Context Navigation

mitkrb.xml@ f22b905

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since f22b905 was f22b905, checked in by Bruce Dubbs <bdubbs@…>, 6 years ago

Update to tcl/tk-8.6.8.
Update to gmime3-3.2.0.
Update to gnupg-2.2.4.
Update to xfce4-power-manager-1.6.1.
Update to nghttp2-1.29.0.
Update to krb5-1.16.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19621 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 31.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "https://web.mit.edu/kerberos/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "23c5e9f07642db4a67f7a5b6168b1319">
10	<!ENTITY mitkrb-size "9.0 MB">
11	<!ENTITY mitkrb-buildsize "100 MB (add 24 MB for tests)">
12	<!ENTITY mitkrb-time "0.4 SBU (using parallelism=4; add 4.1 SBU for tests)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs81_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<!-- Patch is not needed for this version, but don't remove this.
78	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
79	<itemizedlist spacing="compact">
80	<listitem>
81	<para>
82	Patch required on systems with IPv4 only enabled:
83	<ulink url="&patch-root;/mitkrb-&mitkrb-version;-fix_ipv4_only-1.patch"/>
84	</para>
85	</listitem>
86	</itemizedlist>
87	-->
88
89	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
90
91	<bridgehead renderas="sect4">Optional</bridgehead>
92	<para role="optional">
93	<xref linkend="dejagnu"/> (for full test coverage),
94	<xref linkend="gnupg2"/> (to authenticate the package),
95	<xref linkend="keyutils"/>,
96	<xref linkend="openldap"/>,
97	<xref linkend="python2"/> (used during the testsuite),
98	<xref linkend="rpcbind"/> (used during the testsuite), and
99	<xref linkend="valgrind"/> (used during the test suite)
100	</para>
101
102	<note>
103	<para>
104	Some sort of time synchronization facility on your system (like
105	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
106	if there is a time difference between a kerberized client and the
107	KDC server.
108	</para>
109	</note>
110
111	<para condition="html" role="usernotes">User Notes:
112	<ulink url="&blfs-wiki;/mitkrb"/>
113	</para>
114	</sect2>
115
116	<sect2 role="installation">
117	<title>Installation of MIT Kerberos V5</title>
118
119	<!-- PATCH IS REJECTED - ALREADY PATCHED
120	<para>
121	If your system is configured to support only IPv4, apply the following
122	patch:
123	</para>
124
125	<screen><userinput>patch -p1 -i ../mitkrb-&mitkrb-version;-fix_ipv4_only-1.patch</userinput></screen>
126	-->
127
128	<para>
129	Build <application>MIT Kerberos V5</application> by running the
130	following commands:
131	</para>
132
133	<screen><userinput>cd src &&
134
135	sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp &&
136	sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &&
137
138	./configure --prefix=/usr \
139	--sysconfdir=/etc \
140	--localstatedir=/var/lib \
141	--with-system-et \
142	--with-system-ss \
143	--with-system-verto=no \
144	--enable-dns-for-realm &&
145	make</userinput></screen>
146
147	<para>
148	To test the build, issue as the <systemitem
149	class="username">root</systemitem> user: <command>make -k check</command>.
150	You need at least <xref linkend="tcl"/>, which is used to drive the
151	testsuite. Furthermore, <xref linkend="dejagnu"/> must be available for
152	some of the tests to run. If you have a former version of MIT Kerberos V5
153	installed, it may happen that the test suite pick up the installed
154	versions of the libraries, rather than the newly built ones. If so, it is
155	better to run the tests after the installation. The t_ccselect test
156	i sknown to fail.
157	</para>
158
159	<para>
160	Now, as the <systemitem class="username">root</systemitem> user:
161	</para>
162
163	<screen role="root"><userinput>make install &&
164
165	for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
166	kdb5 kdb_ldap krad krb5 krb5support verto ; do
167
168	find /usr/lib -type f -name "lib$f.so" -exec chmod -v 755 {} \;
169	done &&
170
171	mv -v /usr/lib/libkrb5.so.3* /lib &&
172	mv -v /usr/lib/libk5crypto.so.3* /lib &&
173	mv -v /usr/lib/libkrb5support.so.0* /lib &&
174
175	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
176	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
177	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
178
179	mv -v /usr/bin/ksu /bin &&
180	chmod -v 755 /bin/ksu &&
181
182	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
183	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
184
185	</sect2>
186
187	<sect2 role="commands">
188	<title>Command Explanations</title>
189
190	<para>
191	<command>sed -e ...</command>: The first <command>sed</command> fixes
192	<application>Python</application> detection. The second one increases
193	the width of the virtual terminal used for some tests to prevent
194	some spurious text in the output which is taken as a failure. The
195	third <command>sed</command> removes a test that is known to fail.
196	</para>
197
198	<para>
199	<parameter>--localstatedir=/var/lib</parameter>: This option is
200	used so that the Kerberos variable run-time data is located in
201	<filename class="directory">/var/lib</filename> instead of
202	<filename class="directory">/usr/var</filename>.
203	</para>
204
205	<para>
206	<parameter>--with-system-et</parameter>: This switch causes the build
207	to use the system-installed versions of the error-table support
208	software.
209	</para>
210
211	<para>
212	<parameter>--with-system-ss</parameter>: This switch causes the build
213	to use the system-installed versions of the subsystem command-line
214	interface software.
215	</para>
216
217	<para>
218	<parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
219	the package: it does not recognize its own verto library installed
220	previously. This is not a problem, if reinstalling the same version,
221	but if you are updating, the old library is used as system's one,
222	instead of installing the new version.
223	</para>
224
225	<para>
226	<parameter>--enable-dns-for-realm</parameter>: This switch allows
227	realms to be resolved using the DNS server.
228	</para>
229
230	<para>
231	<option>--with-ldap</option>: Use this switch if you want to compile the
232	<application>OpenLDAP</application> database backend module.
233	</para>
234
235	<para>
236	<command>mv -v /usr/lib/libk... /lib </command> and
237	<command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
238	Move critical libraries to the
239	<filename class="directory">/lib</filename> directory so that they are
240	available when the <filename class="directory">/usr</filename>
241	filesystem is not mounted.
242	</para>
243
244	<para>
245	<command>find /usr/lib -type f -name "lib$f.so" -exec chmod -v 755 {} \;</command>:
246	This command changes the permisison of installed libraries.
247	</para>
248
249	<para>
250	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
251	<command>ksu</command> program to the
252	<filename class="directory">/bin</filename> directory so that it is
253	available when the <filename class="directory">/usr</filename>
254	filesystem is not mounted.
255	</para>
256
257	</sect2>
258
259	<sect2 role="configuration">
260	<title>Configuring MIT Kerberos V5</title>
261
262	<sect3 id="krb5-config">
263	<title>Config Files</title>
264
265	<para>
266	<filename>/etc/krb5.conf</filename> and
267	<filename>/var/lib/krb5kdc/kdc.conf</filename>
268	</para>
269
270	<indexterm zone="mitkrb krb5-config">
271	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
272	</indexterm>
273
274	<indexterm zone="mitkrb krb5-config">
275	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
276	</indexterm>
277
278	</sect3>
279
280	<sect3>
281	<title>Configuration Information</title>
282
283	<sect4>
284	<title>Kerberos Configuration</title>
285
286	<tip>
287	<para>
288	You should consider installing some sort of password checking
289	dictionary so that you can configure the installation to only
290	accept strong passwords. A suitable dictionary to use is shown in
291	the <xref linkend="cracklib"/> instructions. Note that only one
292	file can be used, but you can concatenate many files into one. The
293	configuration file shown below assumes you have installed a
294	dictionary to <filename>/usr/share/dict/words</filename>.
295	</para>
296	</tip>
297
298	<para>
299	Create the Kerberos configuration file with the following
300	commands issued by the <systemitem class="username">root</systemitem>
301	user:
302	</para>
303
304	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
305	<literal># Begin /etc/krb5.conf
306
307	[libdefaults]
308	default_realm = <replaceable><EXAMPLE.ORG></replaceable>
309	encrypt = true
310
311	[realms]
312	<replaceable><EXAMPLE.ORG></replaceable> = {
313	kdc = <replaceable><belgarath.example.org></replaceable>
314	admin_server = <replaceable><belgarath.example.org></replaceable>
315	dict_file = /usr/share/dict/words
316	}
317
318	[domain_realm]
319	.<replaceable><example.org></replaceable> = <replaceable><EXAMPLE.ORG></replaceable>
320
321	[logging]
322	kdc = SYSLOG:INFO:AUTH
323	admin_server = SYSLOG:INFO:AUTH
324	default = SYSLOG:DEBUG:DAEMON
325
326	# End /etc/krb5.conf</literal>
327	EOF</userinput></screen>
328
329	<para>
330	You will need to substitute your domain and proper hostname for the
331	occurrences of the <replaceable><belgarath></replaceable> and
332	<replaceable><example.org></replaceable> names.
333	</para>
334
335	<para>
336	<option>default_realm</option> should be the name of your
337	domain changed to ALL CAPS. This isn't required, but both
338	<application>Heimdal</application> and MIT recommend it.
339	</para>
340
341	<para>
342	<option>encrypt = true</option> provides encryption of all traffic
343	between kerberized clients and servers. It's not necessary and can
344	be left off. If you leave it off, you can encrypt all traffic from
345	the client to the server using a switch on the client program
346	instead.
347	</para>
348
349	<para>
350	The <option>[realms]</option> parameters tell the client programs
351	where to look for the KDC authentication services.
352	</para>
353
354	<para>
355	The <option>[domain_realm]</option> section maps a domain to a realm.
356	</para>
357
358	<para>
359	Create the KDC database:
360	</para>
361
362	<screen role="root"><userinput>kdb5_util create -r <replaceable><EXAMPLE.ORG></replaceable> -s</userinput></screen>
363
364	<para>
365	Now you should populate the database with principals
366	(users). For now, just use your regular login name or
367	<systemitem class="username">root</systemitem>.
368	</para>
369
370	<screen role="root"><userinput>kadmin.local
371	<prompt>kadmin.local:</prompt> add_policy dict-only
372	<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
373
374	<para>
375	The KDC server and any machine running kerberized
376	server daemons must have a host key installed:
377	</para>
378
379	<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
380
381	<para>
382	After choosing the defaults when prompted, you will have to
383	export the data to a keytab file:
384	</para>
385
386	<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable><belgarath.example.org></replaceable></userinput></screen>
387
388	<para>
389	This should have created a file in
390	<filename class="directory">/etc</filename> named
391	<filename>krb5.keytab</filename> (Kerberos 5). This file should
392	have 600 (<systemitem class="username">root</systemitem> rw only)
393	permissions. Keeping the keytab files from public access is crucial
394	to the overall security of the Kerberos installation.
395	</para>
396
397	<para>
398	Exit the <command>kadmin</command> program (use
399	<command>quit</command> or <command>exit</command>) and return
400	back to the shell prompt. Start the KDC daemon manually, just to
401	test out the installation:
402	</para>
403
404	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
405
406	<para>
407	Attempt to get a ticket with the following command:
408	</para>
409
410	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
411
412	<para>
413	You will be prompted for the password you created. After you
414	get your ticket, you can list it with the following command:
415	</para>
416
417	<screen><userinput>klist</userinput></screen>
418
419	<para>
420	Information about the ticket should be displayed on the
421	screen.
422	</para>
423
424	<para>
425	To test the functionality of the keytab file, issue the
426	following command:
427	</para>
428
429	<screen><userinput>ktutil
430	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
431	<prompt>ktutil:</prompt> l</userinput></screen>
432
433	<para>
434	This should dump a list of the host principal, along with
435	the encryption methods used to access the principal.
436	</para>
437
438	<para>
439	At this point, if everything has been successful so far, you
440	can feel fairly confident in the installation and configuration of
441	the package.
442	</para>
443
444	</sect4>
445
446	<sect4>
447	<title>Additional Information</title>
448
449	<para>
450	For additional information consult the <ulink
451	url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
452	documentation for krb5-&mitkrb-version;</ulink> on which the above
453	instructions are based.
454	</para>
455
456	</sect4>
457
458	</sect3>
459
460	<sect3 id="mitkrb-init">
461	<title><phrase revision="sysv">Init Script</phrase>
462	<phrase revision="systemd">Systemd Unit</phrase></title>
463
464	<para revision="sysv">
465	If you want to start <application>Kerberos</application> services
466	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
467	script included in the <xref linkend="bootscripts"/> package using
468	the following command:
469	</para>
470
471	<para revision="systemd">
472	If you want to start <application>Kerberos</application> services
473	at boot, install the <filename>krb5.service</filename> unit included in
474	the <xref linkend="systemd-units"/> package using the following command:
475	</para>
476
477	<indexterm zone="mitkrb mitkrb-init">
478	<primary sortas="f-krb5">krb5</primary>
479	</indexterm>
480
481	<screen role="root"><userinput>make install-krb5</userinput></screen>
482
483	</sect3>
484
485	</sect2>
486
487	<sect2 role="content">
488
489	<title>Contents</title>
490	<para></para>
491
492	<segmentedlist>
493	<segtitle>Installed Programs</segtitle>
494	<segtitle>Installed Libraries</segtitle>
495	<segtitle>Installed Directories</segtitle>
496
497	<seglistitem>
498	<seg>
499	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
500	kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
501	kpasswd, kprop, kpropd, kproplog, krb5-config, krb5kdc, krb5-send-pr,
502	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
503	sserver, uuclient, and uuserver
504	</seg>
505	<seg>
506	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
507	libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
508	(optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
509	libverto.so, and some plugins under the /usr/lib/krb5 tree
510	</seg>
511	<seg>
512	/usr/include/{gssapi,gssrpc,kadm5,krb5},
513	/usr/lib/krb5,
514	/usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
515	/var/lib/krb5kdc, and
516	/var/lib/run/krb5kdc
517	</seg>
518	</seglistitem>
519	</segmentedlist>
520
521	<variablelist>
522	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
523	<?dbfo list-presentation="list"?>
524	<?dbhtml list-presentation="table"?>
525
526	<varlistentry id="gss-client">
527	<term><command>gss-client</command></term>
528	<listitem>
529	<para>
530	is a GSSAPI test client.
531	</para>
532	<indexterm zone="mitkrb gss-client">
533	<primary sortas="b-gss-client">gss-client</primary>
534	</indexterm>
535	</listitem>
536	</varlistentry>
537
538	<varlistentry id="gss-server">
539	<term><command>gss-server</command></term>
540	<listitem>
541	<para>
542	is a GSSAPI test server.
543	</para>
544	<indexterm zone="mitkrb gss-server">
545	<primary sortas="b-gss-server">gss-server</primary>
546	</indexterm>
547	</listitem>
548	</varlistentry>
549
550	<varlistentry id="k5srvutil">
551	<term><command>k5srvutil</command></term>
552	<listitem>
553	<para>
554	is a host keytable manipulation utility.
555	</para>
556	<indexterm zone="mitkrb k5srvutil">
557	<primary sortas="b-k5srvutil">k5srvutil</primary>
558	</indexterm>
559	</listitem>
560	</varlistentry>
561
562	<varlistentry id="kadmin">
563	<term><command>kadmin</command></term>
564	<listitem>
565	<para>
566	is an utility used to make modifications
567	to the Kerberos database.
568	</para>
569	<indexterm zone="mitkrb kadmin">
570	<primary sortas="b-kadmin">kadmin</primary>
571	</indexterm>
572	</listitem>
573	</varlistentry>
574
575	<varlistentry id="kadmin.local">
576	<term><command>kadmin.local</command></term>
577	<listitem>
578	<para>
579	is an utility similar to <command>kadmin</command>, but if the
580	database is db2, the local client <command>kadmin.local</command>,
581	is intended to run directly on the master KDC without Kerberos
582	authentication.
583	</para>
584	<indexterm zone="mitkrb kadmin.local">
585	<primary sortas="b-kadmin.local">kadmin.local</primary>
586	</indexterm>
587	</listitem>
588	</varlistentry>
589
590	<varlistentry id="kadmind">
591	<term><command>kadmind</command></term>
592	<listitem>
593	<para>
594	is a server for administrative access
595	to a Kerberos database.
596	</para>
597	<indexterm zone="mitkrb kadmind">
598	<primary sortas="b-kadmind">kadmind</primary>
599	</indexterm>
600	</listitem>
601	</varlistentry>
602
603	<varlistentry id="kdb5_ldap_util">
604	<term><command>kdb5_ldap_util (optional)</command></term>
605	<listitem>
606	<para>
607	allows an administrator to manage realms, Kerberos services
608	and ticket policies.
609	</para>
610	<indexterm zone="mitkrb kdb5_ldap_util">
611	<primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
612	</indexterm>
613	</listitem>
614	</varlistentry>
615
616	<varlistentry id="kdb5_util">
617	<term><command>kdb5_util</command></term>
618	<listitem>
619	<para>
620	is the KDC database utility.
621	</para>
622	<indexterm zone="mitkrb kdb5_util">
623	<primary sortas="b-kdb5_util">kdb5_util</primary>
624	</indexterm>
625	</listitem>
626	</varlistentry>
627
628	<varlistentry id="kdestroy">
629	<term><command>kdestroy</command></term>
630	<listitem>
631	<para>
632	removes the current set of tickets.
633	</para>
634	<indexterm zone="mitkrb kdestroy">
635	<primary sortas="b-kdestroy">kdestroy</primary>
636	</indexterm>
637	</listitem>
638	</varlistentry>
639
640	<varlistentry id="kinit">
641	<term><command>kinit</command></term>
642	<listitem>
643	<para>
644	is used to authenticate to the Kerberos server as a
645	principal and acquire a ticket granting ticket that can
646	later be used to obtain tickets for other services.
647	</para>
648	<indexterm zone="mitkrb kinit">
649	<primary sortas="b-kinit">kinit</primary>
650	</indexterm>
651	</listitem>
652	</varlistentry>
653
654	<varlistentry id="klist">
655	<term><command>klist</command></term>
656	<listitem>
657	<para>
658	reads and displays the current tickets in
659	the credential cache.
660	</para>
661	<indexterm zone="mitkrb klist">
662	<primary sortas="b-klist">klist</primary>
663	</indexterm>
664	</listitem>
665	</varlistentry>
666
667	<varlistentry id="kpasswd">
668	<term><command>kpasswd</command></term>
669	<listitem>
670	<para>
671	is a program for changing Kerberos 5 passwords.
672	</para>
673	<indexterm zone="mitkrb kpasswd">
674	<primary sortas="b-kpasswd">kpasswd</primary>
675	</indexterm>
676	</listitem>
677	</varlistentry>
678
679	<varlistentry id="kprop">
680	<term><command>kprop</command></term>
681	<listitem>
682	<para>
683	takes a principal database in a specified format and
684	converts it into a stream of database records.
685	</para>
686	<indexterm zone="mitkrb kprop">
687	<primary sortas="b-kprop">kprop</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="kpropd">
693	<term><command>kpropd</command></term>
694	<listitem>
695	<para>
696	receives a database sent by <command>kprop</command>
697	and writes it as a local database.
698	</para>
699	<indexterm zone="mitkrb kpropd">
700	<primary sortas="b-kpropd">kpropd</primary>
701	</indexterm>
702	</listitem>
703	</varlistentry>
704
705	<varlistentry id="kproplog">
706	<term><command>kproplog</command></term>
707	<listitem>
708	<para>
709	displays the contents of the KDC database update log to standard
710	output.
711	</para>
712	<indexterm zone="mitkrb kproplog">
713	<primary sortas="b-kproplog">kproplog</primary>
714	</indexterm>
715	</listitem>
716	</varlistentry>
717
718	<varlistentry id="krb5-config-prog2">
719	<term><command>krb5-config</command></term>
720	<listitem>
721	<para>
722	gives information on how to link programs against
723	libraries.
724	</para>
725	<indexterm zone="mitkrb krb5-config-prog2">
726	<primary sortas="b-krb5-config">krb5-config</primary>
727	</indexterm>
728	</listitem>
729	</varlistentry>
730
731	<varlistentry id="krb5kdc">
732	<term><command>krb5kdc</command></term>
733	<listitem>
734	<para>
735	is the <application>Kerberos 5</application> server.
736	</para>
737	<indexterm zone="mitkrb krb5kdc">
738	<primary sortas="b-krb5kdc">krb5kdc</primary>
739	</indexterm>
740	</listitem>
741	</varlistentry>
742
743	<varlistentry id="krb5-send-pr">
744	<term><command>krb5-send-pr</command></term>
745	<listitem>
746	<para>
747	sends a problem report (PR) to a central support site.
748	</para>
749	<indexterm zone="mitkrb krb5-send-pr">
750	<primary sortas="b-krb-send-pr">krb5-send-pr</primary>
751	</indexterm>
752	</listitem>
753	</varlistentry>
754
755	<varlistentry id="ksu">
756	<term><command>ksu</command></term>
757	<listitem>
758	<para>
759	is the super user program using Kerberos protocol.
760	Requires a properly configured
761	<filename>/etc/shells</filename> and
762	<filename>~/.k5login</filename> containing principals
763	authorized to become super users.
764	</para>
765	<indexterm zone="mitkrb ksu">
766	<primary sortas="b-ksu">ksu</primary>
767	</indexterm>
768	</listitem>
769	</varlistentry>
770
771	<varlistentry id="kswitch">
772	<term><command>kswitch</command></term>
773	<listitem>
774	<para>
775	makes the specified credential cache the
776	primary cache for the collection, if a cache
777	collection is available.
778	</para>
779	<indexterm zone="mitkrb kswitch">
780	<primary sortas="b-kswitch">kswitch</primary>
781	</indexterm>
782	</listitem>
783	</varlistentry>
784
785	<varlistentry id="ktutil">
786	<term><command>ktutil</command></term>
787	<listitem>
788	<para>
789	is a program for managing Kerberos keytabs.
790	</para>
791	<indexterm zone="mitkrb ktutil">
792	<primary sortas="b-ktutil">ktutil</primary>
793	</indexterm>
794	</listitem>
795	</varlistentry>
796
797	<varlistentry id="kvno">
798	<term><command>kvno</command></term>
799	<listitem>
800	<para>
801	prints keyversion numbers of Kerberos principals.
802	</para>
803	<indexterm zone="mitkrb kvno">
804	<primary sortas="b-kvno">kvno</primary>
805	</indexterm>
806	</listitem>
807	</varlistentry>
808
809	<varlistentry id="sclient">
810	<term><command>sclient</command></term>
811	<listitem>
812	<para>
813	is used to contact a sample server and authenticate to it
814	using Kerberos 5 tickets, then display the server's
815	response.
816	</para>
817	<indexterm zone="mitkrb sclient">
818	<primary sortas="b-sclient">sclient</primary>
819	</indexterm>
820	</listitem>
821	</varlistentry>
822
823	<varlistentry id="sim_client">
824	<term><command>sim_client</command></term>
825	<listitem>
826	<para>
827	is a simple UDP-based sample client program, for
828	demonstration.
829	</para>
830	<indexterm zone="mitkrb sim_client">
831	<primary sortas="b-sim_client">sim_client</primary>
832	</indexterm>
833	</listitem>
834	</varlistentry>
835
836	<varlistentry id="sim_server">
837	<term><command>sim_server</command></term>
838	<listitem>
839	<para>
840	is a simple UDP-based server application, for
841	demonstration.
842	</para>
843	<indexterm zone="mitkrb sim_server">
844	<primary sortas="b-sim_server">sim_server</primary>
845	</indexterm>
846	</listitem>
847	</varlistentry>
848
849	<varlistentry id="sserver">
850	<term><command>sserver</command></term>
851	<listitem>
852	<para>
853	is the sample Kerberos 5 server.
854	</para>
855	<indexterm zone="mitkrb sserver">
856	<primary sortas="b-sserver">sserver</primary>
857	</indexterm>
858	</listitem>
859	</varlistentry>
860
861	<varlistentry id="uuclient">
862	<term><command>uuclient</command></term>
863	<listitem>
864	<para>
865	is another sample client.
866	</para>
867	<indexterm zone="mitkrb uuclient">
868	<primary sortas="b-uuclient">uuclient</primary>
869	</indexterm>
870	</listitem>
871	</varlistentry>
872
873	<varlistentry id="uuserver">
874	<term><command>uuserver</command></term>
875	<listitem>
876	<para>
877	is another sample server.
878	</para>
879	<indexterm zone="mitkrb uuserver">
880	<primary sortas="b-uuserver">uuserver</primary>
881	</indexterm>
882	</listitem>
883	</varlistentry>
884
885
886	<varlistentry id="libgssapi_krb5">
887	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
888	<listitem>
889	<para>
890	contains the Generic Security Service Application Programming
891	Interface (GSSAPI) functions which provides security services
892	to callers in a generic fashion, supportable with a range of
893	underlying mechanisms and technologies and hence allowing
894	source-level portability of applications to different
895	environments.
896	</para>
897	<indexterm zone="mitkrb libgssapi_krb5">
898	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
899	</indexterm>
900	</listitem>
901	</varlistentry>
902
903	<varlistentry id="libkadm5clnt">
904	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
905	<listitem>
906	<para>
907	contains the administrative authentication and password checking
908	functions required by Kerberos 5 client-side programs.
909	</para>
910	<indexterm zone="mitkrb libkadm5clnt">
911	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
912	</indexterm>
913	</listitem>
914	</varlistentry>
915
916	<varlistentry id="libkadm5srv">
917	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
918	<listitem>
919	<para>
920	contains the administrative authentication and password
921	checking functions required by Kerberos 5 servers.
922	</para>
923	<indexterm zone="mitkrb libkadm5srv">
924	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
925	</indexterm>
926	</listitem>
927	</varlistentry>
928
929	<varlistentry id="libkdb5">
930	<term><filename class="libraryfile">libkdb5.so</filename></term>
931	<listitem>
932	<para>
933	is a Kerberos 5 authentication/authorization database
934	access library.
935	</para>
936	<indexterm zone="mitkrb libkdb5">
937	<primary sortas="c-libkdb5">libkdb5.so</primary>
938	</indexterm>
939	</listitem>
940	</varlistentry>
941
942	<varlistentry id="libkrad">
943	<term><filename class="libraryfile">libkrad.so</filename></term>
944	<listitem>
945	<para>
946	contains the internal support library for RADIUS functionality.
947	</para>
948	<indexterm zone="mitkrb libkrad">
949	<primary sortas="c-libkrad">libkrad.so</primary>
950	</indexterm>
951	</listitem>
952	</varlistentry>
953
954	<varlistentry id="libkrb5">
955	<term><filename class="libraryfile">libkrb5.so</filename></term>
956	<listitem>
957	<para>
958	is an all-purpose <application>Kerberos 5</application> library.
959	</para>
960	<indexterm zone="mitkrb libkrb5">
961	<primary sortas="c-libkrb5">libkrb5.so</primary>
962	</indexterm>
963	</listitem>
964	</varlistentry>
965
966	</variablelist>
967
968	</sect2>
969
970	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ f22b905

Download in other formats: