source: postlfs/security/mitkrb.xml@ ea6bb02

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since ea6bb02 was ea6bb02, checked in by Pierre Labastie <pieere@…>, 7 years ago

Change lfs.org to example.org, because lfs.org is registered

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18579 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 32.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!-- <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;-signed.tar">-->
8 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
9 <!ENTITY mitkrb-download-ftp " ">
10 <!ENTITY mitkrb-md5sum "8022f3a1cde8463e44fd35ef42731f85">
11 <!ENTITY mitkrb-size "9.0 MB">
12 <!ENTITY mitkrb-buildsize "136 MB (additional 24 MB for the testsuite)">
13 <!ENTITY mitkrb-time "0.9 SBU (additional 4.0 SBU for the testsuite)">
14]>
15
16<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
17 <?dbhtml filename="mitkrb.html"?>
18
19 <sect1info>
20 <othername>$LastChangedBy$</othername>
21 <date>$Date$</date>
22 </sect1info>
23
24 <title>MIT Kerberos V5-&mitkrb-version;</title>
25
26 <indexterm zone="mitkrb">
27 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
28 </indexterm>
29
30 <sect2 role="package">
31 <title>Introduction to MIT Kerberos V5</title>
32
33 <para>
34 <application>MIT Kerberos V5</application> is a free implementation
35 of Kerberos 5. Kerberos is a network authentication protocol. It
36 centralizes the authentication database and uses kerberized
37 applications to work with servers or services that support Kerberos
38 allowing single logins and encrypted communication over internal
39 networks or the Internet.
40 </para>
41
42 &lfs80_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &mitkrb-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &mitkrb-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &mitkrb-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &mitkrb-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78<!-- Patch is not needed for this version, but don't remove this.
79 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
80 <itemizedlist spacing="compact">
81 <listitem>
82 <para>
83 Patch required on systems with IPv4 only enabled:
84 <ulink url="&patch-root;/mitkrb-&mitkrb-version;-fix_ipv4_only-1.patch"/>
85 </para>
86 </listitem>
87 </itemizedlist>
88-->
89
90 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
91
92 <bridgehead renderas="sect4">Optional</bridgehead>
93 <para role="optional">
94 <xref linkend="dejagnu"/> (for full test coverage),
95 <xref linkend="gnupg2"/> (to authenticate the package),
96 <xref linkend="keyutils"/>,
97 <xref linkend="openldap"/>,
98 <xref linkend="python2"/> (used during the testsuite),
99 <xref linkend="rpcbind"/> (used during the testsuite), and
100 <xref linkend="valgrind"/> (used during the test suite)
101 </para>
102
103 <note>
104 <para>
105 Some sort of time synchronization facility on your system (like
106 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
107 if there is a time difference between a kerberized client and the
108 KDC server.
109 </para>
110 </note>
111
112 <para condition="html" role="usernotes">User Notes:
113 <ulink url="&blfs-wiki;/mitkrb"/>
114 </para>
115 </sect2>
116
117 <sect2 role="installation">
118 <title>Installation of MIT Kerberos V5</title>
119
120<!-- PATCH IS REJECTED - ALREADY PATCHED
121 <para>
122 If your system is configured to support only IPv4, apply the following
123 patch:
124 </para>
125
126<screen><userinput>patch -p1 -i ../mitkrb-&mitkrb-version;-fix_ipv4_only-1.patch</userinput></screen>
127-->
128
129 <para>
130 Build <application>MIT Kerberos V5</application> by running the
131 following commands:
132 </para>
133
134<screen><userinput>cd src &amp;&amp;
135
136sed -e "s@python2.5/Python.h@&amp; python2.7/Python.h@g" \
137 -e "s@-lpython2.5]@&amp;,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
138 -i configure.in &amp;&amp;
139
140sed -e 's@\^u}@^u cols 300}@' \
141 -i tests/dejagnu/config/default.exp &amp;&amp;
142
143sed -e '/eq 0/{N;s/12 //}' \
144 -i plugins/kdb/db2/libdb2/test/run.test &amp;&amp;
145
146autoconf &amp;&amp;
147./configure --prefix=/usr \
148 --sysconfdir=/etc \
149 --localstatedir=/var/lib \
150 --with-system-et \
151 --with-system-ss \
152 --with-system-verto=no \
153 --enable-dns-for-realm &amp;&amp;
154make</userinput></screen>
155
156 <para>
157 To test the build, issue as the <systemitem
158 class="username">root</systemitem> user: <command>make check</command>.
159 You need at least <xref linkend="tcl"/>, which is used to drive the
160 testsuite. Furthermore, <xref linkend="dejagnu"/> must be available for
161 some of the tests to run. If you have a former version of MIT Kerberos V5
162 installed, it may happen that the test suite pick up the installed
163 versions of the libraries, rather than the newly built ones. If so, it is
164 better to run the tests after the installation.
165 </para>
166
167 <para>
168 Now, as the <systemitem class="username">root</systemitem> user:
169 </para>
170
171<screen role="root"><userinput>make install &amp;&amp;
172
173for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
174 kdb5 kdb_ldap krad krb5 krb5support verto ; do
175
176 find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;
177done &amp;&amp;
178
179mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
180mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
181mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
182
183ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
184ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
185ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &amp;&amp;
186
187mv -v /usr/bin/ksu /bin &amp;&amp;
188chmod -v 755 /bin/ksu &amp;&amp;
189
190install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
191cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
192
193 </sect2>
194
195 <sect2 role="commands">
196 <title>Command Explanations</title>
197
198 <para>
199 <command>sed -e ...</command>: The first <command>sed</command> fixes
200 <application>Python</application> detection. The second one increases
201 the width of the virtual terminal used for some tests to prevent
202 some spurious text in the output which is taken as a failure. The
203 third <command>sed</command> removes a test that is known to fail.
204 </para>
205
206 <para>
207 <parameter>--localstatedir=/var/lib</parameter>: This option is
208 used so that the Kerberos variable run-time data is located in
209 <filename class="directory">/var/lib</filename> instead of
210 <filename class="directory">/usr/var</filename>.
211 </para>
212
213 <para>
214 <parameter>--with-system-et</parameter>: This switch causes the build
215 to use the system-installed versions of the error-table support
216 software.
217 </para>
218
219 <para>
220 <parameter>--with-system-ss</parameter>: This switch causes the build
221 to use the system-installed versions of the subsystem command-line
222 interface software.
223 </para>
224
225 <para>
226 <parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
227 the package: it does not recognize its own verto library installed
228 previously. This is not a problem, if reinstalling the same version,
229 but if you are updating, the old library is used as system's one,
230 instead of installing the new version.
231 </para>
232
233 <para>
234 <parameter>--enable-dns-for-realm</parameter>: This switch allows
235 realms to be resolved using the DNS server.
236 </para>
237
238 <para>
239 <option>--with-ldap</option>: Use this switch if you want to compile the
240 <application>OpenLDAP</application> database backend module.
241 </para>
242
243 <para>
244 <command>mv -v /usr/lib/libk... /lib </command> and
245 <command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
246 Move critical libraries to the
247 <filename class="directory">/lib</filename> directory so that they are
248 available when the <filename class="directory">/usr</filename>
249 filesystem is not mounted.
250 </para>
251
252 <para>
253 <command>find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;</command>:
254 This command changes the permisison of installed libraries.
255 </para>
256
257 <para>
258 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
259 <command>ksu</command> program to the
260 <filename class="directory">/bin</filename> directory so that it is
261 available when the <filename class="directory">/usr</filename>
262 filesystem is not mounted.
263 </para>
264
265 </sect2>
266
267 <sect2 role="configuration">
268 <title>Configuring MIT Kerberos V5</title>
269
270 <sect3 id="krb5-config">
271 <title>Config Files</title>
272
273 <para>
274 <filename>/etc/krb5.conf</filename> and
275 <filename>/var/lib/krb5kdc/kdc.conf</filename>
276 </para>
277
278 <indexterm zone="mitkrb krb5-config">
279 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
280 </indexterm>
281
282 <indexterm zone="mitkrb krb5-config">
283 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
284 </indexterm>
285
286 </sect3>
287
288 <sect3>
289 <title>Configuration Information</title>
290
291 <sect4>
292 <title>Kerberos Configuration</title>
293
294 <tip>
295 <para>
296 You should consider installing some sort of password checking
297 dictionary so that you can configure the installation to only
298 accept strong passwords. A suitable dictionary to use is shown in
299 the <xref linkend="cracklib"/> instructions. Note that only one
300 file can be used, but you can concatenate many files into one. The
301 configuration file shown below assumes you have installed a
302 dictionary to <filename>/usr/share/dict/words</filename>.
303 </para>
304 </tip>
305
306 <para>
307 Create the Kerberos configuration file with the following
308 commands issued by the <systemitem class="username">root</systemitem>
309 user:
310 </para>
311
312<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
313<literal># Begin /etc/krb5.conf
314
315[libdefaults]
316 default_realm = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
317 encrypt = true
318
319[realms]
320 <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> = {
321 kdc = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
322 admin_server = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
323 dict_file = /usr/share/dict/words
324 }
325
326[domain_realm]
327 .<replaceable>&lt;example.org&gt;</replaceable> = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
328
329[logging]
330 kdc = SYSLOG:INFO:AUTH
331 admin_server = SYSLOG:INFO:AUTH
332 default = SYSLOG:DEBUG:DAEMON
333
334# End /etc/krb5.conf</literal>
335EOF</userinput></screen>
336
337 <para>
338 You will need to substitute your domain and proper hostname for the
339 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
340 <replaceable>&lt;example.org&gt;</replaceable> names.
341 </para>
342
343 <para>
344 <option>default_realm</option> should be the name of your
345 domain changed to ALL CAPS. This isn't required, but both
346 <application>Heimdal</application> and MIT recommend it.
347 </para>
348
349 <para>
350 <option>encrypt = true</option> provides encryption of all traffic
351 between kerberized clients and servers. It's not necessary and can
352 be left off. If you leave it off, you can encrypt all traffic from
353 the client to the server using a switch on the client program
354 instead.
355 </para>
356
357 <para>
358 The <option>[realms]</option> parameters tell the client programs
359 where to look for the KDC authentication services.
360 </para>
361
362 <para>
363 The <option>[domain_realm]</option> section maps a domain to a realm.
364 </para>
365
366 <para>
367 Create the KDC database:
368 </para>
369
370<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> -s</userinput></screen>
371
372 <para>
373 Now you should populate the database with principals
374 (users). For now, just use your regular login name or
375 <systemitem class="username">root</systemitem>.
376 </para>
377
378<screen role="root"><userinput>kadmin.local
379<prompt>kadmin.local:</prompt> add_policy dict-only
380<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
381
382 <para>
383 The KDC server and any machine running kerberized
384 server daemons must have a host key installed:
385 </para>
386
387<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
388
389 <para>
390 After choosing the defaults when prompted, you will have to
391 export the data to a keytab file:
392 </para>
393
394<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
395
396 <para>
397 This should have created a file in
398 <filename class="directory">/etc</filename> named
399 <filename>krb5.keytab</filename> (Kerberos 5). This file should
400 have 600 (<systemitem class="username">root</systemitem> rw only)
401 permissions. Keeping the keytab files from public access is crucial
402 to the overall security of the Kerberos installation.
403 </para>
404
405 <para>
406 Exit the <command>kadmin</command> program (use
407 <command>quit</command> or <command>exit</command>) and return
408 back to the shell prompt. Start the KDC daemon manually, just to
409 test out the installation:
410 </para>
411
412<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
413
414 <para>
415 Attempt to get a ticket with the following command:
416 </para>
417
418<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
419
420 <para>
421 You will be prompted for the password you created. After you
422 get your ticket, you can list it with the following command:
423 </para>
424
425<screen><userinput>klist</userinput></screen>
426
427 <para>
428 Information about the ticket should be displayed on the
429 screen.
430 </para>
431
432 <para>
433 To test the functionality of the keytab file, issue the
434 following command:
435 </para>
436
437<screen><userinput>ktutil
438<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
439<prompt>ktutil:</prompt> l</userinput></screen>
440
441 <para>
442 This should dump a list of the host principal, along with
443 the encryption methods used to access the principal.
444 </para>
445
446 <para>
447 At this point, if everything has been successful so far, you
448 can feel fairly confident in the installation and configuration of
449 the package.
450 </para>
451
452 </sect4>
453
454 <sect4>
455 <title>Additional Information</title>
456
457 <para>
458 For additional information consult the <ulink
459 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
460 documentation for krb5-&mitkrb-version;</ulink> on which the above
461 instructions are based.
462 </para>
463
464 </sect4>
465
466 </sect3>
467
468 <sect3 id="mitkrb-init">
469 <title><phrase revision="sysv">Init Script</phrase>
470 <phrase revision="systemd">Systemd Unit</phrase></title>
471
472 <para revision="sysv">
473 If you want to start <application>Kerberos</application> services
474 at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
475 script included in the <xref linkend="bootscripts"/> package using
476 the following command:
477 </para>
478
479 <para revision="systemd">
480 If you want to start <application>Kerberos</application> services
481 at boot, install the <filename>krb5.service</filename> unit included in
482 the <xref linkend="systemd-units"/> package using the following command:
483 </para>
484
485 <indexterm zone="mitkrb mitkrb-init">
486 <primary sortas="f-krb5">krb5</primary>
487 </indexterm>
488
489<screen role="root"><userinput>make install-krb5</userinput></screen>
490
491 </sect3>
492
493 </sect2>
494
495 <sect2 role="content">
496
497 <title>Contents</title>
498 <para></para>
499
500 <segmentedlist>
501 <segtitle>Installed Programs</segtitle>
502 <segtitle>Installed Libraries</segtitle>
503 <segtitle>Installed Directories</segtitle>
504
505 <seglistitem>
506 <seg>
507 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
508 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
509 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
510 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
511 sserver, uuclient and uuserver
512 </seg>
513 <seg>
514 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
515 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
516 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
517 libverto.so, and some plugins under the /usr/lib/krb5 tree
518 </seg>
519 <seg>
520 /usr/include/{gssapi,gssrpc,kadm5,krb5},
521 /usr/lib/krb5,
522 /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
523 /var/lib/krb5kdc, and
524 /var/lib/run/krb5kdc
525 </seg>
526 </seglistitem>
527 </segmentedlist>
528
529 <variablelist>
530 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
531 <?dbfo list-presentation="list"?>
532 <?dbhtml list-presentation="table"?>
533
534 <varlistentry id="gss-client">
535 <term><command>gss-client</command></term>
536 <listitem>
537 <para>
538 is a GSSAPI test client.
539 </para>
540 <indexterm zone="mitkrb gss-client">
541 <primary sortas="b-gss-client">gss-client</primary>
542 </indexterm>
543 </listitem>
544 </varlistentry>
545
546 <varlistentry id="gss-server">
547 <term><command>gss-server</command></term>
548 <listitem>
549 <para>
550 is a GSSAPI test server.
551 </para>
552 <indexterm zone="mitkrb gss-server">
553 <primary sortas="b-gss-server">gss-server</primary>
554 </indexterm>
555 </listitem>
556 </varlistentry>
557
558 <varlistentry id="k5srvutil">
559 <term><command>k5srvutil</command></term>
560 <listitem>
561 <para>
562 is a host keytable manipulation utility.
563 </para>
564 <indexterm zone="mitkrb k5srvutil">
565 <primary sortas="b-k5srvutil">k5srvutil</primary>
566 </indexterm>
567 </listitem>
568 </varlistentry>
569
570 <varlistentry id="kadmin">
571 <term><command>kadmin</command></term>
572 <listitem>
573 <para>
574 is an utility used to make modifications
575 to the Kerberos database.
576 </para>
577 <indexterm zone="mitkrb kadmin">
578 <primary sortas="b-kadmin">kadmin</primary>
579 </indexterm>
580 </listitem>
581 </varlistentry>
582
583 <varlistentry id="kadmin.local">
584 <term><command>kadmin.local</command></term>
585 <listitem>
586 <para>
587 is an utility similar to <command>kadmin</command>, but if the
588 database is db2, the local client <command>kadmin.local</command>,
589 is intended to run directly on the master KDC without Kerberos
590 authentication.
591 </para>
592 <indexterm zone="mitkrb kadmin.local">
593 <primary sortas="b-kadmin.local">kadmin.local</primary>
594 </indexterm>
595 </listitem>
596 </varlistentry>
597
598 <varlistentry id="kadmind">
599 <term><command>kadmind</command></term>
600 <listitem>
601 <para>
602 is a server for administrative access
603 to a Kerberos database.
604 </para>
605 <indexterm zone="mitkrb kadmind">
606 <primary sortas="b-kadmind">kadmind</primary>
607 </indexterm>
608 </listitem>
609 </varlistentry>
610
611 <varlistentry id="kdb5_ldap_util">
612 <term><command>kdb5_ldap_util (optional)</command></term>
613 <listitem>
614 <para>
615 allows an administrator to manage realms, Kerberos services
616 and ticket policies.
617 </para>
618 <indexterm zone="mitkrb kdb5_ldap_util">
619 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
620 </indexterm>
621 </listitem>
622 </varlistentry>
623
624 <varlistentry id="kdb5_util">
625 <term><command>kdb5_util</command></term>
626 <listitem>
627 <para>
628 is the KDC database utility.
629 </para>
630 <indexterm zone="mitkrb kdb5_util">
631 <primary sortas="b-kdb5_util">kdb5_util</primary>
632 </indexterm>
633 </listitem>
634 </varlistentry>
635
636 <varlistentry id="kdestroy">
637 <term><command>kdestroy</command></term>
638 <listitem>
639 <para>
640 removes the current set of tickets.
641 </para>
642 <indexterm zone="mitkrb kdestroy">
643 <primary sortas="b-kdestroy">kdestroy</primary>
644 </indexterm>
645 </listitem>
646 </varlistentry>
647
648 <varlistentry id="kinit">
649 <term><command>kinit</command></term>
650 <listitem>
651 <para>
652 is used to authenticate to the Kerberos server as a
653 principal and acquire a ticket granting ticket that can
654 later be used to obtain tickets for other services.
655 </para>
656 <indexterm zone="mitkrb kinit">
657 <primary sortas="b-kinit">kinit</primary>
658 </indexterm>
659 </listitem>
660 </varlistentry>
661
662 <varlistentry id="klist">
663 <term><command>klist</command></term>
664 <listitem>
665 <para>
666 reads and displays the current tickets in
667 the credential cache.
668 </para>
669 <indexterm zone="mitkrb klist">
670 <primary sortas="b-klist">klist</primary>
671 </indexterm>
672 </listitem>
673 </varlistentry>
674
675 <varlistentry id="kpasswd">
676 <term><command>kpasswd</command></term>
677 <listitem>
678 <para>
679 is a program for changing Kerberos 5 passwords.
680 </para>
681 <indexterm zone="mitkrb kpasswd">
682 <primary sortas="b-kpasswd">kpasswd</primary>
683 </indexterm>
684 </listitem>
685 </varlistentry>
686
687 <varlistentry id="kprop">
688 <term><command>kprop</command></term>
689 <listitem>
690 <para>
691 takes a principal database in a specified format and
692 converts it into a stream of database records.
693 </para>
694 <indexterm zone="mitkrb kprop">
695 <primary sortas="b-kprop">kprop</primary>
696 </indexterm>
697 </listitem>
698 </varlistentry>
699
700 <varlistentry id="kpropd">
701 <term><command>kpropd</command></term>
702 <listitem>
703 <para>
704 receives a database sent by <command>kprop</command>
705 and writes it as a local database.
706 </para>
707 <indexterm zone="mitkrb kpropd">
708 <primary sortas="b-kpropd">kpropd</primary>
709 </indexterm>
710 </listitem>
711 </varlistentry>
712
713 <varlistentry id="kproplog">
714 <term><command>kproplog</command></term>
715 <listitem>
716 <para>
717 displays the contents of the KDC database update log to standard
718 output.
719 </para>
720 <indexterm zone="mitkrb kproplog">
721 <primary sortas="b-kproplog">kproplog</primary>
722 </indexterm>
723 </listitem>
724 </varlistentry>
725
726 <varlistentry id="krb5-config-prog2">
727 <term><command>krb5-config</command></term>
728 <listitem>
729 <para>
730 gives information on how to link programs against
731 libraries.
732 </para>
733 <indexterm zone="mitkrb krb5-config-prog2">
734 <primary sortas="b-krb5-config">krb5-config</primary>
735 </indexterm>
736 </listitem>
737 </varlistentry>
738
739 <varlistentry id="krb5kdc">
740 <term><command>krb5kdc</command></term>
741 <listitem>
742 <para>
743 is the <application>Kerberos 5</application> server.
744 </para>
745 <indexterm zone="mitkrb krb5kdc">
746 <primary sortas="b-krb5kdc">krb5kdc</primary>
747 </indexterm>
748 </listitem>
749 </varlistentry>
750
751 <varlistentry id="krb5-send-pr">
752 <term><command>krb5-send-pr</command></term>
753 <listitem>
754 <para>
755 sends a problem report (PR) to a central support site.
756 </para>
757 <indexterm zone="mitkrb krb5-send-pr">
758 <primary sortas="b-krb-send-pr">krb5-send-pr</primary>
759 </indexterm>
760 </listitem>
761 </varlistentry>
762
763 <varlistentry id="ksu">
764 <term><command>ksu</command></term>
765 <listitem>
766 <para>
767 is the super user program using Kerberos protocol.
768 Requires a properly configured
769 <filename>/etc/shells</filename> and
770 <filename>~/.k5login</filename> containing principals
771 authorized to become super users.
772 </para>
773 <indexterm zone="mitkrb ksu">
774 <primary sortas="b-ksu">ksu</primary>
775 </indexterm>
776 </listitem>
777 </varlistentry>
778
779 <varlistentry id="kswitch">
780 <term><command>kswitch</command></term>
781 <listitem>
782 <para>
783 makes the specified credential cache the
784 primary cache for the collection, if a cache
785 collection is available.
786 </para>
787 <indexterm zone="mitkrb kswitch">
788 <primary sortas="b-kswitch">kswitch</primary>
789 </indexterm>
790 </listitem>
791 </varlistentry>
792
793 <varlistentry id="ktutil">
794 <term><command>ktutil</command></term>
795 <listitem>
796 <para>
797 is a program for managing Kerberos keytabs.
798 </para>
799 <indexterm zone="mitkrb ktutil">
800 <primary sortas="b-ktutil">ktutil</primary>
801 </indexterm>
802 </listitem>
803 </varlistentry>
804
805 <varlistentry id="kvno">
806 <term><command>kvno</command></term>
807 <listitem>
808 <para>
809 prints keyversion numbers of Kerberos principals.
810 </para>
811 <indexterm zone="mitkrb kvno">
812 <primary sortas="b-kvno">kvno</primary>
813 </indexterm>
814 </listitem>
815 </varlistentry>
816
817 <varlistentry id="sclient">
818 <term><command>sclient</command></term>
819 <listitem>
820 <para>
821 is used to contact a sample server and authenticate to it
822 using Kerberos 5 tickets, then display the server's
823 response.
824 </para>
825 <indexterm zone="mitkrb sclient">
826 <primary sortas="b-sclient">sclient</primary>
827 </indexterm>
828 </listitem>
829 </varlistentry>
830
831 <varlistentry id="sim_client">
832 <term><command>sim_client</command></term>
833 <listitem>
834 <para>
835 is a simple UDP-based sample client program, for
836 demonstration.
837 </para>
838 <indexterm zone="mitkrb sim_client">
839 <primary sortas="b-sim_client">sim_client</primary>
840 </indexterm>
841 </listitem>
842 </varlistentry>
843
844 <varlistentry id="sim_server">
845 <term><command>sim_server</command></term>
846 <listitem>
847 <para>
848 is a simple UDP-based server application, for
849 demonstration.
850 </para>
851 <indexterm zone="mitkrb sim_server">
852 <primary sortas="b-sim_server">sim_server</primary>
853 </indexterm>
854 </listitem>
855 </varlistentry>
856
857 <varlistentry id="sserver">
858 <term><command>sserver</command></term>
859 <listitem>
860 <para>
861 is the sample Kerberos 5 server.
862 </para>
863 <indexterm zone="mitkrb sserver">
864 <primary sortas="b-sserver">sserver</primary>
865 </indexterm>
866 </listitem>
867 </varlistentry>
868
869 <varlistentry id="uuclient">
870 <term><command>uuclient</command></term>
871 <listitem>
872 <para>
873 is another sample client.
874 </para>
875 <indexterm zone="mitkrb uuclient">
876 <primary sortas="b-uuclient">uuclient</primary>
877 </indexterm>
878 </listitem>
879 </varlistentry>
880
881 <varlistentry id="uuserver">
882 <term><command>uuserver</command></term>
883 <listitem>
884 <para>
885 is another sample server.
886 </para>
887 <indexterm zone="mitkrb uuserver">
888 <primary sortas="b-uuserver">uuserver</primary>
889 </indexterm>
890 </listitem>
891 </varlistentry>
892
893
894 <varlistentry id="libgssapi_krb5">
895 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
896 <listitem>
897 <para>
898 contains the Generic Security Service Application Programming
899 Interface (GSSAPI) functions which provides security services
900 to callers in a generic fashion, supportable with a range of
901 underlying mechanisms and technologies and hence allowing
902 source-level portability of applications to different
903 environments.
904 </para>
905 <indexterm zone="mitkrb libgssapi_krb5">
906 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
907 </indexterm>
908 </listitem>
909 </varlistentry>
910
911 <varlistentry id="libkadm5clnt">
912 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
913 <listitem>
914 <para>
915 contains the administrative authentication and password checking
916 functions required by Kerberos 5 client-side programs.
917 </para>
918 <indexterm zone="mitkrb libkadm5clnt">
919 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
920 </indexterm>
921 </listitem>
922 </varlistentry>
923
924 <varlistentry id="libkadm5srv">
925 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
926 <listitem>
927 <para>
928 contains the administrative authentication and password
929 checking functions required by Kerberos 5 servers.
930 </para>
931 <indexterm zone="mitkrb libkadm5srv">
932 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
933 </indexterm>
934 </listitem>
935 </varlistentry>
936
937 <varlistentry id="libkdb5">
938 <term><filename class="libraryfile">libkdb5.so</filename></term>
939 <listitem>
940 <para>
941 is a Kerberos 5 authentication/authorization database
942 access library.
943 </para>
944 <indexterm zone="mitkrb libkdb5">
945 <primary sortas="c-libkdb5">libkdb5.so</primary>
946 </indexterm>
947 </listitem>
948 </varlistentry>
949
950 <varlistentry id="libkrad">
951 <term><filename class="libraryfile">libkrad.so</filename></term>
952 <listitem>
953 <para>
954 contains the internal support library for RADIUS functionality.
955 </para>
956 <indexterm zone="mitkrb libkrad">
957 <primary sortas="c-libkrad">libkrad.so</primary>
958 </indexterm>
959 </listitem>
960 </varlistentry>
961
962 <varlistentry id="libkrb5">
963 <term><filename class="libraryfile">libkrb5.so</filename></term>
964 <listitem>
965 <para>
966 is an all-purpose <application>Kerberos 5</application> library.
967 </para>
968 <indexterm zone="mitkrb libkrb5">
969 <primary sortas="c-libkrb5">libkrb5.so</primary>
970 </indexterm>
971 </listitem>
972 </varlistentry>
973
974 </variablelist>
975
976 </sect2>
977
978</sect1>
Note: See TracBrowser for help on using the repository browser.