5_util">
610	<primary sortas="b-kdb5_util">kdb5_util</primary>
611	</indexterm>
612	</listitem>
613	</varlistentry>
614
615	<varlistentry id="kdestroy">
616	<term><command>kdestroy</command></term>
617	<listitem>
618	<para>
619	removes the current set of tickets
620	</para>
621	<indexterm zone="mitkrb kdestroy">
622	<primary sortas="b-kdestroy">kdestroy</primary>
623	</indexterm>
624	</listitem>
625	</varlistentry>
626
627	<varlistentry id="kinit">
628	<term><command>kinit</command></term>
629	<listitem>
630	<para>
631	is used to authenticate to the Kerberos server as a
632	principal and acquire a ticket granting ticket that can
633	later be used to obtain tickets for other services
634	</para>
635	<indexterm zone="mitkrb kinit">
636	<primary sortas="b-kinit">kinit</primary>
637	</indexterm>
638	</listitem>
639	</varlistentry>
640
641	<varlistentry id="klist">
642	<term><command>klist</command></term>
643	<listitem>
644	<para>
645	reads and displays the current tickets in
646	the credential cache
647	</para>
648	<indexterm zone="mitkrb klist">
649	<primary sortas="b-klist">klist</primary>
650	</indexterm>
651	</listitem>
652	</varlistentry>
653
654	<varlistentry id="kpasswd">
655	<term><command>kpasswd</command></term>
656	<listitem>
657	<para>
658	is a program for changing Kerberos 5 passwords
659	</para>
660	<indexterm zone="mitkrb kpasswd">
661	<primary sortas="b-kpasswd">kpasswd</primary>
662	</indexterm>
663	</listitem>
664	</varlistentry>
665
666	<varlistentry id="kprop">
667	<term><command>kprop</command></term>
668	<listitem>
669	<para>
670	takes a principal database in a specified format and
671	converts it into a stream of database records
672	</para>
673	<indexterm zone="mitkrb kprop">
674	<primary sortas="b-kprop">kprop</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="kpropd">
680	<term><command>kpropd</command></term>
681	<listitem>
682	<para>
683	receives a database sent by <command>kprop</command>
684	and writes it as a local database
685	</para>
686	<indexterm zone="mitkrb kpropd">
687	<primary sortas="b-kpropd">kpropd</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="kproplog">
693	<term><command>kproplog</command></term>
694	<listitem>
695	<para>
696	displays the contents of the KDC database update log to standard
697	output
698	</para>
699	<indexterm zone="mitkrb kproplog">
700	<primary sortas="b-kproplog">kproplog</primary>
701	</indexterm>
702	</listitem>
703	</varlistentry>
704
705	<varlistentry id="krb5-config-prog2">
706	<term><command>krb5-config</command></term>
707	<listitem>
708	<para>
709	gives information on how to link programs against
710	libraries
711	</para>
712	<indexterm zone="mitkrb krb5-config-prog2">
713	<primary sortas="b-krb5-config">krb5-config</primary>
714	</indexterm>
715	</listitem>
716	</varlistentry>
717
718	<varlistentry id="krb5kdc">
719	<term><command>krb5kdc</command></term>
720	<listitem>
721	<para>
722	is the <application>Kerberos 5</application> server
723	</para>
724	<indexterm zone="mitkrb krb5kdc">
725	<primary sortas="b-krb5kdc">krb5kdc</primary>
726	</indexterm>
727	</listitem>
728	</varlistentry>
729
730	<varlistentry id="krb5-send-pr">
731	<term><command>krb5-send-pr</command></term>
732	<listitem>
733	<para>
734	sends a problem report (PR) to a central support site
735	</para>
736	<indexterm zone="mitkrb krb5-send-pr">
737	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
738	</indexterm>
739	</listitem>
740	</varlistentry>
741
742	<varlistentry id="ksu">
743	<term><command>ksu</command></term>
744	<listitem>
745	<para>
746	is the super user program using Kerberos protocol.
747	Requires a properly configured
748	<filename>/etc/shells</filename> and
749	<filename>~/.k5login</filename> containing principals
750	authorized to become super users
751	</para>
752	<indexterm zone="mitkrb ksu">
753	<primary sortas="b-ksu">ksu</primary>
754	</indexterm>
755	</listitem>
756	</varlistentry>
757
758	<varlistentry id="kswitch">
759	<term><command>kswitch</command></term>
760	<listitem>
761	<para>
762	makes the specified credential cache the
763	primary cache for the collection, if a cache
764	collection is available
765	</para>
766	<indexterm zone="mitkrb kswitch">
767	<primary sortas="b-kswitch">kswitch</primary>
768	</indexterm>
769	</listitem>
770	</varlistentry>
771
772	<varlistentry id="ktutil">
773	<term><command>ktutil</command></term>
774	<listitem>
775	<para>
776	is a program for managing Kerberos keytabs
777	</para>
778	<indexterm zone="mitkrb ktutil">
779	<primary sortas="b-ktutil">ktutil</primary>
780	</indexterm>
781	</listitem>
782	</varlistentry>
783
784	<varlistentry id="kvno">
785	<term><command>kvno</command></term>
786	<listitem>
787	<para>
788	prints keyversion numbers of Kerberos principals
789	</para>
790	<indexterm zone="mitkrb kvno">
791	<primary sortas="b-kvno">kvno</primary>
792	</indexterm>
793	</listitem>
794	</varlistentry>
795
796	<varlistentry id="sclient">
797	<term><command>sclient</command></term>
798	<listitem>
799	<para>
800	is used to contact a sample server and authenticate to it
801	using Kerberos 5 tickets, then display the server's
802	response
803	</para>
804	<indexterm zone="mitkrb sclient">
805	<primary sortas="b-sclient">sclient</primary>
806	</indexterm>
807	</listitem>
808	</varlistentry>
809
810	<varlistentry id="sim_client">
811	<term><command>sim_client</command></term>
812	<listitem>
813	<para>
814	is a simple UDP-based sample client program, for
815	demonstration
816	</para>
817	<indexterm zone="mitkrb sim_client">
818	<primary sortas="b-sim_client">sim_client</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="sim_server">
824	<term><command>sim_server</command></term>
825	<listitem>
826	<para>
827	is a simple UDP-based server application, for
828	demonstration
829	</para>
830	<indexterm zone="mitkrb sim_server">
831	<primary sortas="b-sim_server">sim_server</primary>
832	</indexterm>
833	</listitem>
834	</varlistentry>
835
836	<varlistentry id="sserver">
837	<term><command>sserver</command></term>
838	<listitem>
839	<para>
840	is the sample Kerberos 5 server
841	</para>
842	<indexterm zone="mitkrb sserver">
843	<primary sortas="b-sserver">sserver</primary>
844	</indexterm>
845	</listitem>
846	</varlistentry>
847
848	<varlistentry id="uuclient">
849	<term><command>uuclient</command></term>
850	<listitem>
851	<para>
852	is another sample client
853	</para>
854	<indexterm zone="mitkrb uuclient">
855	<primary sortas="b-uuclient">uuclient</primary>
856	</indexterm>
857	</listitem>
858	</varlistentry>
859
860	<varlistentry id="uuserver">
861	<term><command>uuserver</command></term>
862	<listitem>
863	<para>
864	is another sample server
865	</para>
866	<indexterm zone="mitkrb uuserver">
867	<primary sortas="b-uuserver">uuserver</primary>
868	</indexterm>
869	</listitem>
870	</varlistentry>
871
872
873	<varlistentry id="libgssapi_krb5">
874	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
875	<listitem>
876	<para>
877	contains the Generic Security Service Application Programming
878	Interface (GSSAPI) functions which provides security services
879	to callers in a generic fashion, supportable with a range of
880	underlying mechanisms and technologies and hence allowing
881	source-level portability of applications to different
882	environments
883	</para>
884	<indexterm zone="mitkrb libgssapi_krb5">
885	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
886	</indexterm>
887	</listitem>
888	</varlistentry>
889
890	<varlistentry id="libkadm5clnt">
891	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
892	<listitem>
893	<para>
894	contains the administrative authentication and password checking
895	functions required by Kerberos 5 client-side programs
896	</para>
897	<indexterm zone="mitkrb libkadm5clnt">
898	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
899	</indexterm>
900	</listitem>
901	</varlistentry>
902
903	<varlistentry id="libkadm5srv">
904	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
905	<listitem>
906	<para>
907	contains the administrative authentication and password
908	checking functions required by Kerberos 5 servers
909	</para>
910	<indexterm zone="mitkrb libkadm5srv">
911	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
912	</indexterm>
913	</listitem>
914	</varlistentry>
915
916	<varlistentry id="libkdb5">
917	<term><filename class="libraryfile">libkdb5.so</filename></term>
918	<listitem>
919	<para>
920	is a Kerberos 5 authentication/authorization database
921	access library
922	</para>
923	<indexterm zone="mitkrb libkdb5">
924	<primary sortas="c-libkdb5">libkdb5.so</primary>
925	</indexterm>
926	</listitem>
927	</varlistentry>
928
929	<varlistentry id="libkrad">
930	<term><filename class="libraryfile">libkrad.so</filename></term>
931	<listitem>
932	<para>
933	contains the internal support library for RADIUS functionality
934	</para>
935	<indexterm zone="mitkrb libkrad">
936	<primary sortas="c-libkrad">libkrad.so</primary>
937	</indexterm>
938	</listitem>
939	</varlistentry>
940
941	<varlistentry id="libkrb5">
942	<term><filename class="libraryfile">libkrb5.so</filename></term>
943	<listitem>
944	<para>
945	is an all-purpose <application>Kerberos 5</application> library
946	</para>
947	<indexterm zone="mitkrb libkrb5">
948	<primary sortas="c-libkrb5">libkrb5.so</primary>
949	</indexterm>
950	</listitem>
951	</varlistentry>
952
953	</variablelist>
954
955	</sect2>
956
957	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ b238fd9c

Download in other formats: