1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
---|
3 | "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
---|
4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
5 | %general-entities;
|
---|
6 |
|
---|
7 | <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
|
---|
8 | <!ENTITY mitkrb-download-ftp " ">
|
---|
9 | <!ENTITY mitkrb-md5sum "2fa56607677544e3a27b42f7cfa1155b">
|
---|
10 | <!ENTITY mitkrb-size "6.6 MB">
|
---|
11 | <!ENTITY mitkrb-buildsize "55 MB">
|
---|
12 | <!ENTITY mitkrb-time "2.55 SBU">
|
---|
13 | ]>
|
---|
14 |
|
---|
15 | <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
|
---|
16 | <sect1info>
|
---|
17 | <othername>$LastChangedBy$</othername>
|
---|
18 | <date>$Date$</date>
|
---|
19 | </sect1info>
|
---|
20 | <?dbhtml filename="mitkrb.html"?>
|
---|
21 | <title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
|
---|
22 | <indexterm zone="mitkrb">
|
---|
23 | <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm>
|
---|
24 |
|
---|
25 | <sect2>
|
---|
26 | <title>Introduction to <application><acronym>MIT</acronym>
|
---|
27 | krb5</application></title>
|
---|
28 |
|
---|
29 | <para>
|
---|
30 | <application><acronym>MIT</acronym> krb5</application> is a free
|
---|
31 | implementation of Kerberos 5. Kerberos is a network authentication
|
---|
32 | protocol. It centralizes the authentication database and uses kerberized
|
---|
33 | applications to work with servers or services that support Kerberos
|
---|
34 | allowing single logins and encrypted communication over internal
|
---|
35 | networks or the Internet.
|
---|
36 | </para>
|
---|
37 |
|
---|
38 | <sect3><title>Package information</title>
|
---|
39 | <itemizedlist spacing='compact'>
|
---|
40 | <listitem><para>Download (HTTP):
|
---|
41 | <ulink url="&mitkrb-download-http;"/></para></listitem>
|
---|
42 | <listitem><para>Download (FTP):
|
---|
43 | <ulink url="&mitkrb-download-ftp;"/></para></listitem>
|
---|
44 | <listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem>
|
---|
45 | <listitem><para>Download size: &mitkrb-size;</para></listitem>
|
---|
46 | <listitem><para>Estimated disk space required:
|
---|
47 | &mitkrb-buildsize;</para></listitem>
|
---|
48 | <listitem><para>Estimated build time:
|
---|
49 | &mitkrb-time;</para></listitem></itemizedlist>
|
---|
50 | </sect3>
|
---|
51 |
|
---|
52 | <sect3><title><application><acronym>MIT</acronym> krb5</application>
|
---|
53 | dependencies</title>
|
---|
54 | <sect4><title>Optional</title>
|
---|
55 | <para>
|
---|
56 | <xref linkend="xinetd"/> (services servers only),
|
---|
57 | <xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
|
---|
58 | <xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
|
---|
59 | password database)
|
---|
60 | </para>
|
---|
61 |
|
---|
62 | <note><para>
|
---|
63 | Some sort of time synchronization facility on your system (like
|
---|
64 | <xref linkend="ntp"/>) is required since Kerberos won't authenticate if there
|
---|
65 | is a time difference between a kerberized client and the
|
---|
66 | <acronym>KDC</acronym> server.</para></note>
|
---|
67 | </sect4>
|
---|
68 |
|
---|
69 | </sect3>
|
---|
70 |
|
---|
71 | </sect2>
|
---|
72 |
|
---|
73 | <sect2>
|
---|
74 | <title>Installation of <application><acronym>MIT</acronym>
|
---|
75 | krb5</application></title>
|
---|
76 |
|
---|
77 | <para>
|
---|
78 | <application><acronym>MIT</acronym> krb5</application> is distributed in a
|
---|
79 | <acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym>
|
---|
80 | package and a detached <acronym>PGP</acronym>
|
---|
81 | <filename class="extension">ASC</filename> file.
|
---|
82 | </para>
|
---|
83 |
|
---|
84 | <para>
|
---|
85 | If you have installed <xref linkend="gnupg"/>, you can
|
---|
86 | authenticate the package with the following command:
|
---|
87 | </para>
|
---|
88 |
|
---|
89 | <screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen>
|
---|
90 |
|
---|
91 | <para>
|
---|
92 | Build <application><acronym>MIT</acronym> krb5</application> by running the
|
---|
93 | following commands:
|
---|
94 | </para>
|
---|
95 |
|
---|
96 | <screen><userinput><command>cd src &&
|
---|
97 | ./configure --prefix=/usr --sysconfdir=/etc \
|
---|
98 | --localstatedir=/var/lib --enable-dns \
|
---|
99 | --enable-static --mandir=/usr/share/man &&
|
---|
100 | make</command></userinput></screen>
|
---|
101 |
|
---|
102 | <para>
|
---|
103 | Install <application><acronym>MIT</acronym> krb5</application> by
|
---|
104 | running the following commands as root:
|
---|
105 | </para>
|
---|
106 |
|
---|
107 | <screen><userinput role='root'><command>make install &&
|
---|
108 | mv /bin/login /bin/login.shadow &&
|
---|
109 | cp /usr/sbin/login.krb5 /bin/login &&
|
---|
110 | mv /usr/bin/ksu /bin &&
|
---|
111 | mv /usr/lib/libkrb5.so.3* /lib &&
|
---|
112 | mv /usr/lib/libkrb4.so.2* /lib &&
|
---|
113 | mv /usr/lib/libdes425.so.3* /lib &&
|
---|
114 | mv /usr/lib/libk5crypto.so.3* /lib &&
|
---|
115 | mv /usr/lib/libcom_err.so.3* /lib &&
|
---|
116 | ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
|
---|
117 | ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
|
---|
118 | ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
|
---|
119 | ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
|
---|
120 | ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
|
---|
121 | ldconfig</command></userinput></screen>
|
---|
122 |
|
---|
123 | </sect2>
|
---|
124 |
|
---|
125 | <sect2>
|
---|
126 | <title>Command explanations</title>
|
---|
127 |
|
---|
128 | <para>
|
---|
129 | <parameter>--enable-dns</parameter>: This switch allows realms to
|
---|
130 | be resolved using the <acronym>DNS</acronym> server.
|
---|
131 | </para>
|
---|
132 |
|
---|
133 | <para>
|
---|
134 | <parameter>--enable-static</parameter>: This switch builds static
|
---|
135 | libraries in addition to the shared libraries.
|
---|
136 | </para>
|
---|
137 |
|
---|
138 | <para>
|
---|
139 | <screen><command>mv /bin/login /bin/login.shadow
|
---|
140 | cp /usr/sbin/login.krb5 /bin/login
|
---|
141 | mv /usr/bin/ksu /bin</command></screen>
|
---|
142 | Preserves <application>Shadow</application>'s <command>login</command>
|
---|
143 | command, moves <command>ksu</command> and <command>login</command> to
|
---|
144 | the <filename class="directory">/bin</filename> directory.
|
---|
145 | </para>
|
---|
146 |
|
---|
147 | <para>
|
---|
148 | <screen><command>mv /usr/lib/libkrb5.so.3* /lib
|
---|
149 | mv /usr/lib/libkrb4.so.2* /lib
|
---|
150 | mv /usr/lib/libdes425.so.3* /lib
|
---|
151 | mv /usr/lib/libk5crypto.so.3* /lib
|
---|
152 | mv /usr/lib/libcom_err.so.3* /lib
|
---|
153 | ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so
|
---|
154 | ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so
|
---|
155 | ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so
|
---|
156 | ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so
|
---|
157 | ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen>
|
---|
158 | The <command>login</command> and <command>ksu</command> programs
|
---|
159 | are linked against these libraries, therefore we move these libraries to
|
---|
160 | <filename class="directory">/lib</filename> to allow logins without mounting
|
---|
161 | <filename class="directory">/usr</filename>.
|
---|
162 | </para>
|
---|
163 |
|
---|
164 | </sect2>
|
---|
165 |
|
---|
166 | <sect2>
|
---|
167 | <title>Configuring <application><acronym>MIT</acronym> krb5</application></title>
|
---|
168 |
|
---|
169 | <sect3 id="krb5-config"><title>Config files</title>
|
---|
170 | <para>
|
---|
171 | <filename>/etc/krb5.conf</filename> and
|
---|
172 | <filename>/var/lib/krb5kdc/kdc.conf</filename>
|
---|
173 | </para>
|
---|
174 | <indexterm zone="mitkrb krb5-config">
|
---|
175 | <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm>
|
---|
176 | <indexterm zone="mitkrb krb5-config">
|
---|
177 | <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
|
---|
178 | </indexterm>
|
---|
179 | </sect3>
|
---|
180 |
|
---|
181 | <sect3><title>Configuration Information</title>
|
---|
182 |
|
---|
183 | <sect4><title>Kerberos Configuration</title>
|
---|
184 | <para>
|
---|
185 | Create the Kerberos configuration file with the following command:
|
---|
186 | </para>
|
---|
187 |
|
---|
188 | <screen><userinput role='root'><command>cat > /etc/krb5.conf << "EOF"</command>
|
---|
189 | # Begin /etc/krb5.conf
|
---|
190 |
|
---|
191 | [libdefaults]
|
---|
192 | default_realm = <replaceable>[LFS.ORG]</replaceable>
|
---|
193 | encrypt = true
|
---|
194 |
|
---|
195 | [realms]
|
---|
196 | <replaceable>[LFS.ORG]</replaceable> = {
|
---|
197 | kdc = <replaceable>[belgarath.lfs.org]</replaceable>
|
---|
198 | admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
|
---|
199 | }
|
---|
200 |
|
---|
201 | [domain_realm]
|
---|
202 | .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
|
---|
203 |
|
---|
204 | [logging]
|
---|
205 | kdc = SYSLOG[:INFO[:AUTH]]
|
---|
206 | admin_server = SYSLOG[INFO[:AUTH]]
|
---|
207 | default = SYSLOG[[:SYS]]
|
---|
208 |
|
---|
209 | # End /etc/krb5.conf
|
---|
210 | <command>EOF</command></userinput></screen>
|
---|
211 |
|
---|
212 | <para>
|
---|
213 | You will need to substitute your domain and proper hostname for the
|
---|
214 | occurances of the <replaceable>[belgarath]</replaceable> and
|
---|
215 | <replaceable>[lfs.org]</replaceable> names.
|
---|
216 | </para>
|
---|
217 |
|
---|
218 | <para>
|
---|
219 | <userinput>default_realm</userinput> should be the name of your domain changed
|
---|
220 | to ALL CAPS. This isn't required, but both <application>Heimdal</application>
|
---|
221 | and <acronym>MIT</acronym> recommend it.
|
---|
222 | </para>
|
---|
223 |
|
---|
224 | <para>
|
---|
225 | <userinput>encrypt = true</userinput> provides encryption of all traffic
|
---|
226 | between kerberized clients and servers. It's not necessary and can be left
|
---|
227 | off. If you leave it off, you can encrypt all traffic from the client to the
|
---|
228 | server using a switch on the client program instead.
|
---|
229 | </para>
|
---|
230 |
|
---|
231 | <para>
|
---|
232 | The <userinput>[realms]</userinput> parameters tell the client programs where
|
---|
233 | to look for the <acronym>KDC</acronym> authentication services.
|
---|
234 | </para>
|
---|
235 |
|
---|
236 | <para>
|
---|
237 | The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
|
---|
238 | </para>
|
---|
239 |
|
---|
240 | <para>
|
---|
241 | Create the <acronym>KDC</acronym> database:
|
---|
242 | </para>
|
---|
243 |
|
---|
244 | <screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
|
---|
245 |
|
---|
246 | <para>
|
---|
247 | Now you should populate the database with principles (users). For now,
|
---|
248 | just use your regular login name or root.
|
---|
249 | </para>
|
---|
250 |
|
---|
251 | <screen><userinput role='root'><command>kadmin.local</command></userinput>
|
---|
252 | <prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
253 |
|
---|
254 | <para>
|
---|
255 | The <acronym>KDC</acronym> server and any machine running kerberized
|
---|
256 | server daemons must have a host key installed:
|
---|
257 | </para>
|
---|
258 |
|
---|
259 | <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
260 |
|
---|
261 | <para>
|
---|
262 | After choosing the defaults when prompted, you will have to export the
|
---|
263 | data to a keytab file:
|
---|
264 | </para>
|
---|
265 |
|
---|
266 | <screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
267 |
|
---|
268 | <para>
|
---|
269 | This should have created a file in <filename class="directory">/etc</filename>
|
---|
270 | named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600
|
---|
271 | (root rw only) permissions. Keeping the keytab files from public access
|
---|
272 | is crucial to the overall security of the Kerberos installation.
|
---|
273 | </para>
|
---|
274 |
|
---|
275 | <para>
|
---|
276 | Eventually, you'll want to add server daemon principles to the database
|
---|
277 | and extract them to the keytab file. You do this in the same way you
|
---|
278 | created the host principles. Below is an example:
|
---|
279 | </para>
|
---|
280 |
|
---|
281 | <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
|
---|
282 | <prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
---|
283 |
|
---|
284 | <para>
|
---|
285 | Exit the <command>kadmin</command> program (use <command>quit</command>
|
---|
286 | or <command>exit</command>) and return back to the shell prompt. Start
|
---|
287 | the <acronym>KDC</acronym> daemon manually, just to test out the
|
---|
288 | installation:
|
---|
289 | </para>
|
---|
290 |
|
---|
291 | <screen><userinput role='root'><command>/usr/sbin/krb5kdc &</command></userinput></screen>
|
---|
292 |
|
---|
293 | <para>
|
---|
294 | Attempt to get a ticket with the following command:
|
---|
295 | </para>
|
---|
296 |
|
---|
297 | <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
|
---|
298 |
|
---|
299 | <para>
|
---|
300 | You will be prompted for the password you created. After you get your
|
---|
301 | ticket, you can list it with the following command:
|
---|
302 | </para>
|
---|
303 |
|
---|
304 | <screen><userinput><command>klist</command></userinput></screen>
|
---|
305 |
|
---|
306 | <para>
|
---|
307 | Information about the ticket should be displayed on the screen.
|
---|
308 | </para>
|
---|
309 |
|
---|
310 | <para>
|
---|
311 | To test the functionality of the keytab file, issue the following
|
---|
312 | command:
|
---|
313 | </para>
|
---|
314 |
|
---|
315 | <screen><userinput><command>ktutil</command></userinput>
|
---|
316 | <prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput>
|
---|
317 | <prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen>
|
---|
318 |
|
---|
319 | <para>
|
---|
320 | This should dump a list of the host principal, along with the encryption
|
---|
321 | methods used to access the principal.
|
---|
322 | </para>
|
---|
323 |
|
---|
324 | <para>
|
---|
325 | At this point, if everything has been successful so far, you can feel
|
---|
326 | fairly confident in the installation and configuration of the package.
|
---|
327 | </para>
|
---|
328 |
|
---|
329 | <para>
|
---|
330 | Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
|
---|
331 | included in the <xref linkend="intro-important-bootscripts"/> package.
|
---|
332 | </para>
|
---|
333 |
|
---|
334 | <screen><userinput role='root'><command>make install-kerberos</command></userinput></screen>
|
---|
335 |
|
---|
336 | </sect4>
|
---|
337 |
|
---|
338 | <sect4><title>Using Kerberized Client Programs</title>
|
---|
339 |
|
---|
340 | <para>
|
---|
341 | To use the kerberized client programs (<command>telnet</command>,
|
---|
342 | <command>ftp</command>, <command>rsh</command>,
|
---|
343 | <command>rcp</command>, <command>rlogin</command>), you first must get
|
---|
344 | an authentication ticket. Use the <command>kinit</command> program to
|
---|
345 | get the ticket. After you've acquired the ticket, you can use the
|
---|
346 | kerberized programs to connect to any kerberized server on the network.
|
---|
347 | You will not be prompted for authentication until your ticket expires
|
---|
348 | (default is one day), unless you specify a different user as a command
|
---|
349 | line argument to the program.
|
---|
350 | </para>
|
---|
351 |
|
---|
352 | <para>
|
---|
353 | The kerberized programs will connect to non kerberized daemons, warning
|
---|
354 | you that authentication is not encrypted.
|
---|
355 | </para>
|
---|
356 | </sect4>
|
---|
357 |
|
---|
358 | <sect4><title>Using Kerberized Server Programs</title>
|
---|
359 | <para>
|
---|
360 | Using kerberized server programs (<command>telnetd</command>,
|
---|
361 | <command>kpropd</command>, <command>klogind</command> and
|
---|
362 | <command>kshd</command>) requires two additional configuration steps.
|
---|
363 | First the <filename>/etc/services</filename> file must be updated to
|
---|
364 | include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename>
|
---|
365 | or <filename>xinetd.conf</filename> must be modified for each server that will
|
---|
366 | be activated, usually replacing the server from <xref linkend="inetutils"/>.
|
---|
367 | </para>
|
---|
368 | </sect4>
|
---|
369 |
|
---|
370 | <sect4><title>Additional Information</title>
|
---|
371 | <para>
|
---|
372 | For additional information consult <ulink
|
---|
373 | url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation
|
---|
374 | for krb-&mitkrb-version;</ulink> on which the above instructions are based.
|
---|
375 | </para>
|
---|
376 |
|
---|
377 | </sect4>
|
---|
378 |
|
---|
379 | </sect3>
|
---|
380 |
|
---|
381 | </sect2>
|
---|
382 |
|
---|
383 | <sect2>
|
---|
384 | <title>Contents</title>
|
---|
385 |
|
---|
386 | <segmentedlist>
|
---|
387 | <segtitle>Installed Programs</segtitle>
|
---|
388 | <segtitle>Installed Libraries</segtitle>
|
---|
389 | <segtitle>Installed Directories</segtitle>
|
---|
390 |
|
---|
391 | <seglistitem>
|
---|
392 | <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
|
---|
393 | kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
|
---|
394 | klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
|
---|
395 | krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
|
---|
396 | rsh, sclient, sim_client, sim_server, sserver,
|
---|
397 | telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg>
|
---|
398 | <seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a],
|
---|
399 | libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a],
|
---|
400 | libkrb4.[so,a]</seg>
|
---|
401 | <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
|
---|
402 | </seglistitem>
|
---|
403 | </segmentedlist>
|
---|
404 |
|
---|
405 | <variablelist>
|
---|
406 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
407 | <?dbfo list-presentation="list"?>
|
---|
408 |
|
---|
409 | <varlistentry id="compile_et">
|
---|
410 | <term><command>compile_et</command></term>
|
---|
411 | <listitem><para>converts the table listing
|
---|
412 | error-code names into a <application>C</application> source file..</para>
|
---|
413 | <indexterm zone="mitkrb compile_et">
|
---|
414 | <primary sortas="b-compile_et">compile_et</primary>
|
---|
415 | </indexterm></listitem>
|
---|
416 | </varlistentry>
|
---|
417 |
|
---|
418 | <varlistentry id="ftp-mitkrb">
|
---|
419 | <term><command>ftp</command></term>
|
---|
420 | <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
|
---|
421 | <indexterm zone="mitkrb ftp">
|
---|
422 | <primary sortas="b-ftp">ftp</primary>
|
---|
423 | </indexterm></listitem>
|
---|
424 | </varlistentry>
|
---|
425 |
|
---|
426 | <varlistentry id="ftpd-mitkrb">
|
---|
427 | <term><command>ftpd</command></term>
|
---|
428 | <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
|
---|
429 | <indexterm zone="mitkrb ftpd">
|
---|
430 | <primary sortas="b-ftpd">ftpd</primary>
|
---|
431 | </indexterm></listitem>
|
---|
432 | </varlistentry>
|
---|
433 |
|
---|
434 | <varlistentry id="k5srvutil">
|
---|
435 | <term><command>k5srvutil</command></term>
|
---|
436 | <listitem><para>is a host keytable manipulation utility.</para>
|
---|
437 | <indexterm zone="mitkrb k5srvutil">
|
---|
438 | <primary sortas="b-k5srvutil">k5srvutil</primary>
|
---|
439 | </indexterm></listitem>
|
---|
440 | </varlistentry>
|
---|
441 |
|
---|
442 | <varlistentry id="kadmin-mitkrb">
|
---|
443 | <term><command>kadmin</command></term>
|
---|
444 | <listitem><para>is an utility used to make modifications
|
---|
445 | to the Kerberos database.</para>
|
---|
446 | <indexterm zone="mitkrb kadmin-mitkrb">
|
---|
447 | <primary sortas="b-kadmin">kadmin</primary>
|
---|
448 | </indexterm></listitem>
|
---|
449 | </varlistentry>
|
---|
450 |
|
---|
451 | <varlistentry id="kadmind-mitkrb">
|
---|
452 | <term><command>kadmind</command></term>
|
---|
453 | <listitem><para>is a server for administrative access
|
---|
454 | to a Kerberos database.</para>
|
---|
455 | <indexterm zone="mitkrb kadmind-mitkrb">
|
---|
456 | <primary sortas="b-kadmind">kadmind</primary>
|
---|
457 | </indexterm></listitem>
|
---|
458 | </varlistentry>
|
---|
459 |
|
---|
460 | <varlistentry id="kdb5_util">
|
---|
461 | <term><command>kdb5_util</command></term>
|
---|
462 | <listitem><para>is the <acronym>KDC</acronym> database utility.</para>
|
---|
463 | <indexterm zone="mitkrb kdb5_util">
|
---|
464 | <primary sortas="b-kdb5_util">kdb5_util</primary>
|
---|
465 | </indexterm></listitem>
|
---|
466 | </varlistentry>
|
---|
467 |
|
---|
468 | <varlistentry id="kdestroy-mitkrb">
|
---|
469 | <term><command>kdestroy</command></term>
|
---|
470 | <listitem><para>removes the current set of tickets.</para>
|
---|
471 | <indexterm zone="mitkrb kdestroy-mitkrb">
|
---|
472 | <primary sortas="b-kdestroy">kdestroy</primary>
|
---|
473 | </indexterm></listitem>
|
---|
474 | </varlistentry>
|
---|
475 |
|
---|
476 | <varlistentry id="kinit-mitkrb">
|
---|
477 | <term><command>kinit</command></term>
|
---|
478 | <listitem><para>is used to authenticate to the Kerberos server as
|
---|
479 | a principal and acquire a ticket granting ticket that can later be used
|
---|
480 | to obtain tickets for other services.</para>
|
---|
481 | <indexterm zone="mitkrb kinit-mitkrb">
|
---|
482 | <primary sortas="b-kinit">kinit</primary>
|
---|
483 | </indexterm></listitem>
|
---|
484 | </varlistentry>
|
---|
485 |
|
---|
486 | <varlistentry id="klist-mitkrb">
|
---|
487 | <term><command>klist</command></term>
|
---|
488 | <listitem><para>reads and displays the current tickets in
|
---|
489 | the credential cache.</para>
|
---|
490 | <indexterm zone="mitkrb klist-mitkrb">
|
---|
491 | <primary sortas="b-klist">klist</primary>
|
---|
492 | </indexterm></listitem>
|
---|
493 | </varlistentry>
|
---|
494 |
|
---|
495 | <varlistentry id="klogind">
|
---|
496 | <term><command>klogind</command></term>
|
---|
497 | <listitem><para>is the server that responds to
|
---|
498 | <command>rlogin</command> requests.</para>
|
---|
499 | <indexterm zone="mitkrb klogind">
|
---|
500 | <primary sortas="b-klogind">klogind</primary>
|
---|
501 | </indexterm></listitem>
|
---|
502 | </varlistentry>
|
---|
503 |
|
---|
504 | <varlistentry id="kpasswd-mitkrb">
|
---|
505 | <term><command>kpasswd</command></term>
|
---|
506 | <listitem><para>is a program for changing Kerberos 5 passwords.</para>
|
---|
507 | <indexterm zone="mitkrb kpasswd-mitkrb">
|
---|
508 | <primary sortas="b-kpasswd">kpasswd</primary>
|
---|
509 | </indexterm></listitem>
|
---|
510 | </varlistentry>
|
---|
511 |
|
---|
512 | <varlistentry id="kprop">
|
---|
513 | <term><command>kprop</command></term>
|
---|
514 | <listitem><para>takes a principal database in a specified
|
---|
515 | format and converts it into a stream of database
|
---|
516 | records.</para>
|
---|
517 | <indexterm zone="mitkrb kprop">
|
---|
518 | <primary sortas="b-kprop">kprop</primary>
|
---|
519 | </indexterm></listitem>
|
---|
520 | </varlistentry>
|
---|
521 |
|
---|
522 | <varlistentry id="kpropd">
|
---|
523 | <term><command>kpropd</command></term>
|
---|
524 | <listitem><para>receives a database sent by
|
---|
525 | <command>kprop</command> and writes it as a local database.</para>
|
---|
526 | <indexterm zone="mitkrb kpropd">
|
---|
527 | <primary sortas="b-kpropd">kpropd</primary>
|
---|
528 | </indexterm></listitem>
|
---|
529 | </varlistentry>
|
---|
530 |
|
---|
531 | <varlistentry id="krb5-config-1">
|
---|
532 | <term><command>krb5-config</command></term>
|
---|
533 | <listitem><para>gives information on how to link
|
---|
534 | programs against libraries.</para>
|
---|
535 | <indexterm zone="mitkrb krb5-config-prog">
|
---|
536 | <primary sortas="b-krb5-config-1">krb5-config</primary>
|
---|
537 | </indexterm></listitem>
|
---|
538 | </varlistentry>
|
---|
539 |
|
---|
540 | <varlistentry id="krb5kdc">
|
---|
541 | <term><command>krb5kdc</command></term>
|
---|
542 | <listitem><para>is a Kerberos 5 server.</para>
|
---|
543 | <indexterm zone="mitkrb krb5kdc">
|
---|
544 | <primary sortas="b-krb5kdc">krb5kdc</primary>
|
---|
545 | </indexterm></listitem>
|
---|
546 | </varlistentry>
|
---|
547 |
|
---|
548 | <varlistentry id="kshd">
|
---|
549 | <term><command>kshd</command></term>
|
---|
550 | <listitem><para>is the server that responds to
|
---|
551 | <command>rsh</command> requests.</para>
|
---|
552 | <indexterm zone="mitkrb kshd">
|
---|
553 | <primary sortas="b-kshd">kshd</primary>
|
---|
554 | </indexterm></listitem>
|
---|
555 | </varlistentry>
|
---|
556 |
|
---|
557 | <varlistentry id="ksu">
|
---|
558 | <term><command>ksu</command></term>
|
---|
559 | <listitem><para>is the super user program using Kerberos protocol.
|
---|
560 | Requires a properly configured
|
---|
561 | <filename class="directory">/etc/shells</filename> and
|
---|
562 | <filename>~/.k5login</filename> containing principals authorized to
|
---|
563 | become super users.</para>
|
---|
564 | <indexterm zone="mitkrb ksu">
|
---|
565 | <primary sortas="b-ksu">ksu</primary>
|
---|
566 | </indexterm></listitem>
|
---|
567 | </varlistentry>
|
---|
568 |
|
---|
569 | <varlistentry id="ktutil-mitkrb">
|
---|
570 | <term><command>ktutil</command></term>
|
---|
571 | <listitem><para>is a program for managing Kerberos keytabs.</para>
|
---|
572 | <indexterm zone="mitkrb ktutil-mitkrb">
|
---|
573 | <primary sortas="b-ktutil">ktutil</primary>
|
---|
574 | </indexterm></listitem>
|
---|
575 | </varlistentry>
|
---|
576 |
|
---|
577 | <varlistentry id="kvno">
|
---|
578 | <term><command>kvno</command></term>
|
---|
579 | <listitem><para>prints keyversion numbers of Kerberos principals.</para>
|
---|
580 | <indexterm zone="mitkrb kvno">
|
---|
581 | <primary sortas="b-kvno">kvno</primary>
|
---|
582 | </indexterm></listitem>
|
---|
583 | </varlistentry>
|
---|
584 |
|
---|
585 | <varlistentry id="login.krb5">
|
---|
586 | <term><command>login.krb5</command></term>
|
---|
587 | <listitem><para>is a kerberized login program.</para>
|
---|
588 | <indexterm zone="mitkrb login">
|
---|
589 | <primary sortas="b-login.krb5">login.krb5</primary>
|
---|
590 | </indexterm></listitem>
|
---|
591 | </varlistentry>
|
---|
592 |
|
---|
593 | <varlistentry id="rcp-mitkrb">
|
---|
594 | <term><command>rcp</command></term>
|
---|
595 | <listitem><para>is a kerberized rcp client program.</para>
|
---|
596 | <indexterm zone="mitkrb rcp">
|
---|
597 | <primary sortas="b-rcp">rcp</primary>
|
---|
598 | </indexterm></listitem>
|
---|
599 | </varlistentry>
|
---|
600 |
|
---|
601 | <varlistentry id="rlogin">
|
---|
602 | <term><command>rlogin</command></term>
|
---|
603 | <listitem><para>is a kerberized rlogin client program.</para>
|
---|
604 | <indexterm zone="mitkrb rlogin">
|
---|
605 | <primary sortas="b-rlogin">rlogin</primary>
|
---|
606 | </indexterm></listitem>
|
---|
607 | </varlistentry>
|
---|
608 |
|
---|
609 | <varlistentry id="rsh-mitkrb">
|
---|
610 | <term><command>rsh</command></term>
|
---|
611 | <listitem><para>is a kerberized rsh client program.</para>
|
---|
612 | <indexterm zone="mitkrb rsh">
|
---|
613 | <primary sortas="b-rsh">rsh</primary>
|
---|
614 | </indexterm></listitem>
|
---|
615 | </varlistentry>
|
---|
616 |
|
---|
617 | <varlistentry id="telnet-mitkrb">
|
---|
618 | <term><command>telnet</command></term>
|
---|
619 | <listitem><para>is a kerberized telnet client program.</para>
|
---|
620 | <indexterm zone="mitkrb telnet">
|
---|
621 | <primary sortas="b-telnet">telnet</primary>
|
---|
622 | </indexterm></listitem>
|
---|
623 | </varlistentry>
|
---|
624 |
|
---|
625 | <varlistentry id="telnetd-mitkrb">
|
---|
626 | <term><command>telnetd</command></term>
|
---|
627 | <listitem><para>is a kerberized telnet server.</para>
|
---|
628 | <indexterm zone="mitkrb telnetd">
|
---|
629 | <primary sortas="b-telnetd">telnetd</primary>
|
---|
630 | </indexterm></listitem>
|
---|
631 | </varlistentry>
|
---|
632 |
|
---|
633 | <varlistentry id="libcom_err">
|
---|
634 | <term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
|
---|
635 | <listitem><para>implements the Kerberos library error code.</para>
|
---|
636 | <indexterm zone="mitkrb libcom_err">
|
---|
637 | <primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
|
---|
638 | </indexterm></listitem>
|
---|
639 | </varlistentry>
|
---|
640 |
|
---|
641 | <varlistentry id="libgssapi-mitkrb">
|
---|
642 | <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
|
---|
643 | <listitem><para>contain the Generic Security Service Application
|
---|
644 | Programming
|
---|
645 | Interface (<acronym>GSSAPI</acronym>) functions which provides security
|
---|
646 | services to callers in a generic fashion, supportable with a range of
|
---|
647 | underlying mechanisms and technologies and hence allowing source-level
|
---|
648 | portability of applications to different environments.</para>
|
---|
649 | <indexterm zone="mitkrb libgssapi">
|
---|
650 | <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
|
---|
651 | </indexterm></listitem>
|
---|
652 | </varlistentry>
|
---|
653 |
|
---|
654 | <varlistentry id="libkadm5clnt-mitkrb">
|
---|
655 | <term><filename
|
---|
656 | class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
|
---|
657 | <listitem><para>contains the administrative authentication and password
|
---|
658 | checking functions required by Kerberos 5 client-side programs.</para>
|
---|
659 | <indexterm zone="mitkrb libkadm5clnt">
|
---|
660 | <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
|
---|
661 | </indexterm></listitem>
|
---|
662 | </varlistentry>
|
---|
663 |
|
---|
664 | <varlistentry id="libkadm5srv-mitkrb">
|
---|
665 | <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
|
---|
666 | <listitem><para>contain the administrative authentication and password
|
---|
667 | checking functions required by Kerberos 5 servers.</para>
|
---|
668 | <indexterm zone="mitkrb libkadm5srv">
|
---|
669 | <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
|
---|
670 | </indexterm></listitem>
|
---|
671 | </varlistentry>
|
---|
672 |
|
---|
673 | <varlistentry id="libkdb5">
|
---|
674 | <term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
|
---|
675 | <listitem><para>is a Kerberos 5
|
---|
676 | authentication/authorization database access library.</para>
|
---|
677 | <indexterm zone="mitkrb libkdb5">
|
---|
678 | <primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
|
---|
679 | </indexterm></listitem>
|
---|
680 | </varlistentry>
|
---|
681 |
|
---|
682 | <varlistentry id="libkrb5-mitkrb">
|
---|
683 | <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
|
---|
684 | <listitem><para>is an all-purpose Kerberos 5 library.</para>
|
---|
685 | <indexterm zone="mitkrb libkrb5">
|
---|
686 | <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
|
---|
687 | </indexterm></listitem>
|
---|
688 | </varlistentry>
|
---|
689 |
|
---|
690 | </variablelist>
|
---|
691 |
|
---|
692 | </sect2>
|
---|
693 |
|
---|
694 | </sect1>
|
---|