Context Navigation

mitkrb.xml@ bb49ea0

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.6 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since bb49ea0 was bb49ea0, checked in by Bruce Dubbs <bdubbs@…>, 10 years ago

Finish tagging postlfs section
Update haveged script

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@14327 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 27.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "357f1312b7720a0a591e22db0f7829fe">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "120 MB (Additional 25 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 4.4 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs76_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (for full test coverage),
82	<xref linkend="gnupg2"/> (to authenticate the package),
83	<xref linkend="keyutils"/>,
84	<xref linkend="openldap"/>,
85	<xref linkend="python2"/> (used during the testsuite) and
86	<xref linkend="rpcbind"/> (used during the testsuite)
87	</para>
88
89	<note>
90	<para>
91	Some sort of time synchronization facility on your system (like
92	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
93	if there is a time difference between a kerberized client and the
94	KDC server.
95	</para>
96	</note>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/mitkrb"/>
100	</para>
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of MIT Kerberos V5</title>
105
106	<para>
107	<application>MIT Kerberos V5</application> is distributed in a
108	TAR file containing a compressed TAR package and a detached PGP
109	<filename class="extension">ASC</filename> file. You'll need to unpack
110	the distribution tar file, then unpack the compressed tar file before
111	starting the build.
112	</para>
113
114	<para>
115	After unpacking the distribution tarball and if you have
116	<xref linkend="gnupg2"/> installed, you can
117	authenticate the package. First, check the contents of the file
118	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
119	</para>
120
121	<screen><userinput>gpg2 --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
122
123	<para>You will probably see output similar to:</para>
124
125	<screen><literal>gpg: Signature made Mon Aug 11 22:53:10 2014 GMT using RSA key ID 749D7889
126	gpg: Can't check signature: No public key</literal></screen>
127
128	<para>
129	You can import the public key with:
130	</para>
131
132	<screen><userinput>gpg2 --pgp2 --keyserver pgp.mit.edu --recv-keys 0x749D7889</userinput></screen>
133
134	<para>
135	Now re-verify the package with the first command above. You should get a
136	indication of a good signature, but the key will still not be certified
137	with a trusted signature. Trusting the downloaded key is a separate
138	operation but it is up to you to determine the level of trust.
139	</para>
140
141	<para>
142	Build <application>MIT Kerberos V5</application> by running the
143	following commands:
144	</para>
145
146	<screen><userinput>cd src &&
147	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
148	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
149	-i configure.in &&
150	sed -e 's@\^u}@^u cols 300}@' \
151	-i tests/dejagnu/config/default.exp &&
152	autoconf &&
153	./configure --prefix=/usr \
154	--sysconfdir=/etc \
155	--localstatedir=/var/lib \
156	--with-system-et \
157	--with-system-ss \
158	--with-system-verto=no \
159	--enable-dns-for-realm &&
160	make</userinput></screen>
161
162	<para>
163	To test the build, issue: <command>make check</command>. You need at
164	least <xref linkend="tcl"/>, which is used to drive the testsuite.
165	Furthermore, <xref linkend="dejagnu"/> must be available for some
166	of the tests to run. If you have a former version of MIT Kerberos V5
167	installed, it may happen that the test suite pick up the installed
168	versions of the libraries, rather than the newly built ones. If so,
169	it is better to run the tests after the installation.
170	</para>
171
172	<para>
173	Now, as the <systemitem class="username">root</systemitem> user:
174	</para>
175
176	<screen role="root"><userinput>make install &&
177
178	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
179	kdb5 kdb_ldap krad krb5 krb5support verto ; do
180	chmod -v 755 /usr/lib/lib$LIBRARY.so
181	done &&
182
183	mv -v /usr/lib/libkrb5.so.3* /lib &&
184	mv -v /usr/lib/libk5crypto.so.3* /lib &&
185	mv -v /usr/lib/libkrb5support.so.0* /lib &&
186
187	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
188	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
189	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
190
191	mv -v /usr/bin/ksu /bin &&
192	chmod -v 755 /bin/ksu &&
193
194	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
195	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
196
197	unset LIBRARY</userinput></screen>
198
199
200	</sect2>
201
202	<sect2 role="commands">
203	<title>Command Explanations</title>
204
205	<para>
206	<command>sed -e ...</command>: The first <command>sed</command> fixes
207	<application>Python</application> detection. The second one increases
208	the width of the virtual terminal used for some tests, to prevent
209	some spurious characters to be echoed, which is taken as a failure.
210	</para>
211
212	<para>
213	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
214	used so that the Kerberos variable run-time data is located in
215	<filename class="directory">/var/lib</filename> instead of
216	<filename class="directory">/usr/var</filename>.
217	</para>
218
219	<para>
220	<parameter>--with-system-et</parameter>: This switch causes the build
221	to use the system-installed versions of the error-table support
222	software.
223	</para>
224
225	<para>
226	<parameter>--with-system-ss</parameter>: This switch causes the build
227	to use the system-installed versions of the subsystem command-line
228	interface software.
229	</para>
230
231	<para>
232	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
233	the package: it does not recognize its own verto library installed
234	previously. This is not a problem, if reinstalling the same version,
235	but if you are updating, the old library is used as system's one,
236	instead of installing the new version.
237	</para>
238
239	<para>
240	<parameter>--enable-dns-for-realm</parameter>: This switch allows
241	realms to be resolved using the DNS server.
242	</para>
243
244	<para>
245	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
246	<command>ksu</command> program to the
247	<filename class="directory">/bin</filename> directory so that it is
248	available when the <filename class="directory">/usr</filename>
249	filesystem is not mounted.
250	</para>
251
252	<para>
253	<option>--with-ldap</option>: Use this switch if you want to compile
254	<application>OpenLDAP</application> database backend module.
255	</para>
256
257	</sect2>
258
259	<sect2 role="configuration">
260	<title>Configuring MIT Kerberos V5</title>
261
262	<sect3 id="krb5-config">
263	<title>Config Files</title>
264
265	<para>
266	<filename>/etc/krb5.conf</filename> and
267	<filename>/var/lib/krb5kdc/kdc.conf</filename>
268	</para>
269
270	<indexterm zone="mitkrb krb5-config">
271	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
272	</indexterm>
273
274	<indexterm zone="mitkrb krb5-config">
275	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
276	</indexterm>
277
278	</sect3>
279
280	<sect3>
281	<title>Configuration Information</title>
282
283	<sect4>
284	<title>Kerberos Configuration</title>
285
286	<tip>
287	<para>
288	You should consider installing some sort of password checking
289	dictionary so that you can configure the installation to only
290	accept strong passwords. A suitable dictionary to use is shown in
291	the <xref linkend="cracklib"/> instructions. Note that only one
292	file can be used, but you can concatenate many files into one. The
293	configuration file shown below assumes you have installed a
294	dictionary to <filename>/usr/share/dict/words</filename>.
295	</para>
296	</tip>
297
298	<para>
299	Create the Kerberos configuration file with the following
300	commands issued by the <systemitem class="username">root</systemitem>
301	user:
302	</para>
303
304	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
305	<literal># Begin /etc/krb5.conf
306
307	[libdefaults]
308	default_realm = <replaceable><LFS.ORG></replaceable>
309	encrypt = true
310
311	[realms]
312	<replaceable><LFS.ORG></replaceable> = {
313	kdc = <replaceable><belgarath.lfs.org></replaceable>
314	admin_server = <replaceable><belgarath.lfs.org></replaceable>
315	dict_file = /usr/share/dict/words
316	}
317
318	[domain_realm]
319	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
320
321	[logging]
322	kdc = SYSLOG[:INFO[:AUTH]]
323	admin_server = SYSLOG[INFO[:AUTH]]
324	default = SYSLOG[[:SYS]]
325
326	# End /etc/krb5.conf</literal>
327	EOF</userinput></screen>
328
329	<para>
330	You will need to substitute your domain and proper hostname for the
331	occurrences of the <replaceable><belgarath></replaceable> and
332	<replaceable><lfs.org></replaceable> names.
333	</para>
334
335	<para>
336	<option>default_realm</option> should be the name of your
337	domain changed to ALL CAPS. This isn't required, but both
338	<application>Heimdal</application> and MIT recommend it.
339	</para>
340
341	<para>
342	<option>encrypt = true</option> provides encryption of all traffic
343	between kerberized clients and servers. It's not necessary and can
344	be left off. If you leave it off, you can encrypt all traffic from
345	the client to the server using a switch on the client program
346	instead.
347	</para>
348
349	<para>
350	The <option>[realms]</option> parameters tell the client programs
351	where to look for the KDC authentication services.
352	</para>
353
354	<para>
355	The <option>[domain_realm]</option> section maps a domain to a realm.
356	</para>
357
358	<para>
359	Create the KDC database:
360	</para>
361
362	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
363
364	<para>
365	Now you should populate the database with principals
366	(users). For now, just use your regular login name or
367	<systemitem class="username">root</systemitem>.
368	</para>
369
370	<screen role="root"><userinput>kadmin.local
371	<prompt>kadmin.local:</prompt> add_policy dict-only
372	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
373
374	<para>
375	The KDC server and any machine running kerberized
376	server daemons must have a host key installed:
377	</para>
378
379	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
380
381	<para>
382	After choosing the defaults when prompted, you will have to
383	export the data to a keytab file:
384	</para>
385
386	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
387
388	<para>
389	This should have created a file in
390	<filename class="directory">/etc</filename> named
391	<filename>krb5.keytab</filename> (Kerberos 5). This file should
392	have 600 (<systemitem class="username">root</systemitem> rw only)
393	permissions. Keeping the keytab files from public access is crucial
394	to the overall security of the Kerberos installation.
395	</para>
396
397	<para>
398	Exit the <command>kadmin</command> program (use
399	<command>quit</command> or <command>exit</command>) and return
400	back to the shell prompt. Start the KDC daemon manually, just to
401	test out the installation:
402	</para>
403
404	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
405
406	<para>
407	Attempt to get a ticket with the following command:
408	</para>
409
410	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
411
412	<para>
413	You will be prompted for the password you created. After you
414	get your ticket, you can list it with the following command:
415	</para>
416
417	<screen><userinput>klist</userinput></screen>
418
419	<para>
420	Information about the ticket should be displayed on the
421	screen.
422	</para>
423
424	<para>
425	To test the functionality of the keytab file, issue the
426	following command:
427	</para>
428
429	<screen><userinput>ktutil
430	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
431	<prompt>ktutil:</prompt> l</userinput></screen>
432
433	<para>
434	This should dump a list of the host principal, along with
435	the encryption methods used to access the principal.
436	</para>
437
438	<para>
439	At this point, if everything has been successful so far, you
440	can feel fairly confident in the installation and configuration of
441	the package.
442	</para>
443
444	</sect4>
445
446	<sect4>
447	<title>Additional Information</title>
448
449	<para>
450	For additional information consult the <ulink
451	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
452	documentation for krb5-&mitkrb-version;</ulink> on which the above
453	instructions are based.
454	</para>
455
456	</sect4>
457
458	</sect3>
459
460	<sect3 id="mitkrb-init">
461	<title>Init Script</title>
462
463	<para>
464	If you want to start <application>Kerberos</application> services
465	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
466	script included in the <xref linkend="bootscripts"/> package using
467	the following command:
468	</para>
469
470	<indexterm zone="mitkrb mitkrb-init">
471	<primary sortas="f-krb5">krb5</primary>
472	</indexterm>
473
474	<screen role="root"><userinput>make install-krb5</userinput></screen>
475
476	</sect3>
477
478	</sect2>
479
480	<sect2 role="content">
481
482	<title>Contents</title>
483	<para></para>
484
485	<segmentedlist>
486	<segtitle>Installed Programs</segtitle>
487	<segtitle>Installed Libraries</segtitle>
488	<segtitle>Installed Directories</segtitle>
489
490	<seglistitem>
491	<seg>
492	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
493	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
494	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
495	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
496	sserver, uuclient and uuserver
497	</seg>
498	<seg>
499	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
500	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
501	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
502	libverto.so, and some plugins under the /usr/lib/krb5 tree
503	</seg>
504	<seg>
505	/usr/include/gssapi,
506	/usr/include/gssrpc,
507	/usr/include/kadm5,
508	/usr/include/krb5,
509	/usr/lib/krb5,
510	/usr/share/doc/krb5-&mitkrb-version;,
511	/usr/share/examples/krb5,
512	/usr/share/gnats/, and
513	/var/lib/krb5kdc
514	</seg>
515	</seglistitem>
516	</segmentedlist>
517
518	<variablelist>
519	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
520	<?dbfo list-presentation="list"?>
521	<?dbhtml list-presentation="table"?>
522
523	<varlistentry id="k5srvutil">
524	<term><command>k5srvutil</command></term>
525	<listitem>
526	<para>
527	is a host keytable manipulation utility.
528	</para>
529	<indexterm zone="mitkrb k5srvutil">
530	<primary sortas="b-k5srvutil">k5srvutil</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="kadmin">
536	<term><command>kadmin</command></term>
537	<listitem>
538	<para>
539	is an utility used to make modifications
540	to the Kerberos database.
541	</para>
542	<indexterm zone="mitkrb kadmin">
543	<primary sortas="b-kadmin">kadmin</primary>
544	</indexterm>
545	</listitem>
546	</varlistentry>
547
548	<varlistentry id="kadmind">
549	<term><command>kadmind</command></term>
550	<listitem>
551	<para>
552	is a server for administrative access
553	to a Kerberos database.
554	</para>
555	<indexterm zone="mitkrb kadmind">
556	<primary sortas="b-kadmind">kadmind</primary>
557	</indexterm>
558	</listitem>
559	</varlistentry>
560
561	<varlistentry id="kdb5_util">
562	<term><command>kdb5_util</command></term>
563	<listitem>
564	<para>
565	is the KDC database utility.
566	</para>
567	<indexterm zone="mitkrb kdb5_util">
568	<primary sortas="b-kdb5_util">kdb5_util</primary>
569	</indexterm>
570	</listitem>
571	</varlistentry>
572
573	<varlistentry id="kdestroy">
574	<term><command>kdestroy</command></term>
575	<listitem>
576	<para>
577	removes the current set of tickets.
578	</para>
579	<indexterm zone="mitkrb kdestroy">
580	<primary sortas="b-kdestroy">kdestroy</primary>
581	</indexterm>
582	</listitem>
583	</varlistentry>
584
585	<varlistentry id="kinit">
586	<term><command>kinit</command></term>
587	<listitem>
588	<para>
589	is used to authenticate to the Kerberos server as a
590	principal and acquire a ticket granting ticket that can
591	later be used to obtain tickets for other services.
592	</para>
593	<indexterm zone="mitkrb kinit">
594	<primary sortas="b-kinit">kinit</primary>
595	</indexterm>
596	</listitem>
597	</varlistentry>
598
599	<varlistentry id="klist">
600	<term><command>klist</command></term>
601	<listitem>
602	<para>
603	reads and displays the current tickets in
604	the credential cache.
605	</para>
606	<indexterm zone="mitkrb klist">
607	<primary sortas="b-klist">klist</primary>
608	</indexterm>
609	</listitem>
610	</varlistentry>
611
612	<varlistentry id="kpasswd">
613	<term><command>kpasswd</command></term>
614	<listitem>
615	<para>
616	is a program for changing Kerberos 5 passwords.
617	</para>
618	<indexterm zone="mitkrb kpasswd">
619	<primary sortas="b-kpasswd">kpasswd</primary>
620	</indexterm>
621	</listitem>
622	</varlistentry>
623
624	<varlistentry id="kprop">
625	<term><command>kprop</command></term>
626	<listitem>
627	<para>
628	takes a principal database in a specified format and
629	converts it into a stream of database records.
630	</para>
631	<indexterm zone="mitkrb kprop">
632	<primary sortas="b-kprop">kprop</primary>
633	</indexterm>
634	</listitem>
635	</varlistentry>
636
637	<varlistentry id="kpropd">
638	<term><command>kpropd</command></term>
639	<listitem>
640	<para>
641	receives a database sent by <command>kprop</command>
642	and writes it as a local database.
643	</para>
644	<indexterm zone="mitkrb kpropd">
645	<primary sortas="b-kpropd">kpropd</primary>
646	</indexterm>
647	</listitem>
648	</varlistentry>
649
650	<varlistentry id="krb5-config-prog2">
651	<term><command>krb5-config</command></term>
652	<listitem>
653	<para>
654	gives information on how to link programs against
655	libraries.
656	</para>
657	<indexterm zone="mitkrb krb5-config-prog2">
658	<primary sortas="b-krb5-config">krb5-config</primary>
659	</indexterm>
660	</listitem>
661	</varlistentry>
662
663	<varlistentry id="krb5kdc">
664	<term><command>krb5kdc</command></term>
665	<listitem>
666	<para>
667	is the <application>Kerberos 5</application> server.
668	</para>
669	<indexterm zone="mitkrb krb5kdc">
670	<primary sortas="b-krb5kdc">krb5kdc</primary>
671	</indexterm>
672	</listitem>
673	</varlistentry>
674
675	<varlistentry id="ksu">
676	<term><command>ksu</command></term>
677	<listitem>
678	<para>
679	is the super user program using Kerberos protocol.
680	Requires a properly configured
681	<filename>/etc/shells</filename> and
682	<filename>~/.k5login</filename> containing principals
683	authorized to become super users.
684	</para>
685	<indexterm zone="mitkrb ksu">
686	<primary sortas="b-ksu">ksu</primary>
687	</indexterm>
688	</listitem>
689	</varlistentry>
690
691	<varlistentry id="kswitch">
692	<term><command>kswitch</command></term>
693	<listitem>
694	<para>
695	makes the specified credential cache the
696	primary cache for the collection, if a cache
697	collection is available.
698	</para>
699	<indexterm zone="mitkrb kswitch">
700	<primary sortas="b-kswitch">kswitch</primary>
701	</indexterm>
702	</listitem>
703	</varlistentry>
704
705	<varlistentry id="ktutil">
706	<term><command>ktutil</command></term>
707	<listitem>
708	<para>
709	is a program for managing Kerberos keytabs.
710	</para>
711	<indexterm zone="mitkrb ktutil">
712	<primary sortas="b-ktutil">ktutil</primary>
713	</indexterm>
714	</listitem>
715	</varlistentry>
716
717	<varlistentry id="kvno">
718	<term><command>kvno</command></term>
719	<listitem>
720	<para>
721	prints keyversion numbers of Kerberos principals.
722	</para>
723	<indexterm zone="mitkrb kvno">
724	<primary sortas="b-kvno">kvno</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="sclient">
730	<term><command>sclient</command></term>
731	<listitem>
732	<para>
733	used to contact a sample server and authenticate to it
734	using Kerberos 5 tickets, then display the server's
735	response.
736	</para>
737	<indexterm zone="mitkrb sclient">
738	<primary sortas="b-sclient">sclient</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="sserver">
744	<term><command>sserver</command></term>
745	<listitem>
746	<para>
747	is the sample Kerberos 5 server.
748	</para>
749	<indexterm zone="mitkrb sserver">
750	<primary sortas="b-sserver">sserver</primary>
751	</indexterm>
752	</listitem>
753	</varlistentry>
754
755	<varlistentry id="libgssapi_krb5">
756	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
757	<listitem>
758	<para>
759	contain the Generic Security Service Application Programming
760	Interface (GSSAPI) functions which provides security services
761	to callers in a generic fashion, supportable with a range of
762	underlying mechanisms and technologies and hence allowing
763	source-level portability of applications to different
764	environments.
765	</para>
766	<indexterm zone="mitkrb libgssapi_krb5">
767	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
768	</indexterm>
769	</listitem>
770	</varlistentry>
771
772	<varlistentry id="libkadm5clnt">
773	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
774	<listitem>
775	<para>
776	contains the administrative authentication and password checking
777	functions required by Kerberos 5 client-side programs.
778	</para>
779	<indexterm zone="mitkrb libkadm5clnt">
780	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
781	</indexterm>
782	</listitem>
783	</varlistentry>
784
785	<varlistentry id="libkadm5srv">
786	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
787	<listitem>
788	<para>
789	contain the administrative authentication and password
790	checking functions required by Kerberos 5 servers.
791	</para>
792	<indexterm zone="mitkrb libkadm5srv">
793	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
794	</indexterm>
795	</listitem>
796	</varlistentry>
797
798	<varlistentry id="libkdb5">
799	<term><filename class="libraryfile">libkdb5.so</filename></term>
800	<listitem>
801	<para>
802	is a Kerberos 5 authentication/authorization database
803	access library.
804	</para>
805	<indexterm zone="mitkrb libkdb5">
806	<primary sortas="c-libkdb5">libkdb5.so</primary>
807	</indexterm>
808	</listitem>
809	</varlistentry>
810
811	<varlistentry id="libkrad">
812	<term><filename class="libraryfile">libkrad.so</filename></term>
813	<listitem>
814	<para>
815	contains the internal support library for RADIUS functionality.
816	</para>
817	<indexterm zone="mitkrb libkrad">
818	<primary sortas="c-libkrad">libkrad.so</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="libkrb5">
824	<term><filename class="libraryfile">libkrb5.so</filename></term>
825	<listitem>
826	<para>
827	is an all-purpose <application>Kerberos 5</application> library.
828	</para>
829	<indexterm zone="mitkrb libkrb5">
830	<primary sortas="c-libkrb5">libkrb5.so</primary>
831	</indexterm>
832	</listitem>
833	</varlistentry>
834
835	</variablelist>
836
837	</sect2>
838
839	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ bb49ea0

Download in other formats: