Context Navigation

mitkrb.xml@ debb0893

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since debb0893 was debb0893, checked in by Krejzi <krejzi@…>, 11 years ago

Krb5 1.11.1, fix At-Spi2 deps.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@11030 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 26.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.11/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "76c6bed945c5771674357cfd4a08e3f5">
10	<!ENTITY mitkrb-size "12 MB">
11	<!ENTITY mitkrb-buildsize "140 MB (Additional 20 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.5 SBU (additional 3.0 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs72_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (required to run the testsuite),
82	<xref linkend="keyutils"/>,
83	<xref linkend="openldap"/>,
84	<xref linkend="python2"/> (used during the testsuite) and
85	<xref linkend="rpcbind"/> (used during the testsuite)
86	</para>
87
88	<note>
89	<para>
90	Some sort of time synchronization facility on your system (like
91	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
92	if there is a time difference between a kerberized client and the
93	KDC server.
94	</para>
95	</note>
96
97	<para condition="html" role="usernotes">User Notes:
98	<ulink url="&blfs-wiki;/mitkrb"/>
99	</para>
100	</sect2>
101
102	<sect2 role="installation">
103	<title>Installation of MIT Kerberos V5</title>
104
105	<para>
106	<application>MIT Kerberos V5</application> is distributed in a
107	TAR file containing a compressed TAR package and a detached PGP
108	<filename class="extension">ASC</filename> file. You'll need to unpack
109	the distribution tar file, then unpack the compressed tar file before
110	starting the build.
111	</para>
112
113	<para>
114	After unpacking the distribution tarball and if you have
115	<xref linkend="gnupg"/> installed, you can
116	authenticate the package. First, check the contents of the file
117	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
118	</para>
119
120	<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
121
122	<para>You will probably see output similar to:</para>
123
124	<screen>gpg: Signature made Wed Aug 8 22:29:58 2012 GMT using RSA key ID F376813D
125	gpg: Can't check signature: public key not found</screen>
126
127	<para>
128	You can import the public key with:
129	</para>
130
131	<screen><userinput>gpg gpg --keyserver pgp.mit.edu --recv-keys 0xF376813D</userinput></screen>
132
133	<para>
134	Now re-verify the package with the first command above. You should get a
135	indication of a good signature, but the key will still not be certified
136	with a trusted signature. Trusting the downloaded key is a separate
137	operation but it is up to you to determine the level of trust.
138	</para>
139
140	<para>
141	Build <application>MIT Kerberos V5</application> by running the
142	following commands:
143	</para>
144
145	<screen><userinput>cd src &&
146	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
147	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
148	-i configure.in &&
149	sed -e "s@interp->result@Tcl_GetStringResult(interp)@g" \
150	-i kadmin/testing/util/tcl_kadm5.c &&
151	autoconf &&
152	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
153	--prefix=/usr \
154	--localstatedir=/var/lib \
155	--with-system-et \
156	--with-system-ss \
157	--enable-dns-for-realm &&
158	make</userinput></screen>
159
160	<para>
161	The regression test suite is designed to be run after the
162	installation has been completed.
163	</para>
164
165	<para>
166	Now, as the <systemitem class="username">root</systemitem> user:
167	</para>
168
169	<screen role="root"><userinput>make install &&
170
171	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit kadm5srv_mit \
172	kdb5 kdb_ldap krb5 krb5support verto ; do
173	[ -e /usr/lib/lib$LIBRARY.so.. ] && chmod -v 755 /usr/lib/lib$LIBRARY.so..
174	done &&
175
176	mv -v /usr/lib/libkrb5.so.3* /lib &&
177	mv -v /usr/lib/libk5crypto.so.3* /lib &&
178	mv -v /usr/lib/libkrb5support.so.0* /lib &&
179
180	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
181	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
182	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
183
184	mv -v /usr/bin/ksu /bin &&
185	chmod -v 755 /bin/ksu &&
186
187	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
188	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
189
190	unset LIBRARY</userinput></screen>
191
192	<para>
193	To test the installation, you must have <xref linkend="dejagnu"/>
194	installed and issue: <command>make check</command>.
195	</para>
196
197	</sect2>
198
199	<sect2 role="commands">
200	<title>Command Explanations</title>
201
202	<para>
203	<command>sed -e ...</command>: First <command>sed</command> fixes
204	<application>Python</application> detection and second one fixes
205	build with <application>Tcl</application> 8.6.
206	</para>
207
208	<para>
209	<option>--enable-dns-for-realm</option>: This switch allows
210	realms to be resolved using the DNS server.
211	</para>
212
213	<para>
214	<option>--with-system-et</option>: This switch causes the build
215	to use the system-installed versions of the error-table support
216	software.
217	</para>
218
219	<para>
220	<option>--with-system-ss</option>: This switch causes the build
221	to use the system-installed versions of the subsystem command-line
222	interface software.
223	</para>
224
225	<para>
226	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
227	used so that the Kerberos variable run-time data is located in
228	<filename class="directory">/var/lib</filename> instead of
229	<filename class="directory">/usr/var</filename>.
230	</para>
231
232	<para>
233	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
234	<command>ksu</command> program to the
235	<filename class="directory">/bin</filename> directory so that it is
236	available when the <filename class="directory">/usr</filename>
237	filesystem is not mounted.
238	</para>
239
240	<para>
241	<option>--with-ldap</option>: Use this switch if you want to compile
242	<application>OpenLDAP</application> database backend module.
243	</para>
244
245	</sect2>
246
247	<sect2 role="configuration">
248	<title>Configuring MIT Kerberos V5</title>
249
250	<sect3 id="krb5-config">
251	<title>Config Files</title>
252
253	<para>
254	<filename>/etc/krb5.conf</filename> and
255	<filename>/var/lib/krb5kdc/kdc.conf</filename>
256	</para>
257
258	<indexterm zone="mitkrb krb5-config">
259	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
260	</indexterm>
261
262	<indexterm zone="mitkrb krb5-config">
263	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
264	</indexterm>
265
266	</sect3>
267
268	<sect3>
269	<title>Configuration Information</title>
270
271	<sect4>
272	<title>Kerberos Configuration</title>
273
274	<tip>
275	<para>
276	You should consider installing some sort of password checking
277	dictionary so that you can configure the installation to only
278	accept strong passwords. A suitable dictionary to use is shown in
279	the <xref linkend="cracklib"/> instructions. Note that only one
280	file can be used, but you can concatenate many files into one. The
281	configuration file shown below assumes you have installed a
282	dictionary to <filename>/usr/share/dict/words</filename>.
283	</para>
284	</tip>
285
286	<para>
287	Create the Kerberos configuration file with the following
288	commands issued by the <systemitem class="username">root</systemitem>
289	user:
290	</para>
291
292	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
293	<literal># Begin /etc/krb5.conf
294
295	[libdefaults]
296	default_realm = <replaceable><LFS.ORG></replaceable>
297	encrypt = true
298
299	[realms]
300	<replaceable><LFS.ORG></replaceable> = {
301	kdc = <replaceable><belgarath.lfs.org></replaceable>
302	admin_server = <replaceable><belgarath.lfs.org></replaceable>
303	dict_file = /usr/share/dict/words
304	}
305
306	[domain_realm]
307	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
308
309	[logging]
310	kdc = SYSLOG[:INFO[:AUTH]]
311	admin_server = SYSLOG[INFO[:AUTH]]
312	default = SYSLOG[[:SYS]]
313
314	# End /etc/krb5.conf</literal>
315	EOF</userinput></screen>
316
317	<para>
318	You will need to substitute your domain and proper hostname for the
319	occurrences of the <replaceable><belgarath></replaceable> and
320	<replaceable><lfs.org></replaceable> names.
321	</para>
322
323	<para>
324	<option>default_realm</option> should be the name of your
325	domain changed to ALL CAPS. This isn't required, but both
326	<application>Heimdal</application> and MIT recommend it.
327	</para>
328
329	<para>
330	<option>encrypt = true</option> provides encryption of all traffic
331	between kerberized clients and servers. It's not necessary and can
332	be left off. If you leave it off, you can encrypt all traffic from
333	the client to the server using a switch on the client program
334	instead.
335	</para>
336
337	<para>
338	The <option>[realms]</option> parameters tell the client programs
339	where to look for the KDC authentication services.
340	</para>
341
342	<para>
343	The <option>[domain_realm]</option> section maps a domain to a realm.
344	</para>
345
346	<para>
347	Create the KDC database:
348	</para>
349
350	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
351
352	<para>
353	Now you should populate the database with principals
354	(users). For now, just use your regular login name or
355	<systemitem class="username">root</systemitem>.
356	</para>
357
358	<screen role="root"><userinput>kadmin.local
359	<prompt>kadmin:</prompt> add_policy dict-only
360	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
361
362	<para>
363	The KDC server and any machine running kerberized
364	server daemons must have a host key installed:
365	</para>
366
367	<screen role="root"><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
368
369	<para>
370	After choosing the defaults when prompted, you will have to
371	export the data to a keytab file:
372	</para>
373
374	<screen role="root"><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
375
376	<para>
377	This should have created a file in
378	<filename class="directory">/etc</filename> named
379	<filename>krb5.keytab</filename> (Kerberos 5). This file should
380	have 600 (<systemitem class="username">root</systemitem> rw only)
381	permissions. Keeping the keytab files from public access is crucial
382	to the overall security of the Kerberos installation.
383	</para>
384
385	<para>
386	Exit the <command>kadmin</command> program (use
387	<command>quit</command> or <command>exit</command>) and return
388	back to the shell prompt. Start the KDC daemon manually, just to
389	test out the installation:
390	</para>
391
392	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
393
394	<para>
395	Attempt to get a ticket with the following command:
396	</para>
397
398	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
399
400	<para>
401	You will be prompted for the password you created. After you
402	get your ticket, you can list it with the following command:
403	</para>
404
405	<screen><userinput>klist</userinput></screen>
406
407	<para>
408	Information about the ticket should be displayed on the
409	screen.
410	</para>
411
412	<para>
413	To test the functionality of the keytab file, issue the
414	following command:
415	</para>
416
417	<screen><userinput>ktutil
418	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
419	<prompt>ktutil:</prompt> l</userinput></screen>
420
421	<para>
422	This should dump a list of the host principal, along with
423	the encryption methods used to access the principal.
424	</para>
425
426	<para>
427	At this point, if everything has been successful so far, you
428	can feel fairly confident in the installation and configuration of
429	the package.
430	</para>
431
432	</sect4>
433
434	<sect4>
435	<title>Additional Information</title>
436
437	<para>
438	For additional information consult <ulink
439	url="http://web.mit.edu/kerberos/www/krb5-1.10/#documentation">
440	Documentation for krb5-&mitkrb-version;</ulink> on which the above
441	instructions are based.
442	</para>
443
444	</sect4>
445
446	</sect3>
447
448	<sect3 id="mitkrb-init">
449	<title>Init Script</title>
450
451	<para>
452	If you want to start <application>Kerberos</application> services
453	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
454	script included in the <xref linkend="bootscripts"/> package using
455	the following command:
456	</para>
457
458	<indexterm zone="mitkrb mitkrb-init">
459	<primary sortas="f-krb5">krb5</primary>
460	</indexterm>
461
462	<screen role="root"><userinput>make install-krb5</userinput></screen>
463
464	</sect3>
465
466	</sect2>
467
468	<sect2 role="content">
469
470	<title>Contents</title>
471	<para></para>
472
473	<segmentedlist>
474	<segtitle>Installed Programs</segtitle>
475	<segtitle>Installed Libraries</segtitle>
476	<segtitle>Installed Directories</segtitle>
477
478	<seglistitem>
479	<seg>
480	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
481	kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
482	kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr,
483	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
484	sserver, uuclient and uuserver
485	</seg>
486	<seg>
487	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
488	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so,
489	libkrb5.so, libkrb5support.so, and libverto.so
490	</seg>
491	<seg>
492	/usr/include/gssapi,
493	/usr/include/gssrpc,
494	/usr/include/kadm5,
495	/usr/include/krb5,
496	/usr/lib/krb5,
497	/usr/share/doc/krb5-&mitkrb-version;,
498	/usr/share/examples/krb5 and
499	/var/lib/krb5kdc
500	</seg>
501	</seglistitem>
502	</segmentedlist>
503
504	<variablelist>
505	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
506	<?dbfo list-presentation="list"?>
507	<?dbhtml list-presentation="table"?>
508
509	<varlistentry id="k5srvutil">
510	<term><command>k5srvutil</command></term>
511	<listitem>
512	<para>
513	is a host keytable manipulation utility.
514	</para>
515	<indexterm zone="mitkrb k5srvutil">
516	<primary sortas="b-k5srvutil">k5srvutil</primary>
517	</indexterm>
518	</listitem>
519	</varlistentry>
520
521	<varlistentry id="kadmin">
522	<term><command>kadmin</command></term>
523	<listitem>
524	<para>
525	is an utility used to make modifications
526	to the Kerberos database.
527	</para>
528	<indexterm zone="mitkrb kadmin">
529	<primary sortas="b-kadmin">kadmin</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="kadmind">
535	<term><command>kadmind</command></term>
536	<listitem>
537	<para>
538	is a server for administrative access
539	to a Kerberos database.
540	</para>
541	<indexterm zone="mitkrb kadmind">
542	<primary sortas="b-kadmind">kadmind</primary>
543	</indexterm>
544	</listitem>
545	</varlistentry>
546
547	<varlistentry id="kdb5_util">
548	<term><command>kdb5_util</command></term>
549	<listitem>
550	<para>
551	is the KDC database utility.
552	</para>
553	<indexterm zone="mitkrb kdb5_util">
554	<primary sortas="b-kdb5_util">kdb5_util</primary>
555	</indexterm>
556	</listitem>
557	</varlistentry>
558
559	<varlistentry id="kdestroy">
560	<term><command>kdestroy</command></term>
561	<listitem>
562	<para>
563	removes the current set of tickets.
564	</para>
565	<indexterm zone="mitkrb kdestroy">
566	<primary sortas="b-kdestroy">kdestroy</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="kinit">
572	<term><command>kinit</command></term>
573	<listitem>
574	<para>
575	is used to authenticate to the Kerberos server as a
576	principal and acquire a ticket granting ticket that can
577	later be used to obtain tickets for other services.
578	</para>
579	<indexterm zone="mitkrb kinit">
580	<primary sortas="b-kinit">kinit</primary>
581	</indexterm>
582	</listitem>
583	</varlistentry>
584
585	<varlistentry id="klist">
586	<term><command>klist</command></term>
587	<listitem>
588	<para>
589	reads and displays the current tickets in
590	the credential cache.
591	</para>
592	<indexterm zone="mitkrb klist">
593	<primary sortas="b-klist">klist</primary>
594	</indexterm>
595	</listitem>
596	</varlistentry>
597
598	<varlistentry id="kpasswd">
599	<term><command>kpasswd</command></term>
600	<listitem>
601	<para>
602	is a program for changing Kerberos 5 passwords.
603	</para>
604	<indexterm zone="mitkrb kpasswd">
605	<primary sortas="b-kpasswd">kpasswd</primary>
606	</indexterm>
607	</listitem>
608	</varlistentry>
609
610	<varlistentry id="kprop">
611	<term><command>kprop</command></term>
612	<listitem>
613	<para>
614	takes a principal database in a specified format and
615	converts it into a stream of database records.
616	</para>
617	<indexterm zone="mitkrb kprop">
618	<primary sortas="b-kprop">kprop</primary>
619	</indexterm>
620	</listitem>
621	</varlistentry>
622
623	<varlistentry id="kpropd">
624	<term><command>kpropd</command></term>
625	<listitem>
626	<para>
627	receives a database sent by <command>kprop</command>
628	and writes it as a local database.
629	</para>
630	<indexterm zone="mitkrb kpropd">
631	<primary sortas="b-kpropd">kpropd</primary>
632	</indexterm>
633	</listitem>
634	</varlistentry>
635
636	<varlistentry id="krb5-config-prog2">
637	<term><command>krb5-config</command></term>
638	<listitem>
639	<para>
640	gives information on how to link programs against
641	libraries.
642	</para>
643	<indexterm zone="mitkrb krb5-config-prog2">
644	<primary sortas="b-krb5-config">krb5-config</primary>
645	</indexterm>
646	</listitem>
647	</varlistentry>
648
649	<varlistentry id="krb5kdc">
650	<term><command>krb5kdc</command></term>
651	<listitem>
652	<para>
653	is the <application>Kerberos 5</application> server.
654	</para>
655	<indexterm zone="mitkrb krb5kdc">
656	<primary sortas="b-krb5kdc">krb5kdc</primary>
657	</indexterm>
658	</listitem>
659	</varlistentry>
660
661	<varlistentry id="ksu">
662	<term><command>ksu</command></term>
663	<listitem>
664	<para>
665	is the super user program using Kerberos protocol.
666	Requires a properly configured
667	<filename>/etc/shells</filename> and
668	<filename>~/.k5login</filename> containing principals
669	authorized to become super users.
670	</para>
671	<indexterm zone="mitkrb ksu">
672	<primary sortas="b-ksu">ksu</primary>
673	</indexterm>
674	</listitem>
675	</varlistentry>
676
677	<varlistentry id="kswitch">
678	<term><command>kswitch</command></term>
679	<listitem>
680	<para>
681	makes the specified credential cache the
682	primary cache for the collection, if a cache
683	collection is available.
684	</para>
685	<indexterm zone="mitkrb kswitch">
686	<primary sortas="b-kswitch">kswitch</primary>
687	</indexterm>
688	</listitem>
689	</varlistentry>
690
691	<varlistentry id="ktutil">
692	<term><command>ktutil</command></term>
693	<listitem>
694	<para>
695	is a program for managing Kerberos keytabs.
696	</para>
697	<indexterm zone="mitkrb ktutil">
698	<primary sortas="b-ktutil">ktutil</primary>
699	</indexterm>
700	</listitem>
701	</varlistentry>
702
703	<varlistentry id="kvno">
704	<term><command>kvno</command></term>
705	<listitem>
706	<para>
707	prints keyversion numbers of Kerberos principals.
708	</para>
709	<indexterm zone="mitkrb kvno">
710	<primary sortas="b-kvno">kvno</primary>
711	</indexterm>
712	</listitem>
713	</varlistentry>
714
715	<varlistentry id="sclient">
716	<term><command>sclient</command></term>
717	<listitem>
718	<para>
719	used to contact a sample server and authenticate to it
720	using Kerberos 5 tickets, then display the server's
721	response.
722	</para>
723	<indexterm zone="mitkrb sclient">
724	<primary sortas="b-sclient">sclient</primary>
725	</indexterm>
726	</listitem>
727	</varlistentry>
728
729	<varlistentry id="sserver">
730	<term><command>sserver</command></term>
731	<listitem>
732	<para>
733	is the sample Kerberos 5 server.
734	</para>
735	<indexterm zone="mitkrb sserver">
736	<primary sortas="b-sserver">sserver</primary>
737	</indexterm>
738	</listitem>
739	</varlistentry>
740
741	<varlistentry id="libgssapi_krb5">
742	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
743	<listitem>
744	<para>
745	contain the Generic Security Service Application Programming
746	Interface (GSSAPI) functions which provides security services
747	to callers in a generic fashion, supportable with a range of
748	underlying mechanisms and technologies and hence allowing
749	source-level portability of applications to different
750	environments.
751	</para>
752	<indexterm zone="mitkrb libgssapi_krb5">
753	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
754	</indexterm>
755	</listitem>
756	</varlistentry>
757
758	<varlistentry id="libkadm5clnt">
759	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
760	<listitem>
761	<para>
762	contains the administrative authentication and password checking
763	functions required by Kerberos 5 client-side programs.
764	</para>
765	<indexterm zone="mitkrb libkadm5clnt">
766	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
767	</indexterm>
768	</listitem>
769	</varlistentry>
770
771	<varlistentry id="libkadm5srv">
772	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
773	<listitem>
774	<para>
775	contain the administrative authentication and password
776	checking functions required by Kerberos 5 servers.
777	</para>
778	<indexterm zone="mitkrb libkadm5srv">
779	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
780	</indexterm>
781	</listitem>
782	</varlistentry>
783
784	<varlistentry id="libkdb5">
785	<term><filename class="libraryfile">libkdb5.so</filename></term>
786	<listitem>
787	<para>
788	is a Kerberos 5 authentication/authorization database
789	access library.
790	</para>
791	<indexterm zone="mitkrb libkdb5">
792	<primary sortas="c-libkdb5">libkdb5.so</primary>
793	</indexterm>
794	</listitem>
795	</varlistentry>
796
797	<varlistentry id="libkrb5">
798	<term><filename class="libraryfile">libkrb5.so</filename></term>
799	<listitem>
800	<para>
801	is an all-purpose <application>Kerberos 5</application> library.
802	</para>
803	<indexterm zone="mitkrb libkrb5">
804	<primary sortas="c-libkrb5">libkrb5.so</primary>
805	</indexterm>
806	</listitem>
807	</varlistentry>
808
809	</variablelist>
810
811	</sect2>
812
813	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ debb0893

Download in other formats: