source: postlfs/security/mitkrb.xml@ e8eb87c

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gimp3 gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since e8eb87c was e8eb87c, checked in by Larry Lawrence <larry@…>, 20 years ago

expanded MIT krb5 descriptions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3428 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 23.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "2fa56607677544e3a27b42f7cfa1155b">
10 <!ENTITY mitkrb-size "6.6 MB">
11 <!ENTITY mitkrb-buildsize "55 MB">
12 <!ENTITY mitkrb-time "2.55 SBU">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="mitkrb.html"?>
21<title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
22<indexterm zone="mitkrb">
23<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm>
24
25<sect2>
26<title>Introduction to <application><acronym>MIT</acronym>
27krb5</application></title>
28
29<para>
30<application><acronym>MIT</acronym> krb5</application> is a free
31implementation of Kerberos 5. Kerberos is a network authentication
32protocol. It centralizes the authentication database and uses kerberized
33applications to work with servers or services that support Kerberos
34allowing single logins and encrypted communication over internal
35networks or the Internet.
36</para>
37
38<sect3><title>Package information</title>
39<itemizedlist spacing='compact'>
40<listitem><para>Download (HTTP):
41<ulink url="&mitkrb-download-http;"/></para></listitem>
42<listitem><para>Download (FTP):
43<ulink url="&mitkrb-download-ftp;"/></para></listitem>
44<listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem>
45<listitem><para>Download size: &mitkrb-size;</para></listitem>
46<listitem><para>Estimated disk space required:
47&mitkrb-buildsize;</para></listitem>
48<listitem><para>Estimated build time:
49&mitkrb-time;</para></listitem></itemizedlist>
50</sect3>
51
52<sect3><title><application><acronym>MIT</acronym> krb5</application>
53dependencies</title>
54<sect4><title>Optional</title>
55<para>
56<xref linkend="xinetd"/> (services servers only),
57<xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
58<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
59password database)
60</para>
61
62<note><para>
63Some sort of time synchronization facility on your system (like
64<xref linkend="ntp"/>) is required since Kerberos won't authenticate if there
65is a time difference between a kerberized client and the
66<acronym>KDC</acronym> server.</para></note>
67</sect4>
68
69</sect3>
70
71</sect2>
72
73<sect2>
74<title>Installation of <application><acronym>MIT</acronym>
75krb5</application></title>
76
77<para>
78<application><acronym>MIT</acronym> krb5</application> is distributed in a
79<acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym>
80package and a detached <acronym>PGP</acronym>
81<filename class="extension">ASC</filename> file.
82</para>
83
84<para>
85If you have installed <xref linkend="gnupg"/>, you can
86authenticate the package with the following command:
87</para>
88
89<screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen>
90
91<para>
92Build <application><acronym>MIT</acronym> krb5</application> by running the
93following commands:
94</para>
95
96<screen><userinput><command>cd src &amp;&amp;
97./configure --prefix=/usr --sysconfdir=/etc \
98 --localstatedir=/var/lib --enable-dns \
99 --enable-static --mandir=/usr/share/man &amp;&amp;
100make</command></userinput></screen>
101
102<para>
103Install <application><acronym>MIT</acronym> krb5</application> by
104running the following commands as root:
105</para>
106
107<screen><userinput role='root'><command>make install &amp;&amp;
108mv /bin/login /bin/login.shadow &amp;&amp;
109cp /usr/sbin/login.krb5 /bin/login &amp;&amp;
110mv /usr/bin/ksu /bin &amp;&amp;
111mv /usr/lib/libkrb5.so.3* /lib &amp;&amp;
112mv /usr/lib/libkrb4.so.2* /lib &amp;&amp;
113mv /usr/lib/libdes425.so.3* /lib &amp;&amp;
114mv /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
115mv /usr/lib/libcom_err.so.3* /lib &amp;&amp;
116ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &amp;&amp;
117ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &amp;&amp;
118ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &amp;&amp;
119ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &amp;&amp;
120ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &amp;&amp;
121ldconfig</command></userinput></screen>
122
123</sect2>
124
125<sect2>
126<title>Command explanations</title>
127
128<para>
129<parameter>--enable-dns</parameter>: This switch allows realms to
130be resolved using the <acronym>DNS</acronym> server.
131</para>
132
133<para>
134<parameter>--enable-static</parameter>: This switch builds static
135libraries in addition to the shared libraries.
136</para>
137
138<para>
139<screen><command>mv /bin/login /bin/login.shadow
140cp /usr/sbin/login.krb5 /bin/login
141mv /usr/bin/ksu /bin</command></screen>
142Preserves <application>Shadow</application>'s <command>login</command>
143command, moves <command>ksu</command> and <command>login</command> to
144the <filename class="directory">/bin</filename> directory.
145</para>
146
147<para>
148<screen><command>mv /usr/lib/libkrb5.so.3* /lib
149mv /usr/lib/libkrb4.so.2* /lib
150mv /usr/lib/libdes425.so.3* /lib
151mv /usr/lib/libk5crypto.so.3* /lib
152mv /usr/lib/libcom_err.so.3* /lib
153ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so
154ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so
155ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so
156ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so
157ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen>
158The <command>login</command> and <command>ksu</command> programs
159are linked against these libraries, therefore we move these libraries to
160<filename class="directory">/lib</filename> to allow logins without mounting
161<filename class="directory">/usr</filename>.
162</para>
163
164</sect2>
165
166<sect2>
167<title>Configuring <application><acronym>MIT</acronym> krb5</application></title>
168
169<sect3 id="krb5-config"><title>Config files</title>
170<para>
171<filename>/etc/krb5.conf</filename> and
172<filename>/var/lib/krb5kdc/kdc.conf</filename>
173</para>
174<indexterm zone="mitkrb krb5-config">
175<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm>
176<indexterm zone="mitkrb krb5-config">
177<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
178</indexterm>
179</sect3>
180
181<sect3><title>Configuration Information</title>
182
183<sect4><title>Kerberos Configuration</title>
184<para>
185Create the Kerberos configuration file with the following command:
186</para>
187
188<screen><userinput role='root'><command>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"</command>
189# Begin /etc/krb5.conf
190
191[libdefaults]
192 default_realm = <replaceable>[LFS.ORG]</replaceable>
193 encrypt = true
194
195[realms]
196 <replaceable>[LFS.ORG]</replaceable> = {
197 kdc = <replaceable>[belgarath.lfs.org]</replaceable>
198 admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
199 }
200
201[domain_realm]
202 .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
203
204[logging]
205 kdc = SYSLOG[:INFO[:AUTH]]
206 admin_server = SYSLOG[INFO[:AUTH]]
207 default = SYSLOG[[:SYS]]
208
209# End /etc/krb5.conf
210<command>EOF</command></userinput></screen>
211
212<para>
213You will need to substitute your domain and proper hostname for the
214occurances of the <replaceable>[belgarath]</replaceable> and
215<replaceable>[lfs.org]</replaceable> names.
216</para>
217
218<para>
219<userinput>default_realm</userinput> should be the name of your domain changed
220to ALL CAPS. This isn't required, but both <application>Heimdal</application>
221and <acronym>MIT</acronym> recommend it.
222</para>
223
224<para>
225<userinput>encrypt = true</userinput> provides encryption of all traffic
226between kerberized clients and servers. It's not necessary and can be left
227off. If you leave it off, you can encrypt all traffic from the client to the
228server using a switch on the client program instead.
229</para>
230
231<para>
232The <userinput>[realms]</userinput> parameters tell the client programs where
233to look for the <acronym>KDC</acronym> authentication services.
234</para>
235
236<para>
237The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
238</para>
239
240<para>
241Create the <acronym>KDC</acronym> database:
242</para>
243
244<screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
245
246<para>
247Now you should populate the database with principles (users). For now,
248just use your regular login name or root.
249</para>
250
251<screen><userinput role='root'><command>kadmin.local</command></userinput>
252<prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen>
253
254<para>
255The <acronym>KDC</acronym> server and any machine running kerberized
256server daemons must have a host key installed:
257</para>
258
259<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
260
261<para>
262After choosing the defaults when prompted, you will have to export the
263data to a keytab file:
264</para>
265
266<screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
267
268<para>
269This should have created a file in <filename class="directory">/etc</filename>
270named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600
271(root rw only) permissions. Keeping the keytab files from public access
272is crucial to the overall security of the Kerberos installation.
273</para>
274
275<para>
276Eventually, you'll want to add server daemon principles to the database
277and extract them to the keytab file. You do this in the same way you
278created the host principles. Below is an example:
279</para>
280
281<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
282<prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
283
284<para>
285Exit the <command>kadmin</command> program (use <command>quit</command>
286or <command>exit</command>) and return back to the shell prompt. Start
287the <acronym>KDC</acronym> daemon manually, just to test out the
288installation:
289</para>
290
291<screen><userinput role='root'><command>/usr/sbin/krb5kdc &amp;</command></userinput></screen>
292
293<para>
294Attempt to get a ticket with the following command:
295</para>
296
297<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
298
299<para>
300You will be prompted for the password you created. After you get your
301ticket, you can list it with the following command:
302</para>
303
304<screen><userinput><command>klist</command></userinput></screen>
305
306<para>
307Information about the ticket should be displayed on the screen.
308</para>
309
310<para>
311To test the functionality of the keytab file, issue the following
312command:
313</para>
314
315<screen><userinput><command>ktutil</command></userinput>
316<prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput>
317<prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen>
318
319<para>
320This should dump a list of the host principal, along with the encryption
321methods used to access the principal.
322</para>
323
324<para>
325At this point, if everything has been successful so far, you can feel
326fairly confident in the installation and configuration of the package.
327</para>
328
329<para>
330Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
331included in the <xref linkend="intro-important-bootscripts"/> package.
332</para>
333
334<screen><userinput role='root'><command>make install-kerberos</command></userinput></screen>
335
336</sect4>
337
338<sect4><title>Using Kerberized Client Programs</title>
339
340<para>
341To use the kerberized client programs (<command>telnet</command>,
342<command>ftp</command>, <command>rsh</command>,
343<command>rcp</command>, <command>rlogin</command>), you first must get
344an authentication ticket. Use the <command>kinit</command> program to
345get the ticket. After you've acquired the ticket, you can use the
346kerberized programs to connect to any kerberized server on the network.
347You will not be prompted for authentication until your ticket expires
348(default is one day), unless you specify a different user as a command
349line argument to the program.
350</para>
351
352<para>
353The kerberized programs will connect to non kerberized daemons, warning
354you that authentication is not encrypted.
355</para>
356</sect4>
357
358<sect4><title>Using Kerberized Server Programs</title>
359<para>
360Using kerberized server programs (<command>telnetd</command>,
361<command>kpropd</command>, <command>klogind</command> and
362<command>kshd</command>) requires two additional configuration steps.
363First the <filename>/etc/services</filename> file must be updated to
364include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename>
365or <filename>xinetd.conf</filename> must be modified for each server that will
366be activated, usually replacing the server from <xref linkend="inetutils"/>.
367</para>
368</sect4>
369
370<sect4><title>Additional Information</title>
371<para>
372For additional information consult <ulink
373url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation
374for krb-&mitkrb-version;</ulink> on which the above instructions are based.
375</para>
376
377</sect4>
378
379</sect3>
380
381</sect2>
382
383<sect2>
384<title>Contents</title>
385
386<segmentedlist>
387<segtitle>Installed Programs</segtitle>
388<segtitle>Installed Libraries</segtitle>
389<segtitle>Installed Directories</segtitle>
390
391<seglistitem>
392<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
393kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
394klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
395krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
396rsh, sclient, sim_client, sim_server, sserver,
397telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg>
398<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a],
399libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a],
400libkrb4.[so,a]</seg>
401<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
402</seglistitem>
403</segmentedlist>
404
405<variablelist>
406<bridgehead renderas="sect3">Short Descriptions</bridgehead>
407<?dbfo list-presentation="list"?>
408
409<varlistentry id="compile_et">
410<term><command>compile_et</command></term>
411<listitem><para>converts the table listing
412error-code names into a <application>C</application> source file..</para>
413<indexterm zone="mitkrb compile_et">
414<primary sortas="b-compile_et">compile_et</primary>
415</indexterm></listitem>
416</varlistentry>
417
418<varlistentry id="ftp-mitkrb">
419<term><command>ftp</command></term>
420<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
421<indexterm zone="mitkrb ftp">
422<primary sortas="b-ftp">ftp</primary>
423</indexterm></listitem>
424</varlistentry>
425
426<varlistentry id="ftpd-mitkrb">
427<term><command>ftpd</command></term>
428<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
429<indexterm zone="mitkrb ftpd">
430<primary sortas="b-ftpd">ftpd</primary>
431</indexterm></listitem>
432</varlistentry>
433
434<varlistentry id="k5srvutil">
435<term><command>k5srvutil</command></term>
436<listitem><para>is a host keytable manipulation utility.</para>
437<indexterm zone="mitkrb k5srvutil">
438<primary sortas="b-k5srvutil">k5srvutil</primary>
439</indexterm></listitem>
440</varlistentry>
441
442<varlistentry id="kadmin-mitkrb">
443<term><command>kadmin</command></term>
444<listitem><para>is an utility used to make modifications
445to the Kerberos database.</para>
446<indexterm zone="mitkrb kadmin-mitkrb">
447<primary sortas="b-kadmin">kadmin</primary>
448</indexterm></listitem>
449</varlistentry>
450
451<varlistentry id="kadmind-mitkrb">
452<term><command>kadmind</command></term>
453<listitem><para>is a server for administrative access
454to a Kerberos database.</para>
455<indexterm zone="mitkrb kadmind-mitkrb">
456<primary sortas="b-kadmind">kadmind</primary>
457</indexterm></listitem>
458</varlistentry>
459
460<varlistentry id="kdb5_util">
461<term><command>kdb5_util</command></term>
462<listitem><para>is the <acronym>KDC</acronym> database utility.</para>
463<indexterm zone="mitkrb kdb5_util">
464<primary sortas="b-kdb5_util">kdb5_util</primary>
465</indexterm></listitem>
466</varlistentry>
467
468<varlistentry id="kdestroy-mitkrb">
469<term><command>kdestroy</command></term>
470<listitem><para>removes the current set of tickets.</para>
471<indexterm zone="mitkrb kdestroy-mitkrb">
472<primary sortas="b-kdestroy">kdestroy</primary>
473</indexterm></listitem>
474</varlistentry>
475
476<varlistentry id="kinit-mitkrb">
477<term><command>kinit</command></term>
478<listitem><para>is used to authenticate to the Kerberos server as
479a principal and acquire a ticket granting ticket that can later be used
480to obtain tickets for other services.</para>
481<indexterm zone="mitkrb kinit-mitkrb">
482<primary sortas="b-kinit">kinit</primary>
483</indexterm></listitem>
484</varlistentry>
485
486<varlistentry id="klist-mitkrb">
487<term><command>klist</command></term>
488<listitem><para>reads and displays the current tickets in
489the credential cache.</para>
490<indexterm zone="mitkrb klist-mitkrb">
491<primary sortas="b-klist">klist</primary>
492</indexterm></listitem>
493</varlistentry>
494
495<varlistentry id="klogind">
496<term><command>klogind</command></term>
497<listitem><para>is the server that responds to
498<command>rlogin</command> requests.</para>
499<indexterm zone="mitkrb klogind">
500<primary sortas="b-klogind">klogind</primary>
501</indexterm></listitem>
502</varlistentry>
503
504<varlistentry id="kpasswd-mitkrb">
505<term><command>kpasswd</command></term>
506<listitem><para>is a program for changing Kerberos 5 passwords.</para>
507<indexterm zone="mitkrb kpasswd-mitkrb">
508<primary sortas="b-kpasswd">kpasswd</primary>
509</indexterm></listitem>
510</varlistentry>
511
512<varlistentry id="kprop">
513<term><command>kprop</command></term>
514<listitem><para>takes a principal database in a specified
515format and converts it into a stream of database
516records.</para>
517<indexterm zone="mitkrb kprop">
518<primary sortas="b-kprop">kprop</primary>
519</indexterm></listitem>
520</varlistentry>
521
522<varlistentry id="kpropd">
523<term><command>kpropd</command></term>
524<listitem><para>receives a database sent by
525<command>kprop</command> and writes it as a local database.</para>
526<indexterm zone="mitkrb kpropd">
527<primary sortas="b-kpropd">kpropd</primary>
528</indexterm></listitem>
529</varlistentry>
530
531<varlistentry id="krb5-config-1">
532<term><command>krb5-config</command></term>
533<listitem><para>gives information on how to link
534programs against libraries.</para>
535<indexterm zone="mitkrb krb5-config-prog">
536<primary sortas="b-krb5-config-1">krb5-config</primary>
537</indexterm></listitem>
538</varlistentry>
539
540<varlistentry id="krb5kdc">
541<term><command>krb5kdc</command></term>
542<listitem><para>is a Kerberos 5 server.</para>
543<indexterm zone="mitkrb krb5kdc">
544<primary sortas="b-krb5kdc">krb5kdc</primary>
545</indexterm></listitem>
546</varlistentry>
547
548<varlistentry id="kshd">
549<term><command>kshd</command></term>
550<listitem><para>is the server that responds to
551<command>rsh</command> requests.</para>
552<indexterm zone="mitkrb kshd">
553<primary sortas="b-kshd">kshd</primary>
554</indexterm></listitem>
555</varlistentry>
556
557<varlistentry id="ksu">
558<term><command>ksu</command></term>
559<listitem><para>is the super user program using Kerberos protocol.
560Requires a properly configured
561<filename class="directory">/etc/shells</filename> and
562<filename>~/.k5login</filename> containing principals authorized to
563become super users.</para>
564<indexterm zone="mitkrb ksu">
565<primary sortas="b-ksu">ksu</primary>
566</indexterm></listitem>
567</varlistentry>
568
569<varlistentry id="ktutil-mitkrb">
570<term><command>ktutil</command></term>
571<listitem><para>is a program for managing Kerberos keytabs.</para>
572<indexterm zone="mitkrb ktutil-mitkrb">
573<primary sortas="b-ktutil">ktutil</primary>
574</indexterm></listitem>
575</varlistentry>
576
577<varlistentry id="kvno">
578<term><command>kvno</command></term>
579<listitem><para>prints keyversion numbers of Kerberos principals.</para>
580<indexterm zone="mitkrb kvno">
581<primary sortas="b-kvno">kvno</primary>
582</indexterm></listitem>
583</varlistentry>
584
585<varlistentry id="login.krb5">
586<term><command>login.krb5</command></term>
587<listitem><para>is a kerberized login program.</para>
588<indexterm zone="mitkrb login">
589<primary sortas="b-login.krb5">login.krb5</primary>
590</indexterm></listitem>
591</varlistentry>
592
593<varlistentry id="rcp-mitkrb">
594<term><command>rcp</command></term>
595<listitem><para>is a kerberized rcp client program.</para>
596<indexterm zone="mitkrb rcp">
597<primary sortas="b-rcp">rcp</primary>
598</indexterm></listitem>
599</varlistentry>
600
601<varlistentry id="rlogin">
602<term><command>rlogin</command></term>
603<listitem><para>is a kerberized rlogin client program.</para>
604<indexterm zone="mitkrb rlogin">
605<primary sortas="b-rlogin">rlogin</primary>
606</indexterm></listitem>
607</varlistentry>
608
609<varlistentry id="rsh-mitkrb">
610<term><command>rsh</command></term>
611<listitem><para>is a kerberized rsh client program.</para>
612<indexterm zone="mitkrb rsh">
613<primary sortas="b-rsh">rsh</primary>
614</indexterm></listitem>
615</varlistentry>
616
617<varlistentry id="telnet-mitkrb">
618<term><command>telnet</command></term>
619<listitem><para>is a kerberized telnet client program.</para>
620<indexterm zone="mitkrb telnet">
621<primary sortas="b-telnet">telnet</primary>
622</indexterm></listitem>
623</varlistentry>
624
625<varlistentry id="telnetd-mitkrb">
626<term><command>telnetd</command></term>
627<listitem><para>is a kerberized telnet server.</para>
628<indexterm zone="mitkrb telnetd">
629<primary sortas="b-telnetd">telnetd</primary>
630</indexterm></listitem>
631</varlistentry>
632
633<varlistentry id="libcom_err">
634<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
635<listitem><para>implements the Kerberos library error code.</para>
636<indexterm zone="mitkrb libcom_err">
637<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
638</indexterm></listitem>
639</varlistentry>
640
641<varlistentry id="libgssapi-mitkrb">
642<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
643<listitem><para>contain the Generic Security Service Application
644Programming
645Interface (<acronym>GSSAPI</acronym>) functions which provides security
646services to callers in a generic fashion, supportable with a range of
647underlying mechanisms and technologies and hence allowing source-level
648portability of applications to different environments.</para>
649<indexterm zone="mitkrb libgssapi">
650<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
651</indexterm></listitem>
652</varlistentry>
653
654<varlistentry id="libkadm5clnt-mitkrb">
655<term><filename
656class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
657<listitem><para>contains the administrative authentication and password
658checking functions required by Kerberos 5 client-side programs.</para>
659<indexterm zone="mitkrb libkadm5clnt">
660<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
661</indexterm></listitem>
662</varlistentry>
663
664<varlistentry id="libkadm5srv-mitkrb">
665<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
666<listitem><para>contain the administrative authentication and password
667checking functions required by Kerberos 5 servers.</para>
668<indexterm zone="mitkrb libkadm5srv">
669<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
670</indexterm></listitem>
671</varlistentry>
672
673<varlistentry id="libkdb5">
674<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
675<listitem><para>is a Kerberos 5
676authentication/authorization database access library.</para>
677<indexterm zone="mitkrb libkdb5">
678<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
679</indexterm></listitem>
680</varlistentry>
681
682<varlistentry id="libkrb5-mitkrb">
683<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
684<listitem><para>is an all-purpose Kerberos 5 library.</para>
685<indexterm zone="mitkrb libkrb5">
686<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
687</indexterm></listitem>
688</varlistentry>
689
690</variablelist>
691
692</sect2>
693
694</sect1>
Note: See TracBrowser for help on using the repository browser.