Context Navigation

mitkrb.xml@ f82ac3f

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since f82ac3f was f82ac3f, checked in by Bruce Dubbs <bdubbs@…>, 11 years ago

Archive unneeded packages

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12016 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 26.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.11/krb5-&mitkrb-version;-signed.tar">
8	<!ENTITY mitkrb-download-ftp " ">
9	<!ENTITY mitkrb-md5sum "56f0ae274b285320b8a597cb89442449">
10	<!ENTITY mitkrb-size "11 MB">
11	<!ENTITY mitkrb-buildsize "178 MB (Additional 20 MB if running the testsuite)">
12	<!ENTITY mitkrb-time "1.0 SBU (additional 3.0 SBU if running the testsuite)">
13	]>
14
15	<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16	<?dbhtml filename="mitkrb.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>MIT Kerberos V5-&mitkrb-version;</title>
24
25	<indexterm zone="mitkrb">
26	<primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to MIT Kerberos V5</title>
31
32	<para>
33	<application>MIT Kerberos V5</application> is a free implementation
34	of Kerberos 5. Kerberos is a network authentication protocol. It
35	centralizes the authentication database and uses kerberized
36	applications to work with servers or services that support Kerberos
37	allowing single logins and encrypted communication over internal
38	networks or the Internet.
39	</para>
40
41	&lfs74_checked;
42
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &mitkrb-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &mitkrb-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &mitkrb-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &mitkrb-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79	<bridgehead renderas="sect4">Optional</bridgehead>
80	<para role="optional">
81	<xref linkend="dejagnu"/> (required to run the testsuite),
82	<xref linkend="keyutils"/>,
83	<xref linkend="openldap"/>,
84	<xref linkend="python2"/> (used during the testsuite) and
85	<xref linkend="rpcbind"/> (used during the testsuite)
86	</para>
87
88	<note>
89	<para>
90	Some sort of time synchronization facility on your system (like
91	<xref linkend="ntp"/>) is required since Kerberos won't authenticate
92	if there is a time difference between a kerberized client and the
93	KDC server.
94	</para>
95	</note>
96
97	<para condition="html" role="usernotes">User Notes:
98	<ulink url="&blfs-wiki;/mitkrb"/>
99	</para>
100	</sect2>
101
102	<sect2 role="installation">
103	<title>Installation of MIT Kerberos V5</title>
104
105	<para>
106	<application>MIT Kerberos V5</application> is distributed in a
107	TAR file containing a compressed TAR package and a detached PGP
108	<filename class="extension">ASC</filename> file. You'll need to unpack
109	the distribution tar file, then unpack the compressed tar file before
110	starting the build.
111	</para>
112
113	<para>
114	After unpacking the distribution tarball and if you have
115	<xref linkend="gnupg2"/> installed, you can
116	authenticate the package. First, check the contents of the file
117	<filename>krb5-&mitkrb-version;.tar.gz.asc</filename>.
118	</para>
119
120	<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
121
122	<para>You will probably see output similar to:</para>
123
124	<screen>gpg: Signature made Wed Aug 8 22:29:58 2012 GMT using RSA key ID F376813D
125	gpg: Can't check signature: public key not found</screen>
126
127	<para>
128	You can import the public key with:
129	</para>
130
131	<screen><userinput>gpg --keyserver pgp.mit.edu --recv-keys 0xF376813D</userinput></screen>
132
133	<para>
134	Now re-verify the package with the first command above. You should get a
135	indication of a good signature, but the key will still not be certified
136	with a trusted signature. Trusting the downloaded key is a separate
137	operation but it is up to you to determine the level of trust.
138	</para>
139
140	<para>
141	Build <application>MIT Kerberos V5</application> by running the
142	following commands:
143	</para>
144
145	<screen><userinput>cd src &&
146	sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \
147	-e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \
148	-i configure.in &&
149	sed -e "s@interp->result@Tcl_GetStringResult(interp)@g" \
150	-i kadmin/testing/util/tcl_kadm5.c &&
151	autoconf &&
152	./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
153	--prefix=/usr \
154	--sysconfdir=/etc \
155	--localstatedir=/var/lib \
156	--with-system-et \
157	--with-system-ss \
158	--enable-dns-for-realm &&
159	make</userinput></screen>
160
161	<para>
162	The regression test suite is designed to be run after the
163	installation has been completed.
164	</para>
165
166	<para>
167	Now, as the <systemitem class="username">root</systemitem> user:
168	</para>
169
170	<screen role="root"><userinput>make install &&
171
172	for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit kadm5srv_mit \
173	kdb5 kdb_ldap krb5 krb5support verto ; do
174	[ -e /usr/lib/lib$LIBRARY.so.. ] && chmod -v 755 /usr/lib/lib$LIBRARY.so..
175	done &&
176
177	mv -v /usr/lib/libkrb5.so.3* /lib &&
178	mv -v /usr/lib/libk5crypto.so.3* /lib &&
179	mv -v /usr/lib/libkrb5support.so.0* /lib &&
180
181	ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &&
182	ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &&
183	ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &&
184
185	mv -v /usr/bin/ksu /bin &&
186	chmod -v 755 /bin/ksu &&
187
188	install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &&
189	cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version; &&
190
191	unset LIBRARY</userinput></screen>
192
193	<para>
194	To test the installation, you must have <xref linkend="dejagnu"/>
195	installed and issue: <command>make check</command>.
196	</para>
197
198	</sect2>
199
200	<sect2 role="commands">
201	<title>Command Explanations</title>
202
203	<para>
204	<command>sed -e ...</command>: First <command>sed</command> fixes
205	<application>Python</application> detection and second one fixes
206	build with <application>Tcl</application> 8.6.
207	</para>
208
209	<para>
210	<option>--enable-dns-for-realm</option>: This switch allows
211	realms to be resolved using the DNS server.
212	</para>
213
214	<para>
215	<option>--with-system-et</option>: This switch causes the build
216	to use the system-installed versions of the error-table support
217	software.
218	</para>
219
220	<para>
221	<option>--with-system-ss</option>: This switch causes the build
222	to use the system-installed versions of the subsystem command-line
223	interface software.
224	</para>
225
226	<para>
227	<parameter>--localstatedir=/var/lib</parameter>: This parameter is
228	used so that the Kerberos variable run-time data is located in
229	<filename class="directory">/var/lib</filename> instead of
230	<filename class="directory">/usr/var</filename>.
231	</para>
232
233	<para>
234	<command>mv -v /usr/bin/ksu /bin</command>: Moves the
235	<command>ksu</command> program to the
236	<filename class="directory">/bin</filename> directory so that it is
237	available when the <filename class="directory">/usr</filename>
238	filesystem is not mounted.
239	</para>
240
241	<para>
242	<option>--with-ldap</option>: Use this switch if you want to compile
243	<application>OpenLDAP</application> database backend module.
244	</para>
245
246	</sect2>
247
248	<sect2 role="configuration">
249	<title>Configuring MIT Kerberos V5</title>
250
251	<sect3 id="krb5-config">
252	<title>Config Files</title>
253
254	<para>
255	<filename>/etc/krb5.conf</filename> and
256	<filename>/var/lib/krb5kdc/kdc.conf</filename>
257	</para>
258
259	<indexterm zone="mitkrb krb5-config">
260	<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
261	</indexterm>
262
263	<indexterm zone="mitkrb krb5-config">
264	<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
265	</indexterm>
266
267	</sect3>
268
269	<sect3>
270	<title>Configuration Information</title>
271
272	<sect4>
273	<title>Kerberos Configuration</title>
274
275	<tip>
276	<para>
277	You should consider installing some sort of password checking
278	dictionary so that you can configure the installation to only
279	accept strong passwords. A suitable dictionary to use is shown in
280	the <xref linkend="cracklib"/> instructions. Note that only one
281	file can be used, but you can concatenate many files into one. The
282	configuration file shown below assumes you have installed a
283	dictionary to <filename>/usr/share/dict/words</filename>.
284	</para>
285	</tip>
286
287	<para>
288	Create the Kerberos configuration file with the following
289	commands issued by the <systemitem class="username">root</systemitem>
290	user:
291	</para>
292
293	<screen role="root"><userinput>cat > /etc/krb5.conf << "EOF"
294	<literal># Begin /etc/krb5.conf
295
296	[libdefaults]
297	default_realm = <replaceable><LFS.ORG></replaceable>
298	encrypt = true
299
300	[realms]
301	<replaceable><LFS.ORG></replaceable> = {
302	kdc = <replaceable><belgarath.lfs.org></replaceable>
303	admin_server = <replaceable><belgarath.lfs.org></replaceable>
304	dict_file = /usr/share/dict/words
305	}
306
307	[domain_realm]
308	.<replaceable><lfs.org></replaceable> = <replaceable><LFS.ORG></replaceable>
309
310	[logging]
311	kdc = SYSLOG[:INFO[:AUTH]]
312	admin_server = SYSLOG[INFO[:AUTH]]
313	default = SYSLOG[[:SYS]]
314
315	# End /etc/krb5.conf</literal>
316	EOF</userinput></screen>
317
318	<para>
319	You will need to substitute your domain and proper hostname for the
320	occurrences of the <replaceable><belgarath></replaceable> and
321	<replaceable><lfs.org></replaceable> names.
322	</para>
323
324	<para>
325	<option>default_realm</option> should be the name of your
326	domain changed to ALL CAPS. This isn't required, but both
327	<application>Heimdal</application> and MIT recommend it.
328	</para>
329
330	<para>
331	<option>encrypt = true</option> provides encryption of all traffic
332	between kerberized clients and servers. It's not necessary and can
333	be left off. If you leave it off, you can encrypt all traffic from
334	the client to the server using a switch on the client program
335	instead.
336	</para>
337
338	<para>
339	The <option>[realms]</option> parameters tell the client programs
340	where to look for the KDC authentication services.
341	</para>
342
343	<para>
344	The <option>[domain_realm]</option> section maps a domain to a realm.
345	</para>
346
347	<para>
348	Create the KDC database:
349	</para>
350
351	<screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen>
352
353	<para>
354	Now you should populate the database with principals
355	(users). For now, just use your regular login name or
356	<systemitem class="username">root</systemitem>.
357	</para>
358
359	<screen role="root"><userinput>kadmin.local
360	<prompt>kadmin:</prompt> add_policy dict-only
361	<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen>
362
363	<para>
364	The KDC server and any machine running kerberized
365	server daemons must have a host key installed:
366	</para>
367
368	<screen role="root"><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
369
370	<para>
371	After choosing the defaults when prompted, you will have to
372	export the data to a keytab file:
373	</para>
374
375	<screen role="root"><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen>
376
377	<para>
378	This should have created a file in
379	<filename class="directory">/etc</filename> named
380	<filename>krb5.keytab</filename> (Kerberos 5). This file should
381	have 600 (<systemitem class="username">root</systemitem> rw only)
382	permissions. Keeping the keytab files from public access is crucial
383	to the overall security of the Kerberos installation.
384	</para>
385
386	<para>
387	Exit the <command>kadmin</command> program (use
388	<command>quit</command> or <command>exit</command>) and return
389	back to the shell prompt. Start the KDC daemon manually, just to
390	test out the installation:
391	</para>
392
393	<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
394
395	<para>
396	Attempt to get a ticket with the following command:
397	</para>
398
399	<screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen>
400
401	<para>
402	You will be prompted for the password you created. After you
403	get your ticket, you can list it with the following command:
404	</para>
405
406	<screen><userinput>klist</userinput></screen>
407
408	<para>
409	Information about the ticket should be displayed on the
410	screen.
411	</para>
412
413	<para>
414	To test the functionality of the keytab file, issue the
415	following command:
416	</para>
417
418	<screen><userinput>ktutil
419	<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
420	<prompt>ktutil:</prompt> l</userinput></screen>
421
422	<para>
423	This should dump a list of the host principal, along with
424	the encryption methods used to access the principal.
425	</para>
426
427	<para>
428	At this point, if everything has been successful so far, you
429	can feel fairly confident in the installation and configuration of
430	the package.
431	</para>
432
433	</sect4>
434
435	<sect4>
436	<title>Additional Information</title>
437
438	<para>
439	For additional information consult <ulink
440	url="http://web.mit.edu/kerberos/www/krb5-1.11/#documentation">
441	Documentation for krb5-&mitkrb-version;</ulink> on which the above
442	instructions are based.
443	</para>
444
445	</sect4>
446
447	</sect3>
448
449	<sect3 id="mitkrb-init">
450	<title>Init Script</title>
451
452	<para>
453	If you want to start <application>Kerberos</application> services
454	at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
455	script included in the <xref linkend="bootscripts"/> package using
456	the following command:
457	</para>
458
459	<indexterm zone="mitkrb mitkrb-init">
460	<primary sortas="f-krb5">krb5</primary>
461	</indexterm>
462
463	<screen role="root"><userinput>make install-krb5</userinput></screen>
464
465	</sect3>
466
467	</sect2>
468
469	<sect2 role="content">
470
471	<title>Contents</title>
472	<para></para>
473
474	<segmentedlist>
475	<segtitle>Installed Programs</segtitle>
476	<segtitle>Installed Libraries</segtitle>
477	<segtitle>Installed Directories</segtitle>
478
479	<seglistitem>
480	<seg>
481	gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
482	kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
483	kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr,
484	ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
485	sserver, uuclient and uuserver
486	</seg>
487	<seg>
488	libgssapi_krb5.so, libgssrpc.so, libk5crypto.so,
489	libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so,
490	libkrb5.so, libkrb5support.so, and libverto.so
491	</seg>
492	<seg>
493	/usr/include/gssapi,
494	/usr/include/gssrpc,
495	/usr/include/kadm5,
496	/usr/include/krb5,
497	/usr/lib/krb5,
498	/usr/share/doc/krb5-&mitkrb-version;,
499	/usr/share/examples/krb5 and
500	/var/lib/krb5kdc
501	</seg>
502	</seglistitem>
503	</segmentedlist>
504
505	<variablelist>
506	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
507	<?dbfo list-presentation="list"?>
508	<?dbhtml list-presentation="table"?>
509
510	<varlistentry id="k5srvutil">
511	<term><command>k5srvutil</command></term>
512	<listitem>
513	<para>
514	is a host keytable manipulation utility.
515	</para>
516	<indexterm zone="mitkrb k5srvutil">
517	<primary sortas="b-k5srvutil">k5srvutil</primary>
518	</indexterm>
519	</listitem>
520	</varlistentry>
521
522	<varlistentry id="kadmin">
523	<term><command>kadmin</command></term>
524	<listitem>
525	<para>
526	is an utility used to make modifications
527	to the Kerberos database.
528	</para>
529	<indexterm zone="mitkrb kadmin">
530	<primary sortas="b-kadmin">kadmin</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="kadmind">
536	<term><command>kadmind</command></term>
537	<listitem>
538	<para>
539	is a server for administrative access
540	to a Kerberos database.
541	</para>
542	<indexterm zone="mitkrb kadmind">
543	<primary sortas="b-kadmind">kadmind</primary>
544	</indexterm>
545	</listitem>
546	</varlistentry>
547
548	<varlistentry id="kdb5_util">
549	<term><command>kdb5_util</command></term>
550	<listitem>
551	<para>
552	is the KDC database utility.
553	</para>
554	<indexterm zone="mitkrb kdb5_util">
555	<primary sortas="b-kdb5_util">kdb5_util</primary>
556	</indexterm>
557	</listitem>
558	</varlistentry>
559
560	<varlistentry id="kdestroy">
561	<term><command>kdestroy</command></term>
562	<listitem>
563	<para>
564	removes the current set of tickets.
565	</para>
566	<indexterm zone="mitkrb kdestroy">
567	<primary sortas="b-kdestroy">kdestroy</primary>
568	</indexterm>
569	</listitem>
570	</varlistentry>
571
572	<varlistentry id="kinit">
573	<term><command>kinit</command></term>
574	<listitem>
575	<para>
576	is used to authenticate to the Kerberos server as a
577	principal and acquire a ticket granting ticket that can
578	later be used to obtain tickets for other services.
579	</para>
580	<indexterm zone="mitkrb kinit">
581	<primary sortas="b-kinit">kinit</primary>
582	</indexterm>
583	</listitem>
584	</varlistentry>
585
586	<varlistentry id="klist">
587	<term><command>klist</command></term>
588	<listitem>
589	<para>
590	reads and displays the current tickets in
591	the credential cache.
592	</para>
593	<indexterm zone="mitkrb klist">
594	<primary sortas="b-klist">klist</primary>
595	</indexterm>
596	</listitem>
597	</varlistentry>
598
599	<varlistentry id="kpasswd">
600	<term><command>kpasswd</command></term>
601	<listitem>
602	<para>
603	is a program for changing Kerberos 5 passwords.
604	</para>
605	<indexterm zone="mitkrb kpasswd">
606	<primary sortas="b-kpasswd">kpasswd</primary>
607	</indexterm>
608	</listitem>
609	</varlistentry>
610
611	<varlistentry id="kprop">
612	<term><command>kprop</command></term>
613	<listitem>
614	<para>
615	takes a principal database in a specified format and
616	converts it into a stream of database records.
617	</para>
618	<indexterm zone="mitkrb kprop">
619	<primary sortas="b-kprop">kprop</primary>
620	</indexterm>
621	</listitem>
622	</varlistentry>
623
624	<varlistentry id="kpropd">
625	<term><command>kpropd</command></term>
626	<listitem>
627	<para>
628	receives a database sent by <command>kprop</command>
629	and writes it as a local database.
630	</para>
631	<indexterm zone="mitkrb kpropd">
632	<primary sortas="b-kpropd">kpropd</primary>
633	</indexterm>
634	</listitem>
635	</varlistentry>
636
637	<varlistentry id="krb5-config-prog2">
638	<term><command>krb5-config</command></term>
639	<listitem>
640	<para>
641	gives information on how to link programs against
642	libraries.
643	</para>
644	<indexterm zone="mitkrb krb5-config-prog2">
645	<primary sortas="b-krb5-config">krb5-config</primary>
646	</indexterm>
647	</listitem>
648	</varlistentry>
649
650	<varlistentry id="krb5kdc">
651	<term><command>krb5kdc</command></term>
652	<listitem>
653	<para>
654	is the <application>Kerberos 5</application> server.
655	</para>
656	<indexterm zone="mitkrb krb5kdc">
657	<primary sortas="b-krb5kdc">krb5kdc</primary>
658	</indexterm>
659	</listitem>
660	</varlistentry>
661
662	<varlistentry id="ksu">
663	<term><command>ksu</command></term>
664	<listitem>
665	<para>
666	is the super user program using Kerberos protocol.
667	Requires a properly configured
668	<filename>/etc/shells</filename> and
669	<filename>~/.k5login</filename> containing principals
670	authorized to become super users.
671	</para>
672	<indexterm zone="mitkrb ksu">
673	<primary sortas="b-ksu">ksu</primary>
674	</indexterm>
675	</listitem>
676	</varlistentry>
677
678	<varlistentry id="kswitch">
679	<term><command>kswitch</command></term>
680	<listitem>
681	<para>
682	makes the specified credential cache the
683	primary cache for the collection, if a cache
684	collection is available.
685	</para>
686	<indexterm zone="mitkrb kswitch">
687	<primary sortas="b-kswitch">kswitch</primary>
688	</indexterm>
689	</listitem>
690	</varlistentry>
691
692	<varlistentry id="ktutil">
693	<term><command>ktutil</command></term>
694	<listitem>
695	<para>
696	is a program for managing Kerberos keytabs.
697	</para>
698	<indexterm zone="mitkrb ktutil">
699	<primary sortas="b-ktutil">ktutil</primary>
700	</indexterm>
701	</listitem>
702	</varlistentry>
703
704	<varlistentry id="kvno">
705	<term><command>kvno</command></term>
706	<listitem>
707	<para>
708	prints keyversion numbers of Kerberos principals.
709	</para>
710	<indexterm zone="mitkrb kvno">
711	<primary sortas="b-kvno">kvno</primary>
712	</indexterm>
713	</listitem>
714	</varlistentry>
715
716	<varlistentry id="sclient">
717	<term><command>sclient</command></term>
718	<listitem>
719	<para>
720	used to contact a sample server and authenticate to it
721	using Kerberos 5 tickets, then display the server's
722	response.
723	</para>
724	<indexterm zone="mitkrb sclient">
725	<primary sortas="b-sclient">sclient</primary>
726	</indexterm>
727	</listitem>
728	</varlistentry>
729
730	<varlistentry id="sserver">
731	<term><command>sserver</command></term>
732	<listitem>
733	<para>
734	is the sample Kerberos 5 server.
735	</para>
736	<indexterm zone="mitkrb sserver">
737	<primary sortas="b-sserver">sserver</primary>
738	</indexterm>
739	</listitem>
740	</varlistentry>
741
742	<varlistentry id="libgssapi_krb5">
743	<term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
744	<listitem>
745	<para>
746	contain the Generic Security Service Application Programming
747	Interface (GSSAPI) functions which provides security services
748	to callers in a generic fashion, supportable with a range of
749	underlying mechanisms and technologies and hence allowing
750	source-level portability of applications to different
751	environments.
752	</para>
753	<indexterm zone="mitkrb libgssapi_krb5">
754	<primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
755	</indexterm>
756	</listitem>
757	</varlistentry>
758
759	<varlistentry id="libkadm5clnt">
760	<term><filename class="libraryfile">libkadm5clnt.so</filename></term>
761	<listitem>
762	<para>
763	contains the administrative authentication and password checking
764	functions required by Kerberos 5 client-side programs.
765	</para>
766	<indexterm zone="mitkrb libkadm5clnt">
767	<primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
768	</indexterm>
769	</listitem>
770	</varlistentry>
771
772	<varlistentry id="libkadm5srv">
773	<term><filename class="libraryfile">libkadm5srv.so</filename></term>
774	<listitem>
775	<para>
776	contain the administrative authentication and password
777	checking functions required by Kerberos 5 servers.
778	</para>
779	<indexterm zone="mitkrb libkadm5srv">
780	<primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
781	</indexterm>
782	</listitem>
783	</varlistentry>
784
785	<varlistentry id="libkdb5">
786	<term><filename class="libraryfile">libkdb5.so</filename></term>
787	<listitem>
788	<para>
789	is a Kerberos 5 authentication/authorization database
790	access library.
791	</para>
792	<indexterm zone="mitkrb libkdb5">
793	<primary sortas="c-libkdb5">libkdb5.so</primary>
794	</indexterm>
795	</listitem>
796	</varlistentry>
797
798	<varlistentry id="libkrb5">
799	<term><filename class="libraryfile">libkrb5.so</filename></term>
800	<listitem>
801	<para>
802	is an all-purpose <application>Kerberos 5</application> library.
803	</para>
804	<indexterm zone="mitkrb libkrb5">
805	<primary sortas="c-libkrb5">libkrb5.so</primary>
806	</indexterm>
807	</listitem>
808	</varlistentry>
809
810	</variablelist>
811
812	</sect2>
813
814	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/mitkrb.xml@ f82ac3f

Download in other formats: